TechSpot

Win64/Patched.A (service.exe) virus detected by AVG

Solved
By Fritsje15
Nov 15, 2012
Topic Status:
Not open for further replies.
  1. Good afthernoon,

    My name is Marcel and I am a student from the Netherlands.
    Since 13th november my computer was infected with the Win64/Patched.A virus. Read 2 threads for the possible solution but there has been said there that the explanation in those threads are only for those situations. Try it for your on with no computer knowledge and your computer may be seriously damaged.
    That is the reason I'm starting my own thread to ask for help because I need the computer for school (Studying technical engineering of built envirnoment).

    With reading the two threads witch where started by d3tached and fmirza I've got the first information for you at hand. Started to sercure my personal file's and afther that scanning with Malware Bytes, Gmer and DDS.

    Here are the log files.
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bobbie :: BOBBIE-PC [administrator]

    Protection: Disabled

    15-11-2012 13:34:17
    mbam-log-2012-11-15 (13-34-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247319
    Time elapsed: 4 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
    --------------------------------------------------------------------------------------------------------------------------
    Note from the "Files Detected". Run the program quick scan at least twice and these 3 file are always coming back. This is the second Log file. (mostly rust scans twice to insure the program works.)
    ---------------------------------------------------------------------------------------------------------------------------
    No log file from the Gmer program
    ---------------------------------------------------------------------------------------------------------------------------
    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.6.2
    Run by Bobbie at 12:37:26 on 2012-11-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1043.18.4092.2513 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [Google Update] "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S19A4.tmp" /EF "HKCU"
    uRun: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIBUE.EXE /FU "C:\Windows\TEMP\E_S7804.tmp" /EF "HKCU"
    uRun: [Akamai NetSession Interface] "C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    StartupFolder: C:\Users\Bobbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Bobbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - C:\Users\Bobbie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.32.1
    TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE} : DHCPNameServer = 192.168.32.1
    TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\3585535313347334632403 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
    TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\8616E6A756 : DHCPNameServer = 145.33.5.165 145.33.5.166
    TCP: Interfaces\{24264722-2EE6-41EB-ADC1-95D26255B7AE}\D49627A616D60256E60225F6C616E646 : DHCPNameServer = 212.54.35.25 212.54.40.25
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\u8p2hyd8.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={087238DB-E44C-4040-921D-3E5C71385097}&mid=985e720d24c239c398504d9d25a6a478-325164ceb524dd749c1d68696f99f8bc13c102b7&lang=nl&ds=AVG&pr=fr&d=2011-11-06 12:46:40&v=12.2.5.32&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Bobbie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 30568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-30 283200]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-3-23 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-15 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-15 676936]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-11 46136]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-27 227896]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-15 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-23 215040]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-23 36408]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S2 SZASSIST;SecretZone Assist Service;"C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe" --> C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-14 947528]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-22 1436424]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-21 140712]
    S3 leafnets;Leaf Networks Adapter;C:\Windows\System32\drivers\leafnets.sys [2011-5-26 29696]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-11-15 10:32:39 -------- d-----w- C:\Users\Bobbie\AppData\Roaming\Malwarebytes
    2012-11-15 10:32:21 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-15 10:32:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-15 10:32:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-11 15:05:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-11-11 14:59:01 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-11-11 14:58:37 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
    2012-11-08 11:38:42 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-08 11:35:57 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-11-08 11:35:57 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-11-08 11:35:41 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-07 15:50:00 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-11-07 15:50:00 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-11-07 15:50:00 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-11-07 15:50:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-11-07 15:50:00 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-11-07 15:50:00 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-11-07 15:49:53 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-11-07 15:49:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-10-27 21:36:46 -------- d-----w- C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
    2012-10-27 21:36:44 -------- d-----w- C:\Users\Bobbie\AppData\Roaming\Ubisoft
    2012-10-27 21:35:19 -------- d-----w- C:\offlineserver-v0.2
    2012-10-17 12:05:42 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
    2012-10-17 12:04:23 -------- d--h--w- C:\Users\Bobbie\InstallAnywhere
    2012-10-17 11:53:24 -------- d-----w- C:\Program Files (x86)\GRAPHISOFT
    .
    ==================== Find3M ====================
    .
    2012-11-08 12:43:57 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-08 11:38:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-12 18:55:35 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-10-12 18:55:33 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-28 11:08:36 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-28 11:08:33 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-28 11:08:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 13:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 12:37:37,97 ===============

    And the last log. a file called "attach"

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24-4-2010 15:48:31
    System Uptime: 15-11-2012 11:54:25 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3639
    Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 151,801 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2,312 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0,095 GiB free.
    F: is CDROM ()
    H: is CDROM (CDFS)
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Aangifte inkomstenbelasting 2011
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.4.5 MUI
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD APP SDK Runtime
    AMD Fuel
    AMD Media Foundation Decoders
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArchiCAD 15 R1 NED
    ArchiCAD 16 NED
    Artlantis Studio 4.1
    Assassin's Creed Brotherhood
    Assassin's Creed II
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    µTorrent
    AutoCAD Architecture 2011 - English
    AutoCAD Architecture 2011 Language Pack - English
    Autodesk Design Review 2013
    Autodesk Design Review Browser Add-on v1.2
    Autodesk Material Library 2011
    Autodesk Material Library 2011 Base Image library
    Autodesk Material Library 2011 Medium Image library
    Autodesk Revit Architecture 2011 x64
    Autodesk Revit Architecture 2011 x64 Update 1
    AVG 2012
    AVG Security Toolbar
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help English
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    CutePDF Writer 2.8
    CyberLink DVD Suite
    DAEMON Tools Lite
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    ENE CIR Receiver Driver
    EPSON-printersoftware
    Epson Easy Photo Print 2
    EPSON Scan
    Epson Stylus SX210_SX410_TX210_TX410 Handboek
    EPSON SX410 Series Printer Uninstall
    FARO LS 1.1.406.58
    Free Audio CD Burner version 1.4
    Free YouTube to MP3 Converter version 3.9
    Google Chrome
    Google SketchUp 8.0 to ATL4 Exporter
    Google SketchUp Pro 8
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart Webcam
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0153
    HP Wireless Assistant
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    IDT Audio
    IrfanView (remove only)
    iTunes
    Java 7 Update 6
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) 6 Update 30
    Java(TM) SE Development Kit 6 Update 15 (64-bit)
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    LimeWire 5.5.8
    Magic Desktop
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware versie 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office PowerPoint Viewer 2007 (Dutch)
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 x64 English
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mirror's Edge™
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 16.0.2 (x86 nl)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MusicStation
    NVIDIA PhysX
    PDF Settings
    PES 2013
    Picasa 3
    Power2Go
    PowerDirector
    Premiumplay Codec-C
    PunkBuster Services
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    SimCity 4 Deluxe
    Skype Click to Call
    Skype™ 5.10
    SpeedFan (remove only)
    Spotify
    Synaptics Pointing Device Driver
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Test Drive Unlimited 2
    Ubisoft Game Launcher
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Writer
    Windows Media Player Firefox Plugin
    Windows Mobile-hulpbronnen
    Windows Mobile Apparaatcentrum
    Windows Mobile Device Center Driver Update
    WinRAR
    .
    ==== End Of File ===========================
    I will do anything necessarily to get this virus of my computer.
    And at last, Thank you in advance for all the help you will give me.

    Greeting from Holland.
  2. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    With reading the steps in various threads I have found out the following:

    Two log files from the Farbar Recovery Scan tool:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
    Ran by SYSTEM at 15-11-2012 14:59:52
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-11-27] (Sun Microsystems, Inc.)
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [294912 2010-10-28] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-02-01] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-29] ()
    HKU\bob\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
    HKU\bob\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
    HKU\Bobbie\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
    HKU\Bobbie\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
    HKU\Bobbie\...\Run: [Google Update] "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-04-25] (Google Inc.)
    HKU\Bobbie\...\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S19A4.tmp" /EF "HKCU" [223232 2008-10-01] (SEIKO EPSON CORPORATION)
    HKU\Bobbie\...\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBUE.EXE /FU "C:\Windows\TEMP\E_S7804.tmp" /EF "HKCU" [139264 2006-07-03] (SEIKO EPSON CORPORATION)
    HKU\Bobbie\...\Run: [Akamai NetSession Interface] "C:\Users\Bobbie\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Bobbie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\Bobbie\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\Bobbie\...\Policies\system: [DisableLockWorkstation] 0
    HKU\Bobbie\...\Policies\system: [DisableChangePassword] 0
    Tcpip\Parameters: [DhcpNameServer] 192.168.32.1

