Jump to content

Is Twunk_32 infected?


Recommended Posts

Hi there!

 

Hopefully you can help me...

 

I have all sorts of trouble... 

Computer shurts down/restarts, have trouble booting, all browsers (Chrome+Internet Explorer) loads pages and shows different flashing pop-ups... (see attached files), AVG doesnt work or load and windows update/solve problems does not work either.

 

I suspect im infected seriously. and i suspect is twunk_32, reading about issusees cause by this.

I have run Malwarebytes Anti-Malware and i detected some infected files and deleted. But the problem is not solved.

 

This is one of many... unfortunately i have not saved others.

 

Can you please help me!

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.05.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
 
 
06-10-2013 10:47:16
mbam-log-2013-10-06 (10-47-16).txt
 
Scan type: Custom scan (C:\Users\Iben Michelsen\Local Settings|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Iben Michelsen\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.

  

post-146453-0-94752400-1381066921_thumb.

post-146453-0-03638200-1381067518_thumb.

Link to post
Share on other sites

Hello ibenis and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello Borislav!

 

I got the Malwarebytes Anti-Malware PRO and ran it.. it found 40 items...

I turned off "system rebuild" in system securety, deleted items and restarted, the problem is still there.

 

I downloaded dds and i think it ran it automaticly.. 

So before i really got to turn off any script blocker.

 

Questions:

1. Do i have to run it again?

2. I have AVG installed but cant access it, so i cant turn it off either. (System says i need to turn it on, but cant access - not possible for me to unistalled it either. So what about script blocker in this case?

3. I guess i need to turn of all protection in Malware PRO?

4. Do i have to turn of windows firewall also?

 

Here is the two files dds provided so far :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Iben Michelsen at 18:58:30 on 2013-10-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.45.1030.18.4095.2014 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\IBENMI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OVERVG~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: S&end til OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 212.10.10.4 212.10.24.252 212.10.10.5
TCP: Interfaces\{3F7D976C-9E71-444D-80F1-4987E89B3215} : DHCPNameServer = 212.10.10.4 212.10.24.252 212.10.10.5
TCP: Interfaces\{C54EDA5F-A30D-42AB-AFB7-07462BF0F97A} : DHCPNameServer = 212.10.10.4 212.10.24.252 212.10.10.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SuperLyrics-1: {11111111-1111-1111-1111-110411161172} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-13 45856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-13 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-1-31 2402080]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-13 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 V0520Vid;Creative Camera VF0520 Driver;C:\Windows\System32\drivers\V0520Vid.sys [2011-9-2 280704]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-11 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-12 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-05 08:13:47 -------- dc----w- C:\Users\Iben Michelsen\AppData\Local\MigWiz
2013-10-05 08:04:53 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C1E2A7B-712D-497F-8603-56AD89E728AC}\mpengine.dll
2013-10-05 07:20:52 -------- d-----w- C:\Users\Iben Michelsen\AppData\Local\Avg2013
2013-09-25 14:56:27 -------- d-----w- C:\Users\Iben Michelsen\AppData\Roaming\AVG2014
2013-09-25 14:52:41 -------- d-----w- C:\ProgramData\AVG2014
2013-09-25 14:50:34 -------- d-----w- C:\Users\Iben Michelsen\AppData\Local\Avg2014
2013-09-12 15:31:57 -------- d-----w- C:\temp
2013-09-12 15:27:25 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-09-11 20:52:25 -------- d-----w- C:\Users\Iben Michelsen\AppData\Local\WindowsUpdate
2013-09-10 20:10:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-10 20:02:17 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-10 19:57:45 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-10 19:57:43 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-10 19:53:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-10 19:53:38 366592 ----a-w- C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2013-09-19 20:57:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 20:57:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-04 23:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-15 15:31:30 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 18:59:30,27 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 11-04-2013 23:07:12
System Uptime: 06-10-2013 18:54:06 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | MS-7513
Processor: Intel® Core2 Duo CPU     E8500  @ 3.16GHz | CPU 1 | 1923/333mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 931 GiB total, 365,708 GiB free.
C: is FIXED (NTFS) - 149 GiB total, 43,175 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
7-Zip 9.20
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader XI (11.0.04) - Dansk
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advertising Center
AHV content for Acrobat and Flash
Apple-programunderstøttelse
Apple Mobile Device Support
Apple Software Update
AVG 2013
AVG PC TuneUp Language Pack (en-US)
AVG Security Toolbar
Bonjour
Creative Live! Cam Sync (VF0520) Driver (1.01.04.00)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DolbyFiles
Firestorm-Release (remove only)
Google