    ==================== Services (Whitelisted) ===================

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)
    3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1539224 2008-06-12] (Autodesk, Inc.)
    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-17] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-10-12] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
    2 SZASSIST; "C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-30] (DT Soft Ltd)
    3 leafnets; C:\Windows\System32\Drivers\leafnets.sys [29696 2011-05-26] (Leaf Networks)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-04-27] (Duplex Secure Ltd.)
    3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [x]
    3 mdf16; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]
    3 mvd22; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]
    3 WPRO_41_1742; C:\Windows\System32\drivers\WPRO_41_1742.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-15 14:59 - 2012-11-15 14:59 - 00000000 ____D C:\FRST
    2012-11-15 04:33 - 2012-11-15 04:33 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-15 04:33 - 2012-11-15 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-15 04:33 - 2012-09-29 10:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-15 03:34 - 2012-11-15 03:37 - 00027942 ____A C:\Users\Bobbie\Desktop\dds.txt
    2012-11-15 03:34 - 2012-11-15 03:37 - 00011988 ____A C:\Users\Bobbie\Desktop\attach.txt
    2012-11-15 03:33 - 2012-11-15 03:33 - 00688901 ____R (Swearware) C:\Users\Bobbie\Desktop\dds.com
    2012-11-15 02:58 - 2012-11-15 02:58 - 00302592 ____A C:\Users\Bobbie\Desktop\ndjz3z85.exe
    2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Malwarebytes
    2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-15 02:25 - 2012-11-15 02:26 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Bobbie\Desktop\mbam-setup-1.65.1.1000.exe
    2012-11-14 05:46 - 2012-11-14 05:46 - 00007680 __ASH C:\Users\Bobbie\Documents\Thumbs.db
    2012-11-11 07:05 - 2012-11-11 07:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-11-11 06:58 - 2012-11-11 06:58 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-08 03:38 - 2012-11-08 03:38 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-08 03:38 - 2012-11-08 03:38 - 00000000 ____D C:\Windows\System32\Macromed
    2012-11-08 03:35 - 2012-11-08 03:35 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-11-08 03:35 - 2012-11-08 03:35 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-11-08 03:35 - 2012-11-08 03:35 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-11-08 03:35 - 2012-11-08 03:35 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-08 03:29 - 2012-11-08 03:29 - 00027520 ____A C:\Users\Bobbie\AppData\Local\dt.dat
    2012-10-28 13:05 - 2012-10-29 04:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-27 13:36 - 2012-10-27 13:37 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
    2012-10-27 13:36 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Ubisoft
    2012-10-27 13:35 - 2012-10-27 13:35 - 00000000 ____D C:\offlineserver-v0.2
    2012-10-27 12:41 - 2012-10-27 12:41 - 00605417 ____A C:\acadminidump.dmp
    2012-10-27 12:41 - 2012-10-27 12:41 - 00000000 ____A C:\Users\Bobbie\Documents\acad.err
    2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-10-17 04:09 - 2012-10-17 04:09 - 00000000 ____D C:\Users\Bobbie\Documents\BIMx
    2012-10-17 04:05 - 2012-10-17 04:05 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
    2012-10-17 04:04 - 2012-10-17 04:04 - 00000000 ___HD C:\Users\Bobbie\InstallAnywhere
    2012-10-17 03:53 - 2012-10-17 03:53 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT

    ==================== One Month Modified Files and Folders =======

    2012-11-15 14:59 - 2012-11-15 14:59 - 00000000 ____D C:\FRST
    2012-11-15 14:34 - 2010-06-08 11:09 - 00000000 ____D C:\Users\All Users\Recovery
    2012-11-15 05:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-15 05:44 - 2009-07-13 20:51 - 00156073 ____A C:\Windows\setupact.log
    2012-11-15 04:57 - 2010-04-25 02:34 - 00001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001UA.job
    2012-11-15 04:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-15 04:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-15 04:45 - 2009-11-27 21:38 - 00748032 ____A C:\Windows\System32\perfh013.dat
    2012-11-15 04:45 - 2009-11-27 21:38 - 00156924 ____A C:\Windows\System32\perfc013.dat
    2012-11-15 04:45 - 2009-07-13 21:13 - 01663802 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-15 04:44 - 2010-10-13 01:20 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Dropbox
    2012-11-15 04:43 - 2012-09-13 00:33 - 00000000 ___RD C:\Users\Bobbie\Dropbox
    2012-11-15 04:41 - 2010-03-22 16:22 - 00245242 ____A C:\Windows\PFRO.log
    2012-11-15 04:33 - 2012-11-15 04:33 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-15 04:33 - 2012-11-15 04:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-15 04:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-11-15 03:37 - 2012-11-15 03:34 - 00027942 ____A C:\Users\Bobbie\Desktop\dds.txt
    2012-11-15 03:37 - 2012-11-15 03:34 - 00011988 ____A C:\Users\Bobbie\Desktop\attach.txt
    2012-11-15 03:33 - 2012-11-15 03:33 - 00688901 ____R (Swearware) C:\Users\Bobbie\Desktop\dds.com
    2012-11-15 02:58 - 2012-11-15 02:58 - 00302592 ____A C:\Users\Bobbie\Desktop\ndjz3z85.exe
    2012-11-15 02:44 - 2010-04-24 05:48 - 00000000 ____D C:\users\Bobbie
    2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Malwarebytes
    2012-11-15 02:32 - 2012-11-15 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-15 02:26 - 2012-11-15 02:25 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Bobbie\Desktop\mbam-setup-1.65.1.1000.exe
    2012-11-15 02:23 - 2010-11-14 03:09 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-11-15 02:23 - 2010-11-14 02:34 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-14 06:04 - 2011-08-11 11:08 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\dvdcss
    2012-11-14 05:57 - 2010-04-25 02:34 - 00001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001Core.job
    2012-11-14 05:46 - 2012-11-14 05:46 - 00007680 __ASH C:\Users\Bobbie\Documents\Thumbs.db
    2012-11-14 05:00 - 2010-08-10 05:41 - 00000000 __RSD C:\Users\Bobbie\Documents\My Stationery
    2012-11-14 04:58 - 2010-10-13 01:22 - 00000000 ___RD C:\Users\Bobbie\Documents\My Dropbox
    2012-11-14 04:46 - 2012-04-14 12:04 - 00000000 ____D C:\Users\Bobbie\Documents\BACKUP groene usb
    2012-11-14 03:50 - 2012-05-09 02:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-11-14 03:48 - 2012-01-23 01:46 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\uTorrent
    2012-11-13 16:14 - 2012-09-04 12:14 - 00000000 ____D C:\Users\Bobbie\Documents\SimCity 4
    2012-11-13 01:22 - 2010-04-26 08:56 - 00000000 ____D C:\Users\Bobbie\AppData\Local\CrashDumps
    2012-11-13 01:17 - 2010-03-22 16:20 - 01248662 ____A C:\Windows\WindowsUpdate.log
    2012-11-11 07:05 - 2012-11-11 07:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-11-11 06:58 - 2012-11-11 06:58 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-08 04:44 - 2011-12-07 11:21 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-08 04:44 - 2011-11-06 03:46 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-11-08 04:43 - 2012-08-29 05:12 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-08 03:41 - 2009-11-27 14:02 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-08 03:38 - 2012-11-08 03:38 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-08 03:38 - 2012-11-08 03:38 - 00000000 ____D C:\Windows\System32\Macromed
    2012-11-08 03:38 - 2011-08-03 05:16 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-08 03:35 - 2012-11-08 03:35 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-11-08 03:35 - 2012-11-08 03:35 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-11-08 03:35 - 2012-11-08 03:35 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-11-08 03:35 - 2012-11-08 03:35 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-08 03:35 - 2009-11-27 15:02 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-11-08 03:35 - 2009-11-27 15:02 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-11-08 03:29 - 2012-11-08 03:29 - 00027520 ____A C:\Users\Bobbie\AppData\Local\dt.dat
    2012-11-07 10:48 - 2012-03-08 05:12 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForBOBBIE-PC$.job
    2012-11-05 12:33 - 2010-10-18 03:07 - 00000000 ____D C:\Users\Bobbie\AppData\Local\CutePDF Writer
    2012-11-01 06:58 - 2010-04-26 08:59 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-30 02:10 - 2012-02-22 01:57 - 00000000 ____D C:\Users\All Users\Skype
    2012-10-29 04:04 - 2012-10-28 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-28 06:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-10-27 13:37 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Ubisoft Game Launcher
    2012-10-27 13:36 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Ubisoft
    2012-10-27 13:36 - 2012-10-12 10:58 - 00000000 ____D C:\Users\All Users\Ubisoft
    2012-10-27 13:35 - 2012-10-27 13:35 - 00000000 ____D C:\offlineserver-v0.2
    2012-10-27 13:26 - 2010-04-24 06:55 - 00465268 ____A C:\Windows\DirectX.log
    2012-10-27 13:17 - 2012-10-12 10:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
    2012-10-27 13:17 - 2009-11-27 12:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-10-27 12:47 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\Graphisoft
    2012-10-27 12:41 - 2012-10-27 12:41 - 00605417 ____A C:\acadminidump.dmp
    2012-10-27 12:41 - 2012-10-27 12:41 - 00000000 ____A C:\Users\Bobbie\Documents\acad.err
    2012-10-24 03:19 - 2012-04-04 10:42 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Akamai
    2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-10-17 10:22 - 2012-10-17 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-10-17 04:10 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\AppData\Local\Graphisoft
    2012-10-17 04:09 - 2012-10-17 04:09 - 00000000 ____D C:\Users\Bobbie\Documents\BIMx
    2012-10-17 04:08 - 2011-10-02 03:26 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Graphisoft
    2012-10-17 04:05 - 2012-10-17 04:05 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
    2012-10-17 04:04 - 2012-10-17 04:04 - 00000000 ___HD C:\Users\Bobbie\InstallAnywhere
    2012-10-17 03:53 - 2012-10-17 03:53 - 00000000 ____D C:\Program Files (x86)\GRAPHISOFT
    2012-10-17 03:53 - 2012-07-04 00:46 - 00000000 ____D C:\Program Files\Graphisoft
    2012-10-17 03:53 - 2011-10-02 03:18 - 00014882 ____A C:\Windows\vpd.properties
    2012-10-17 03:53 - 2011-10-02 03:07 - 00000000 ____D C:\Users\Bobbie\AppData\Roaming\Install.GS
    2012-10-16 21:28 - 2010-07-27 05:26 - 00000000 ____D C:\users\bob
    2012-10-16 21:28 - 2010-03-23 01:08 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-10-16 21:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-10-16 21:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat


    ZeroAccess:
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\00000004.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\201d3dde
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\L\55490ac4
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000004.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000000.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@
    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-15 04:22:20

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 4092.2 MB
    Available physical RAM: 3369.95 MB
    Total Pagefile: 4090.35 MB
    Available Pagefile: 3361.59 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:283.82 GB) (Free:151.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.97 GB) (Free:2.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    6 Drive I: () (Removable) (Total:14.92 GB) (Free:14.91 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 283 GB 200 MB
    Partition 3 Primary 13 GB 284 GB
    Partition 4 Primary 103 MB 297 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 283 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 26 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 14 GB Healthy

    =========================================================

    Last Boot: 2012-11-15 04:15

    ==================== End Of Log =============================


    Farbar Recovery Scan Tool (x64) Version: 12-11-2012
    Ran by SYSTEM at 2012-11-15 15:01:56
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  4. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    Done the test, here are the results.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
    Ran by SYSTEM at 2012-11-15 19:52:43 Run:1
    Running from I:\

    ==============================================

    C:\Windows\Installer\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  6. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    Allright I will do these steps If they get the virus of the computer. Thank you so much for helping me already this much. I don't know how I can thank you more.
    A question outside of the virus. What does all the programs do ? besides from reading my computer files and testing which is a good or bad file. Could you explane what Combo Fix does ?

    Great thanks, Fritsje15
  7. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    ComboFix 12-11-16.02 - Bobbie 16-11-2012 20:36:57.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1043.18.4092.2746 [GMT 1:00]
    Running from: c:\users\Bobbie\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-16 19:09 . 2012-11-16 19:09 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2012-11-15 22:59 . 2012-11-15 22:59 -------- d-----w- C:\FRST
    2012-11-15 16:52 . 2012-11-15 16:52 388096 ----a-r- c:\users\Bobbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-11-15 16:52 . 2012-11-15 16:52 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-11-15 12:33 . 2012-11-15 12:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-15 12:33 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-15 10:32 . 2012-11-15 10:32 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Malwarebytes
    2012-11-15 10:32 . 2012-11-15 10:32 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-11 15:05 . 2012-11-11 15:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-11-11 14:59 . 2012-11-11 14:59 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-11-11 14:58 . 2012-11-11 14:58 -------- d-----w- c:\program files (x86)\Mega Codec Pack
    2012-11-08 11:38 . 2012-11-08 11:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-08 11:38 . 2012-11-08 11:38 -------- d-----w- c:\windows\system32\Macromed
    2012-11-08 11:35 . 2012-11-08 11:35 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-11-08 11:35 . 2012-11-08 11:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-08 11:35 . 2012-11-08 11:35 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-08 11:35 . 2012-11-08 11:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-11-07 15:50 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-11-07 15:50 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-11-07 15:50 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-11-07 15:50 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-11-07 15:50 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-11-07 15:50 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-11-07 15:49 . 2012-11-07 15:49 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-11-07 15:49 . 2012-11-07 15:49 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-10-27 21:36 . 2012-10-27 21:37 -------- d-----w- c:\users\Bobbie\AppData\Local\Ubisoft Game Launcher
    2012-10-27 21:36 . 2012-10-27 21:36 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Ubisoft
    2012-10-27 21:35 . 2012-10-27 21:35 -------- d-----w- C:\offlineserver-v0.2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-08 12:43 . 2012-08-29 13:12 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-11-08 11:38 . 2011-08-03 13:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-08 11:35 . 2009-11-27 23:02 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-11-08 11:35 . 2009-11-27 23:02 188904 ----a-w- c:\windows\system32\java.exe
    2012-10-12 18:55 . 2012-10-12 18:55 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-10-12 18:55 . 2012-10-12 18:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-10-12 08:41 . 2010-04-26 18:51 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-14 19:19 . 2012-10-10 10:18 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 10:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-08-31 18:19 . 2012-10-10 09:57 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 09:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 09:57 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 09:57 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-08-28 11:08 . 2012-08-28 11:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-08-28 11:08 . 2012-08-28 11:09 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-28 11:08 . 2010-04-26 15:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-24 18:05 . 2012-10-10 09:56 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-10 09:56 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-08-24 11:15 . 2012-09-24 08:21 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-24 08:21 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-24 08:21 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-24 08:21 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-24 08:21 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-24 08:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-24 08:21 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-24 08:21 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-24 08:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-24 08:21 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-24 08:21 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-24 08:21 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-24 08:21 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-24 08:21 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-24 08:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-24 08:21 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-24 08:21 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-24 08:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-24 08:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-24 08:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-24 08:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-24 08:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 07:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 07:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 07:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 07:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-26 07:05 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 18:48 . 2012-10-10 10:18 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-08-20 18:48 . 2012-10-10 10:18 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-08-20 18:48 . 2012-10-10 10:18 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-08-20 18:48 . 2012-10-10 10:18 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 18:48 . 2012-10-10 10:18 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-08-20 18:48 . 2012-10-10 10:18 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 18:48 . 2012-10-10 10:18 1162240 ----a-w- c:\windows\system32\kernel32.dll
    2012-08-20 18:46 . 2012-10-10 10:18 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 18:38 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 17:40 . 2012-10-10 10:18 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38 . 2012-10-10 10:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-20 17:38 . 2012-10-10 10:18 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2012-08-20 17:37 . 2012-10-10 10:18 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-08-20 17:37 . 2012-10-10 10:18 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 12:43 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
    2012-07-09 16:46 351136 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-11-11 14:59 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    "Akamai NetSession Interface"="c:\users\Bobbie\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
    .
    c:\users\Bobbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Bobbie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-19 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-04-27 867064]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 SZASSIST;SecretZone Assist Service;c:\program files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-22 1436424]
    R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
    R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2011-05-26 29696]
    R3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]
    R3 mvd22;mvd22;c:\program files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
    R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-30 283200]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001Core.job
    - c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 10:34]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3004932586-2938293743-1826765973-1001UA.job
    - c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 10:34]
    .
    2012-11-07 c:\windows\Tasks\HPCeeScheduleForBOBBIE-PC$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
    .
    2012-11-16 c:\windows\Tasks\HPCeeScheduleForBobbie.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Bobbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 171520]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\users\Bobbie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: {{25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    Trusted Zone: hanze.nl\.*
    TCP: DhcpNameServer = 192.168.32.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\u8p2hyd8.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={087238DB-E44C-4040-921D-3E5C71385097}&mid=985e720d24c239c398504d9d25a6a478-325164ceb524dd749c1d68696f99f8bc13c102b7&lang=nl&ds=AVG&pr=fr&d=2011-11-06 12:46&v=12.2.5.32&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Abvent_Skp8toATL3 - c:\program files (x86)\Google\Google SketchUp 8\Exporters\uninstall__Skp8_to_ATL4.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3004932586-2938293743-1826765973-1001\Software\SecuROM\License information*]
    "datasecu"=hex:b4,84,97,ea,d5,db,9f,49,18,c8,d7,7a,6e,15,bb,86,f0,56,c2,1f,fe,
    b4,9f,e5,0d,9d,72,8e,40,27,7a,34,97,48,1f,c3,e3,78,ed,c2,9d,e0,83,12,be,af,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-16 21:00:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-16 20:00
    .
    Pre-Run: 176.582.541.312 bytes beschikbaar
    Post-Run: 177.515.569.152 bytes beschikbaar
    .
    - - End Of File - - 67800331EA52E5DE0C6B78FB997BE1E7
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It is a private tool that scans for malware..that's all I'm allowed to say.

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  9. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    18:27:02.0541 5212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    18:27:03.0275 5212 ============================================================
    18:27:03.0275 5212 Current date / time: 2012/11/17 18:27:03.0275
    18:27:03.0275 5212 SystemInfo:
    18:27:03.0275 5212
    18:27:03.0275 5212 OS Version: 6.1.7601 ServicePack: 1.0
    18:27:03.0275 5212 Product type: Workstation
    18:27:03.0275 5212 ComputerName: BOBBIE-PC
    18:27:03.0290 5212 UserName: Bobbie
    18:27:03.0290 5212 Windows directory: C:\Windows
    18:27:03.0290 5212 System windows directory: C:\Windows
    18:27:03.0290 5212 Running under WOW64
    18:27:03.0290 5212 Processor architecture: Intel x64
    18:27:03.0290 5212 Number of processors: 2
    18:27:03.0290 5212 Page size: 0x1000
    18:27:03.0290 5212 Boot type: Normal boot
    18:27:03.0290 5212 ============================================================
    18:27:06.0192 5212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:27:06.0207 5212 Drive \Device\Harddisk1\DR1 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:27:06.0207 5212 ============================================================
    18:27:06.0207 5212 \Device\Harddisk0\DR0:
    18:27:06.0270 5212 MBR partitions:
    18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x237A5000
    18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23809000, BlocksNum 0x1BF1800
    18:27:06.0270 5212 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    18:27:06.0270 5212 \Device\Harddisk1\DR1:
    18:27:06.0270 5212 MBR partitions:
    18:27:06.0270 5212 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
    18:27:06.0270 5212 ============================================================
    18:27:07.0206 5212 C: <-> \Device\Harddisk0\DR0\Partition2
    18:27:07.0268 5212 D: <-> \Device\Harddisk0\DR0\Partition3
    18:27:07.0284 5212 E: <-> \Device\Harddisk0\DR0\Partition4
    18:27:07.0284 5212 ============================================================
    18:27:07.0284 5212 Initialize success
    18:27:07.0284 5212 ============================================================
    18:28:08.0108 5188 ============================================================
    18:28:08.0108 5188 Scan started
    18:28:08.0108 5188 Mode: Manual; SigCheck; TDLFS;
    18:28:08.0108 5188 ============================================================
    18:28:16.0064 5188 ================ Scan system memory ========================
    18:28:16.0064 5188 System memory - ok
    18:28:16.0064 5188 ================ Scan services =============================
    18:28:16.0314 5188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:28:16.0439 5188 1394ohci - ok
    18:28:16.0485 5188 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    18:28:16.0563 5188 Accelerometer - ok
    18:28:16.0595 5188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:28:16.0626 5188 ACPI - ok
    18:28:16.0641 5188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:28:16.0766 5188 AcpiPmi - ok
    18:28:16.0844 5188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:28:16.0891 5188 adp94xx - ok
    18:28:17.0156 5188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:28:17.0172 5188 adpahci - ok
    18:28:17.0203 5188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:28:17.0219 5188 adpu320 - ok
    18:28:17.0281 5188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:28:17.0718 5188 AeLookupSvc - ok
    18:28:18.0092 5188 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    18:28:18.0186 5188 AESTFilters - ok
    18:28:18.0389 5188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:28:18.0467 5188 AFD - ok
    18:28:18.0591 5188 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    18:28:18.0685 5188 AgereSoftModem - ok
    18:28:18.0747 5188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:28:18.0779 5188 agp440 - ok
    18:28:19.0902 5188 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
    18:28:19.0902 5188 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    18:28:19.0902 5188 Akamai ( HiddenFile.Multi.Generic ) - warning
    18:28:19.0902 5188 Akamai - detected HiddenFile.Multi.Generic (1)
    18:28:19.0980 5188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:28:20.0027 5188 ALG - ok
    18:28:20.0089 5188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:28:20.0105 5188 aliide - ok
    18:28:20.0292 5188 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:28:20.0432 5188 AMD External Events Utility - ok
    18:28:21.0009 5188 AMD FUEL Service - ok
    18:28:21.0072 5188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:28:21.0087 5188 amdide - ok
    18:28:21.0165 5188 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    18:28:21.0197 5188 amdiox64 - ok
    18:28:21.0384 5188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:28:21.0524 5188 AmdK8 - ok
    18:28:22.0538 5188 [ A29087680A1C3B049E3C05438E8FF2B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:28:22.0757 5188 amdkmdag - ok
    18:28:22.0975 5188 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    18:28:22.0991 5188 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
    18:28:22.0991 5188 amdkmdap - detected UnsignedFile.Multi.Generic (1)
    18:28:23.0084 5188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:28:23.0115 5188 AmdPPM - ok
    18:28:23.0303 5188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:28:23.0318 5188 amdsata - ok
    18:28:23.0459 5188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:28:23.0474 5188 amdsbs - ok
    18:28:23.0521 5188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:28:23.0537 5188 amdxata - ok
    18:28:23.0615 5188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:28:23.0864 5188 AppID - ok
    18:28:23.0911 5188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:28:23.0973 5188 AppIDSvc - ok
    18:28:24.0036 5188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:28:24.0098 5188 Appinfo - ok
    18:28:24.0207 5188 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:28:24.0207 5188 Apple Mobile Device - ok
    18:28:24.0270 5188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:28:24.0285 5188 arc - ok
    18:28:24.0301 5188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:28:24.0317 5188 arcsas - ok
    18:28:24.0441 5188 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:28:24.0457 5188 aspnet_state - ok
    18:28:24.0519 5188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:28:24.0566 5188 AsyncMac - ok
    18:28:24.0613 5188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:28:24.0613 5188 atapi - ok
    18:28:24.0675 5188 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    18:28:24.0753 5188 athr - ok
    18:28:24.0800 5188 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    18:28:24.0816 5188 AtiHdmiService - ok
    18:28:25.0003 5188 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:28:25.0081 5188 atikmdag - ok
    18:28:25.0143 5188 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:28:25.0159 5188 AtiPcie - ok
    18:28:25.0206 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:28:25.0253 5188 AudioEndpointBuilder - ok
    18:28:25.0268 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:28:25.0315 5188 AudioSrv - ok
    18:28:25.0393 5188 [ 916ADB4B96365A4374D0933468533049 ] Autodesk Network Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
    18:28:25.0440 5188 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    18:28:25.0440 5188 Autodesk Network Licensing Service - detected UnsignedFile.Multi.Generic (1)
    18:28:25.0799 5188 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    18:28:25.0830 5188 AVG Security Toolbar Service - ok
    18:28:26.0703 5188 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    18:28:26.0891 5188 AVGIDSAgent - ok
    18:28:27.0140 5188 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    18:28:27.0218 5188 AVGIDSDriver - ok
    18:28:27.0296 5188 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    18:28:27.0312 5188 AVGIDSFilter - ok
    18:28:27.0468 5188 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    18:28:27.0483 5188 AVGIDSHA - ok
    18:28:27.0593 5188 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    18:28:27.0608 5188 Avgldx64 - ok
    18:28:27.0686 5188 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:28:27.0702 5188 Avgmfx64 - ok
    18:28:27.0827 5188 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    18:28:27.0858 5188 Avgrkx64 - ok
    18:28:27.0998 5188 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    18:28:28.0014 5188 Avgtdia - ok
    18:28:28.0092 5188 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    18:28:28.0123 5188 avgtp - ok
    18:28:28.0154 5188 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    18:28:28.0170 5188 avgwd - ok
    18:28:28.0217 5188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:28:28.0295 5188 AxInstSV - ok
    18:28:28.0388 5188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    18:28:28.0466 5188 b06bdrv - ok
    18:28:28.0529 5188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:28:28.0575 5188 b57nd60a - ok
    18:28:28.0653 5188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:28:28.0700 5188 BDESVC - ok
    18:28:28.0731 5188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:28:28.0794 5188 Beep - ok
    18:28:28.0903 5188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:28:28.0965 5188 BFE - ok
    18:28:29.0043 5188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    18:28:29.0309 5188 BITS - ok
    18:28:29.0449 5188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:28:29.0574 5188 blbdrive - ok
    18:28:29.0714 5188 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    18:28:29.0730 5188 Bonjour Service - ok
    18:28:29.0777 5188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:28:29.0839 5188 bowser - ok
    18:28:29.0964 5188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:28:30.0167 5188 BrFiltLo - ok
    18:28:30.0198 5188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:28:30.0213 5188 BrFiltUp - ok
    18:28:30.0260 5188 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    18:28:30.0416 5188 BridgeMP - ok
    18:28:30.0494 5188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    18:28:30.0603 5188 Browser - ok
    18:28:30.0681 5188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:28:30.0728 5188 Brserid - ok
    18:28:30.0759 5188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:28:30.0806 5188 BrSerWdm - ok
    18:28:30.0884 5188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:28:30.0978 5188 BrUsbMdm - ok
    18:28:31.0009 5188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:28:31.0071 5188 BrUsbSer - ok
    18:28:31.0103 5188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:28:31.0149 5188 BTHMODEM - ok
    18:28:31.0212 5188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:28:31.0243 5188 bthserv - ok
    18:28:31.0305 5188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:28:31.0337 5188 cdfs - ok
    18:28:31.0539 5188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:28:31.0602 5188 cdrom - ok
    18:28:31.0711 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:28:31.0789 5188 CertPropSvc - ok
    18:28:31.0867 5188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:28:31.0883 5188 circlass - ok
    18:28:31.0945 5188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:28:31.0992 5188 CLFS - ok
    18:28:32.0319 5188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:28:32.0335 5188 clr_optimization_v2.0.50727_32 - ok
    18:28:32.0522 5188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:28:32.0569 5188 clr_optimization_v2.0.50727_64 - ok
    18:28:32.0772 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:28:32.0772 5188 clr_optimization_v4.0.30319_32 - ok
    18:28:32.0787 5188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:28:32.0803 5188 clr_optimization_v4.0.30319_64 - ok
    18:28:32.0850 5188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:28:32.0881 5188 CmBatt - ok
    18:28:32.0928 5188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:28:32.0943 5188 cmdide - ok
    18:28:33.0115 5188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:28:33.0193 5188 CNG - ok
    18:28:33.0224 5188 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    18:28:33.0240 5188 Com4QLBEx - ok
    18:28:33.0255 5188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:28:33.0271 5188 Compbatt - ok
    18:28:33.0318 5188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:28:33.0349 5188 CompositeBus - ok
    18:28:33.0365 5188 COMSysApp - ok
    18:28:33.0380 5188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:28:33.0396 5188 crcdisk - ok
    18:28:33.0536 5188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:28:33.0739 5188 CryptSvc - ok
    18:28:33.0801 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:28:33.0848 5188 DcomLaunch - ok
    18:28:33.0911 5188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:28:33.0957 5188 defragsvc - ok
    18:28:34.0004 5188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:28:34.0067 5188 DfsC - ok
    18:28:34.0129 5188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:28:34.0254 5188 Dhcp - ok
    18:28:34.0285 5188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:28:34.0347 5188 discache - ok
    18:28:34.0394 5188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:28:34.0410 5188 Disk - ok
    18:28:34.0472 5188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:28:34.0519 5188 Dnscache - ok
    18:28:34.0566 5188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:28:34.0644 5188 dot3svc - ok
    18:28:34.0706 5188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:28:34.0784 5188 DPS - ok
    18:28:34.0815 5188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:28:34.0831 5188 drmkaud - ok
    18:28:34.0940 5188 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    18:28:34.0971 5188 dtsoftbus01 - ok
    18:28:35.0018 5188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:28:35.0049 5188 DXGKrnl - ok
    18:28:35.0081 5188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:28:35.0143 5188 EapHost - ok
    18:28:35.0221 5188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    18:28:35.0299 5188 ebdrv - ok
    18:28:35.0346 5188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:28:35.0361 5188 EFS - ok
    18:28:35.0455 5188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:28:35.0658 5188 ehRecvr - ok
    18:28:36.0048 5188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:28:36.0126 5188 ehSched - ok
    18:28:36.0173 5188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:28:36.0204 5188 elxstor - ok
    18:28:36.0235 5188 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
    18:28:36.0282 5188 enecir - ok
    18:28:36.0344 5188 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    18:28:36.0422 5188 EPSON_EB_RPCV4_01 - ok
    18:28:36.0438 5188 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    18:28:36.0469 5188 EPSON_PM_RPCV4_01 - ok
    18:28:36.0547 5188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:28:36.0594 5188 ErrDev - ok
    18:28:36.0641 5188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:28:36.0687 5188 EventSystem - ok
    18:28:36.0719 5188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:28:36.0765 5188 exfat - ok
    18:28:36.0781 5188 ezSharedSvc - ok
    18:28:36.0843 5188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:28:36.0906 5188 fastfat - ok
    18:28:36.0968 5188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:28:37.0031 5188 Fax - ok
    18:28:37.0062 5188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:28:37.0093 5188 fdc - ok
    18:28:37.0140 5188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:28:37.0187 5188 fdPHost - ok
    18:28:37.0249 5188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:28:37.0327 5188 FDResPub - ok
    18:28:37.0374 5188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:28:37.0405 5188 FileInfo - ok
    18:28:37.0468 5188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:28:37.0702 5188 Filetrace - ok
    18:28:39.0605 5188 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:28:39.0854 5188 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    18:28:39.0854 5188 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    18:28:40.0728 5188 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    18:28:40.0853 5188 FLEXnet Licensing Service 64 - ok
    18:28:40.0868 5188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:28:40.0900 5188 flpydisk - ok
    18:28:40.0946 5188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:28:40.0962 5188 FltMgr - ok
    18:28:41.0056 5188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:28:41.0087 5188 FontCache - ok
    18:28:41.0149 5188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:28:41.0165 5188 FontCache3.0.0.0 - ok
    18:28:41.0196 5188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:28:41.0196 5188 FsDepends - ok
    18:28:41.0243 5188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:28:41.0258 5188 Fs_Rec - ok
    18:28:41.0305 5188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:28:41.0336 5188 fvevol - ok
    18:28:41.0336 5188 Fwleaf - ok
    18:28:41.0368 5188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:28:41.0383 5188 gagp30kx - ok
    18:28:41.0446 5188 [ 67CF4C2E7477B9A01DF07E38AF293414 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    18:28:41.0461 5188 GameConsoleService - ok
    18:28:41.0524 5188 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:28:41.0539 5188 GEARAspiWDM - ok
    18:28:41.0711 5188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:28:41.0773 5188 gpsvc - ok
    18:28:41.0851 5188 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:28:41.0867 5188 gusvc - ok
    18:28:41.0929 5188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:28:41.0976 5188 hcw85cir - ok
    18:28:42.0070 5188 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:28:42.0085 5188 HdAudAddService - ok
    18:28:42.0132 5188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:28:42.0163 5188 HDAudBus - ok
    18:28:42.0210 5188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:28:42.0210 5188 HidBatt - ok
    18:28:42.0272 5188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:28:42.0319 5188 HidBth - ok
    18:28:42.0366 5188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:28:42.0382 5188 HidIr - ok
    18:28:42.0413 5188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    18:28:42.0475 5188 hidserv - ok
    18:28:42.0553 5188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:28:42.0569 5188 HidUsb - ok
    18:28:42.0616 5188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:28:42.0662 5188 hkmsvc - ok
    18:28:42.0694 5188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:28:42.0756 5188 HomeGroupListener - ok
    18:28:42.0803 5188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:28:42.0818 5188 HomeGroupProvider - ok
    18:28:42.0912 5188 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    18:28:42.0943 5188 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
    18:28:42.0943 5188 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
    18:28:42.0974 5188 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    18:28:42.0990 5188 hpdskflt - ok
    18:28:43.0084 5188 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    18:28:43.0146 5188 HpqKbFiltr - ok
    18:28:43.0271 5188 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    18:28:43.0318 5188 hpqwmiex - ok
    18:28:43.0411 5188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:28:43.0427 5188 HpSAMD - ok
    18:28:43.0474 5188 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
    18:28:43.0489 5188 hpsrv - ok
    18:28:43.0676 5188 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
    18:28:43.0770 5188 HTCAND64 - ok
    18:28:43.0832 5188 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
    18:28:43.0848 5188 htcnprot - ok
    18:28:43.0926 5188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:28:44.0004 5188 HTTP - ok
    18:28:44.0051 5188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:28:44.0051 5188 hwpolicy - ok
    18:28:44.0144 5188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:28:44.0160 5188 i8042prt - ok
    18:28:44.0222 5188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:28:44.0238 5188 iaStorV - ok
    18:28:44.0378 5188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:28:44.0410 5188 idsvc - ok
    18:28:44.0956 5188 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:28:45.0143 5188 igfx - ok
    18:28:45.0205 5188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:28:45.0221 5188 iirsp - ok
    18:28:45.0346 5188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:28:45.0424 5188 IKEEXT - ok
    18:28:45.0455 5188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:28:45.0455 5188 intelide - ok
    18:28:45.0595 5188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:28:45.0673 5188 intelppm - ok
    18:28:45.0767 5188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:28:45.0814 5188 IPBusEnum - ok
    18:28:45.0954 5188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:28:46.0001 5188 IpFilterDriver - ok
    18:28:46.0110 5188 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:28:46.0157 5188 iphlpsvc - ok
    18:28:46.0204 5188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:28:46.0250 5188 IPMIDRV - ok
    18:28:46.0297 5188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:28:46.0360 5188 IPNAT - ok
    18:28:46.0469 5188 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:28:46.0484 5188 iPod Service - ok
    18:28:46.0531 5188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:28:46.0672 5188 IRENUM - ok
    18:28:46.0734 5188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:28:46.0750 5188 isapnp - ok
    18:28:46.0812 5188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:28:46.0843 5188 iScsiPrt - ok
    18:28:46.0921 5188 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    18:28:46.0984 5188 JMCR - ok
    18:28:46.0999 5188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:28:47.0015 5188 kbdclass - ok
    18:28:47.0077 5188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:28:47.0124 5188 kbdhid - ok
    18:28:47.0155 5188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:28:47.0186 5188 KeyIso - ok
    18:28:47.0233 5188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:28:47.0249 5188 KSecDD - ok
    18:28:47.0296 5188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:28:47.0311 5188 KSecPkg - ok
    18:28:47.0342 5188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:28:47.0374 5188 ksthunk - ok
    18:28:47.0420 5188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:28:47.0483 5188 KtmRm - ok
    18:28:47.0764 5188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    18:28:47.0888 5188 LanmanServer - ok
    18:28:47.0935 5188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:28:48.0013 5188 LanmanWorkstation - ok
    18:28:48.0076 5188 [ 83EC58ED3ACA5028919028667BABF490 ] leafnets C:\Windows\system32\DRIVERS\leafnets.sys
    18:28:48.0154 5188 leafnets - ok
    18:28:48.0232 5188 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    18:28:48.0232 5188 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    18:28:48.0232 5188 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    18:28:48.0310 5188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:28:48.0356 5188 lltdio - ok
    18:28:48.0419 5188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:28:48.0466 5188 lltdsvc - ok
    18:28:48.0481 5188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:28:48.0512 5188 lmhosts - ok
    18:28:48.0559 5188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:28:48.0590 5188 LSI_FC - ok
    18:28:48.0606 5188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:28:48.0622 5188 LSI_SAS - ok
    18:28:48.0653 5188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:28:48.0668 5188 LSI_SAS2 - ok
    18:28:48.0684 5188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:28:48.0700 5188 LSI_SCSI - ok
    18:28:48.0746 5188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:28:48.0778 5188 luafv - ok
    18:28:48.0856 5188 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    18:28:48.0871 5188 MBAMProtector - ok
    18:28:48.0902 5188 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    18:28:48.0934 5188 MBAMScheduler - ok
    18:28:49.0027 5188 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:28:49.0058 5188 MBAMService - ok
    18:28:49.0168 5188 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    18:28:49.0183 5188 mcdbus - ok
    18:28:49.0230 5188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:28:49.0277 5188 Mcx2Svc - ok
    18:28:49.0308 5188 mdf16 - ok
    18:28:49.0339 5188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:28:49.0355 5188 megasas - ok
    18:28:49.0417 5188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:28:49.0448 5188 MegaSR - ok
    18:28:49.0682 5188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:28:49.0714 5188 MMCSS - ok
    18:28:49.0807 5188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:28:49.0885 5188 Modem - ok
    18:28:49.0916 5188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:28:49.0979 5188 monitor - ok
    18:28:50.0010 5188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:28:50.0026 5188 mouclass - ok
    18:28:50.0057 5188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:28:50.0057 5188 mouhid - ok
    18:28:50.0119 5188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:28:50.0119 5188 mountmgr - ok
    18:28:50.0291 5188 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:28:50.0291 5188 MozillaMaintenance - ok
    18:28:50.0369 5188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:28:50.0384 5188 mpio - ok
    18:28:50.0431 5188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:28:50.0462 5188 mpsdrv - ok
    18:28:50.0587 5188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:28:50.0665 5188 MpsSvc - ok
    18:28:50.0728 5188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:28:50.0743 5188 MRxDAV - ok
    18:28:50.0790 5188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:28:50.0868 5188 mrxsmb - ok
    18:28:50.0915 5188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:28:50.0946 5188 mrxsmb10 - ok
  10. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    18:28:51.0008 5188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:28:51.0040 5188 mrxsmb20 - ok
    18:28:51.0086 5188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:28:51.0133 5188 msahci - ok
    18:28:51.0180 5188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:28:51.0227 5188 msdsm - ok
    18:28:51.0274 5188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:28:51.0289 5188 MSDTC - ok
    18:28:51.0367 5188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:28:51.0398 5188 Msfs - ok
    18:28:51.0445 5188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:28:51.0492 5188 mshidkmdf - ok
    18:28:51.0570 5188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:28:51.0570 5188 msisadrv - ok
    18:28:51.0710 5188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:28:51.0788 5188 MSiSCSI - ok
    18:28:51.0788 5188 msiserver - ok
    18:28:51.0851 5188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:28:51.0898 5188 MSKSSRV - ok
    18:28:51.0913 5188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:28:52.0007 5188 MSPCLOCK - ok
    18:28:52.0022 5188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:28:52.0085 5188 MSPQM - ok
    18:28:52.0194 5188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:28:52.0225 5188 MsRPC - ok
    18:28:52.0288 5188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:28:52.0303 5188 mssmbios - ok
    18:28:52.0381 5188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:28:52.0412 5188 MSTEE - ok
    18:28:52.0865 5188 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    18:28:53.0052 5188 msvsmon90 - ok
    18:28:53.0099 5188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:28:53.0114 5188 MTConfig - ok
    18:28:53.0146 5188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:28:53.0161 5188 Mup - ok
    18:28:53.0161 5188 mvd22 - ok
    18:28:53.0224 5188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:28:53.0286 5188 napagent - ok
    18:28:53.0348 5188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:28:53.0380 5188 NativeWifiP - ok
    18:28:53.0489 5188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:28:53.0520 5188 NDIS - ok
    18:28:53.0551 5188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:28:53.0614 5188 NdisCap - ok
    18:28:53.0645 5188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:28:53.0692 5188 NdisTapi - ok
    18:28:53.0754 5188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:28:53.0785 5188 Ndisuio - ok
    18:28:53.0832 5188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:28:53.0879 5188 NdisWan - ok
    18:28:53.0926 5188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:28:53.0988 5188 NDProxy - ok
    18:28:54.0050 5188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:28:54.0128 5188 NetBIOS - ok
    18:28:54.0206 5188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:28:54.0269 5188 NetBT - ok
    18:28:54.0269 5188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:28:54.0316 5188 Netlogon - ok
    18:28:54.0394 5188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:28:54.0456 5188 Netman - ok
    18:28:54.0565 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:54.0565 5188 NetMsmqActivator - ok
    18:28:54.0581 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:54.0596 5188 NetPipeActivator - ok
    18:28:54.0643 5188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:28:54.0721 5188 netprofm - ok
    18:28:54.0752 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:54.0768 5188 NetTcpActivator - ok
    18:28:54.0799 5188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:54.0815 5188 NetTcpPortSharing - ok
    18:28:55.0361 5188 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    18:28:55.0564 5188 netw5v64 - ok
    18:28:55.0595 5188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:28:55.0626 5188 nfrd960 - ok
    18:28:55.0720 5188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:28:55.0766 5188 NlaSvc - ok
    18:28:55.0798 5188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:28:55.0829 5188 Npfs - ok
    18:28:55.0891 5188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:28:55.0954 5188 nsi - ok
    18:28:55.0969 5188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:28:56.0016 5188 nsiproxy - ok
    18:28:56.0141 5188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:28:56.0188 5188 Ntfs - ok
    18:28:56.0234 5188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:28:56.0266 5188 Null - ok
    18:28:56.0624 5188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:28:56.0640 5188 nvraid - ok
    18:28:56.0702 5188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:28:56.0780 5188 nvstor - ok
    18:28:56.0858 5188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:28:56.0874 5188 nv_agp - ok
    18:28:57.0155 5188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:28:57.0186 5188 odserv - ok
    18:28:57.0233 5188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:28:57.0248 5188 ohci1394 - ok
    18:28:57.0264 5188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:28:57.0280 5188 ose - ok
    18:28:57.0326 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:28:57.0420 5188 p2pimsvc - ok
    18:28:57.0451 5188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:28:57.0482 5188 p2psvc - ok
    18:28:57.0514 5188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:28:57.0545 5188 Parport - ok
    18:28:57.0592 5188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:28:57.0607 5188 partmgr - ok
    18:28:57.0732 5188 [ 5FBCC9EEEFACA3019D5BD5979618F298 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    18:28:57.0763 5188 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
    18:28:57.0763 5188 PassThru Service - detected UnsignedFile.Multi.Generic (1)
    18:28:57.0826 5188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:28:57.0872 5188 PcaSvc - ok
    18:28:57.0904 5188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:28:57.0919 5188 pci - ok
    18:28:57.0966 5188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:28:57.0966 5188 pciide - ok
    18:28:58.0013 5188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:28:58.0028 5188 pcmcia - ok
    18:28:58.0060 5188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:28:58.0091 5188 pcw - ok
    18:28:58.0122 5188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:28:58.0200 5188 PEAUTH - ok
    18:28:58.0465 5188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:28:58.0528 5188 PerfHost - ok
    18:28:58.0668 5188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:28:58.0762 5188 pla - ok
    18:28:58.0918 5188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:28:58.0964 5188 PlugPlay - ok
    18:28:58.0996 5188 PnkBstrA - ok
    18:28:59.0011 5188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:28:59.0027 5188 PNRPAutoReg - ok
    18:28:59.0042 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:28:59.0058 5188 PNRPsvc - ok
    18:28:59.0120 5188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:28:59.0198 5188 PolicyAgent - ok
    18:28:59.0230 5188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:28:59.0292 5188 Power - ok
    18:28:59.0386 5188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:28:59.0448 5188 PptpMiniport - ok
    18:28:59.0479 5188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:28:59.0526 5188 Processor - ok
    18:28:59.0573 5188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:28:59.0604 5188 ProfSvc - ok
    18:28:59.0620 5188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:28:59.0651 5188 ProtectedStorage - ok
    18:28:59.0791 5188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:28:59.0854 5188 Psched - ok
    18:29:00.0025 5188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:29:00.0072 5188 ql2300 - ok
    18:29:00.0088 5188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:29:00.0103 5188 ql40xx - ok
    18:29:00.0119 5188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:29:00.0150 5188 QWAVE - ok
    18:29:00.0166 5188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:29:00.0181 5188 QWAVEdrv - ok
    18:29:00.0259 5188 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    18:29:00.0275 5188 RapiMgr - ok
    18:29:00.0290 5188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:29:00.0353 5188 RasAcd - ok
    18:29:00.0384 5188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:29:00.0431 5188 RasAgileVpn - ok
    18:29:00.0446 5188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:29:00.0509 5188 RasAuto - ok
    18:29:00.0540 5188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:29:00.0618 5188 Rasl2tp - ok
    18:29:00.0634 5188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:29:00.0680 5188 RasMan - ok
    18:29:00.0696 5188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:29:00.0758 5188 RasPppoe - ok
    18:29:00.0774 5188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:29:00.0821 5188 RasSstp - ok
    18:29:00.0868 5188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:29:00.0899 5188 rdbss - ok
    18:29:00.0914 5188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:29:00.0946 5188 rdpbus - ok
    18:29:00.0961 5188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:29:01.0024 5188 RDPCDD - ok
    18:29:01.0070 5188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:29:01.0133 5188 RDPENCDD - ok
    18:29:01.0164 5188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:29:01.0195 5188 RDPREFMP - ok
    18:29:01.0242 5188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:29:01.0289 5188 RDPWD - ok
    18:29:01.0336 5188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:29:01.0351 5188 rdyboost - ok
    18:29:01.0382 5188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:29:01.0460 5188 RemoteAccess - ok
    18:29:01.0492 5188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:29:01.0570 5188 RemoteRegistry - ok
    18:29:01.0632 5188 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    18:29:01.0648 5188 RichVideo - ok
    18:29:01.0663 5188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:29:01.0694 5188 RpcEptMapper - ok
    18:29:01.0726 5188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:29:01.0757 5188 RpcLocator - ok
    18:29:01.0804 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:29:01.0850 5188 RpcSs - ok
    18:29:01.0882 5188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:29:01.0944 5188 rspndr - ok
    18:29:01.0975 5188 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:29:02.0006 5188 RTL8167 - ok
    18:29:02.0022 5188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:29:02.0038 5188 SamSs - ok
    18:29:02.0084 5188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:29:02.0100 5188 sbp2port - ok
    18:29:02.0131 5188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:29:02.0178 5188 SCardSvr - ok
    18:29:02.0225 5188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:29:02.0287 5188 scfilter - ok
    18:29:02.0334 5188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:29:02.0396 5188 Schedule - ok
    18:29:02.0428 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:29:02.0474 5188 SCPolicySvc - ok
    18:29:02.0552 5188 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    18:29:02.0584 5188 sdbus - ok
    18:29:02.0630 5188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:29:02.0646 5188 SDRSVC - ok
    18:29:02.0677 5188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:29:02.0740 5188 secdrv - ok
    18:29:02.0771 5188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:29:02.0833 5188 seclogon - ok
    18:29:02.0864 5188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    18:29:02.0896 5188 SENS - ok
    18:29:02.0927 5188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:29:02.0974 5188 SensrSvc - ok
    18:29:02.0989 5188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:29:03.0005 5188 Serenum - ok
    18:29:03.0036 5188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:29:03.0052 5188 Serial - ok
    18:29:03.0083 5188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:29:03.0114 5188 sermouse - ok
    18:29:03.0161 5188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:29:03.0223 5188 SessionEnv - ok
    18:29:03.0254 5188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:29:03.0270 5188 sffdisk - ok
    18:29:03.0286 5188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:29:03.0301 5188 sffp_mmc - ok
    18:29:03.0317 5188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:29:03.0364 5188 sffp_sd - ok
    18:29:03.0379 5188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:29:03.0395 5188 sfloppy - ok
    18:29:03.0426 5188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:29:03.0473 5188 SharedAccess - ok
    18:29:03.0551 5188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:29:03.0598 5188 ShellHWDetection - ok
    18:29:03.0629 5188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:29:03.0644 5188 SiSRaid2 - ok
    18:29:03.0676 5188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:29:03.0691 5188 SiSRaid4 - ok
    18:29:03.0863 5188 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    18:29:03.0925 5188 Skype C2C Service - ok
    18:29:04.0034 5188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:29:04.0050 5188 SkypeUpdate - ok
    18:29:04.0081 5188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:29:04.0144 5188 Smb - ok
    18:29:04.0190 5188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:29:04.0206 5188 SNMPTRAP - ok
    18:29:04.0253 5188 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
    18:29:04.0253 5188 speedfan - ok
    18:29:04.0268 5188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:29:04.0284 5188 spldr - ok
    18:29:04.0331 5188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    18:29:04.0362 5188 Spooler - ok
    18:29:04.0456 5188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:29:04.0534 5188 sppsvc - ok
    18:29:04.0580 5188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:29:04.0612 5188 sppuinotify - ok
    18:29:04.0690 5188 [ AA90A319BB067E0D149B4C95608C4B05 ] sptd C:\Windows\system32\Drivers\sptd.sys
    18:29:04.0721 5188 sptd - ok
    18:29:04.0768 5188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:29:04.0799 5188 srv - ok
    18:29:04.0846 5188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:29:04.0877 5188 srv2 - ok
    18:29:04.0924 5188 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    18:29:04.0955 5188 SrvHsfHDA - ok
    18:29:04.0986 5188 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    18:29:05.0048 5188 SrvHsfV92 - ok
    18:29:05.0080 5188 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    18:29:05.0111 5188 SrvHsfWinac - ok
    18:29:05.0126 5188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:29:05.0158 5188 srvnet - ok
    18:29:05.0189 5188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:29:05.0236 5188 SSDPSRV - ok
    18:29:05.0251 5188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:29:05.0282 5188 SstpSvc - ok
    18:29:05.0392 5188 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    18:29:05.0423 5188 STacSV - ok
    18:29:05.0454 5188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:29:05.0470 5188 stexstor - ok
    18:29:05.0501 5188 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    18:29:05.0516 5188 STHDA - ok
    18:29:05.0594 5188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:29:05.0626 5188 stisvc - ok
    18:29:05.0672 5188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:29:05.0688 5188 swenum - ok
    18:29:05.0704 5188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:29:05.0766 5188 swprv - ok
    18:29:05.0828 5188 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    18:29:05.0844 5188 SynTP - ok
    18:29:05.0922 5188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:29:05.0969 5188 SysMain - ok
    18:29:06.0016 5188 SZASSIST - ok
    18:29:06.0047 5188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:29:06.0094 5188 TabletInputService - ok
    18:29:06.0125 5188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:29:06.0187 5188 TapiSrv - ok
    18:29:06.0234 5188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:29:06.0265 5188 TBS - ok
    18:29:06.0359 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:29:06.0406 5188 Tcpip - ok
    18:29:06.0437 5188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:29:06.0484 5188 TCPIP6 - ok
    18:29:06.0530 5188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:29:06.0593 5188 tcpipreg - ok
    18:29:06.0624 5188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:29:06.0655 5188 TDPIPE - ok
    18:29:06.0686 5188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:29:06.0718 5188 TDTCP - ok
    18:29:06.0764 5188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:29:06.0796 5188 tdx - ok
    18:29:06.0842 5188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:29:06.0858 5188 TermDD - ok
    18:29:06.0874 5188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:29:06.0920 5188 TermService - ok
    18:29:06.0952 5188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:29:06.0998 5188 Themes - ok
    18:29:07.0030 5188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:29:07.0076 5188 THREADORDER - ok
    18:29:07.0092 5188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:29:07.0154 5188 TrkWks - ok
    18:29:07.0201 5188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:29:07.0232 5188 TrustedInstaller - ok
    18:29:07.0279 5188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:29:07.0326 5188 tssecsrv - ok
    18:29:07.0373 5188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:29:07.0388 5188 TsUsbFlt - ok
    18:29:07.0451 5188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:29:07.0482 5188 tunnel - ok
    18:29:07.0544 5188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:29:07.0560 5188 uagp35 - ok
    18:29:07.0591 5188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:29:07.0669 5188 udfs - ok
    18:29:07.0700 5188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:29:07.0841 5188 UI0Detect - ok
    18:29:07.0888 5188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:29:07.0934 5188 uliagpkx - ok
    18:29:08.0106 5188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    18:29:08.0153 5188 umbus - ok
    18:29:08.0184 5188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:29:08.0231 5188 UmPass - ok
    18:29:08.0246 5188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:29:08.0324 5188 upnphost - ok
    18:29:08.0371 5188 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    18:29:08.0434 5188 USBAAPL64 - ok
    18:29:08.0449 5188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:29:08.0480 5188 usbccgp - ok
    18:29:08.0512 5188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:29:08.0527 5188 usbcir - ok
    18:29:08.0543 5188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:29:08.0574 5188 usbehci - ok
    18:29:08.0621 5188 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    18:29:08.0636 5188 usbfilter - ok
    18:29:08.0683 5188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:29:08.0714 5188 usbhub - ok
    18:29:08.0730 5188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:29:08.0746 5188 usbohci - ok
    18:29:08.0777 5188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:29:08.0808 5188 usbprint - ok
    18:29:08.0855 5188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:29:08.0886 5188 usbscan - ok
    18:29:08.0902 5188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:29:08.0933 5188 USBSTOR - ok
    18:29:08.0948 5188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:29:08.0980 5188 usbuhci - ok
    18:29:09.0026 5188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    18:29:09.0073 5188 usbvideo - ok
    18:29:09.0104 5188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:29:09.0151 5188 UxSms - ok
    18:29:09.0182 5188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:29:09.0214 5188 VaultSvc - ok
    18:29:09.0260 5188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:29:09.0276 5188 vdrvroot - ok
    18:29:09.0323 5188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:29:09.0401 5188 vds - ok
    18:29:09.0432 5188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:29:09.0479 5188 vga - ok
    18:29:09.0541 5188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:29:09.0604 5188 VgaSave - ok
    18:29:09.0666 5188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:29:09.0697 5188 vhdmp - ok
    18:29:09.0994 5188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:29:10.0009 5188 viaide - ok
    18:29:10.0056 5188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:29:10.0072 5188 volmgr - ok
    18:29:10.0446 5188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:29:10.0477 5188 volmgrx - ok
    18:29:10.0805 5188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:29:10.0883 5188 volsnap - ok
    18:29:10.0945 5188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:29:11.0008 5188 vsmraid - ok
    18:29:11.0117 5188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:29:11.0195 5188 VSS - ok
    18:29:11.0756 5188 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    18:29:11.0788 5188 vToolbarUpdater13.2.0 - ok
    18:29:11.0819 5188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    18:29:11.0866 5188 vwifibus - ok
    18:29:11.0897 5188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    18:29:11.0928 5188 vwififlt - ok
    18:29:11.0959 5188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:29:12.0006 5188 W32Time - ok
    18:29:12.0037 5188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:29:12.0084 5188 WacomPen - ok
    18:29:12.0146 5188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:29:12.0209 5188 WANARP - ok
    18:29:12.0224 5188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:29:12.0256 5188 Wanarpv6 - ok
    18:29:12.0380 5188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:29:12.0427 5188 WatAdminSvc - ok
    18:29:12.0490 5188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:29:12.0583 5188 wbengine - ok
    18:29:12.0614 5188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:29:12.0646 5188 WbioSrvc - ok
    18:29:12.0755 5188 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    18:29:12.0786 5188 WcesComm - ok
    18:29:12.0817 5188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:29:12.0864 5188 wcncsvc - ok
    18:29:12.0895 5188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:29:12.0942 5188 WcsPlugInService - ok
    18:29:12.0958 5188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:29:12.0973 5188 Wd - ok
    18:29:13.0004 5188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:29:13.0036 5188 Wdf01000 - ok
    18:29:13.0036 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:29:13.0129 5188 WdiServiceHost - ok
    18:29:13.0129 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:29:13.0160 5188 WdiSystemHost - ok
    18:29:13.0192 5188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:29:13.0238 5188 WebClient - ok
    18:29:13.0270 5188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:29:13.0332 5188 Wecsvc - ok
    18:29:13.0348 5188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:29:13.0410 5188 wercplsupport - ok
    18:29:13.0441 5188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:29:13.0504 5188 WerSvc - ok
    18:29:13.0582 5188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:29:13.0613 5188 WfpLwf - ok
    18:29:13.0644 5188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:29:13.0660 5188 WIMMount - ok
    18:29:13.0706 5188 WinDefend - ok
    18:29:13.0706 5188 WinHttpAutoProxySvc - ok
    18:29:13.0784 5188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:29:13.0862 5188 Winmgmt - ok
    18:29:13.0956 5188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:29:14.0018 5188 WinRM - ok
    18:29:14.0096 5188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:29:14.0143 5188 WinUsb - ok
    18:29:14.0190 5188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:29:14.0237 5188 Wlansvc - ok
    18:29:14.0284 5188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:29:14.0315 5188 WmiAcpi - ok
    18:29:14.0330 5188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:29:14.0377 5188 wmiApSrv - ok
    18:29:14.0424 5188 WMPNetworkSvc - ok
    18:29:14.0440 5188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:29:14.0486 5188 WPCSvc - ok
    18:29:14.0533 5188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:29:14.0549 5188 WPDBusEnum - ok
    18:29:14.0596 5188 WPRO_41_1742 - ok
    18:29:14.0658 5188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:29:14.0720 5188 ws2ifsl - ok
    18:29:14.0752 5188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    18:29:14.0814 5188 wscsvc - ok
    18:29:14.0814 5188 WSearch - ok
    18:29:14.0908 5188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    18:29:14.0970 5188 wuauserv - ok
    18:29:15.0001 5188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:29:15.0048 5188 WudfPf - ok
    18:29:15.0095 5188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:29:15.0126 5188 WUDFRd - ok
    18:29:15.0188 5188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:29:15.0220 5188 wudfsvc - ok
    18:29:15.0251 5188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:29:15.0313 5188 WwanSvc - ok
    18:29:15.0344 5188 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    18:29:15.0407 5188 yukonw7 - ok
    18:29:15.0438 5188 ================ Scan global ===============================
    18:29:15.0532 5188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:29:15.0656 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:29:15.0656 5188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:29:15.0750 5188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:29:16.0234 5188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:29:16.0280 5188 [Global] - ok
    18:29:16.0280 5188 ================ Scan MBR ==================================
    18:29:16.0546 5188 [ 9334FB84C8968921DC0DC2F1AE5FCCBF ] \Device\Harddisk0\DR0
    18:29:17.0170 5188 \Device\Harddisk0\DR0 - ok
    18:29:17.0170 5188 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    18:29:17.0372 5188 \Device\Harddisk1\DR1 - ok
    18:29:17.0372 5188 ================ Scan VBR ==================================
    18:29:17.0372 5188 [ 2008695E119700FAB53676139239E131 ] \Device\Harddisk0\DR0\Partition1
    18:29:17.0372 5188 \Device\Harddisk0\DR0\Partition1 - ok
    18:29:17.0404 5188 [ 8062341E3A666139BBF647F47FFA7B3A ] \Device\Harddisk0\DR0\Partition2
    18:29:17.0404 5188 \Device\Harddisk0\DR0\Partition2 - ok
    18:29:17.0435 5188 [ BADA6404B19022A297EF02402501FD07 ] \Device\Harddisk0\DR0\Partition3
    18:29:17.0435 5188 \Device\Harddisk0\DR0\Partition3 - ok
    18:29:17.0450 5188 [ 84C0C3F0F1B29AAE5C7D9AC4406581C0 ] \Device\Harddisk0\DR0\Partition4
    18:29:17.0450 5188 \Device\Harddisk0\DR0\Partition4 - ok
    18:29:17.0466 5188 [ C6EA60DAE249DEFBE6502EAB62E22840 ] \Device\Harddisk1\DR1\Partition1
    18:29:17.0466 5188 \Device\Harddisk1\DR1\Partition1 - ok
    18:29:17.0466 5188 ============================================================
    18:29:17.0466 5188 Scan finished
    18:29:17.0466 5188 ============================================================
    18:29:17.0482 6064 Detected object count: 7
    18:29:17.0482 6064 Actual detected object count: 7
    18:30:29.0866 6064 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    18:30:29.0866 6064 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    18:30:29.0866 6064 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0866 6064 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:30:29.0881 6064 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0881 6064 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:30:29.0881 6064 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0881 6064 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:30:29.0881 6064 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0881 6064 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:30:29.0881 6064 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0881 6064 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:30:29.0881 6064 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
    18:30:29.0881 6064 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:34:07.0346 3948 Deinitialize success
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  12. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    Here we go again:
    C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000000.@ Win64/Sirefef.AW trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{7b5ffd4d-fbc9-d5b1-1893-a31368de8b7d}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined

    Clever. First of all searching and get It on the map and then deleting with another program. I like the way you are handeling this

    More issues: I don't know for how long but when the computer comes out of stand by mode and when I want to log in on the administrater account. I first have to go back to get the administrator and guest account page and then I can log in on the administrator account. It's not that bad but kinda annoying when It happens.
    Further there are some moments at the games I play (PES 2013) and Sim city 4 It's just shuts off with no reason. The reason I can guess is that these games are not legit and for there the running programs an algorithms have been cracked to get them worked. (Got them for isohunt a torrent website).

    For the rest the computer works fine.
    Afther you've handled and taken care of the virus in my computer do you have any recommendations for a virus scanner (I do not really relay on AVG anymore As I seen how many virusses are in my computer).

    Greetings from holland.
    Fritsje15
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's normal for the log in screen. I used to deal with that all the time.

    I don't have any support for cracked software. It's your own risk.


    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  14. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 30
    Java 7 Update 6
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (16.0.2)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  16. Fritsje15

    Fritsje15 TS Rookie Topic Starter

    No, no more questions.
    one remark: You're the best. I don't know what you did exactly but is off my computer and I am eternally gratefull.

    I would recommend you above all of the computer specialist in my region. Thank you so much.

    Greetings from holland
    Fritsje15
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Awesome. Topic marked solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.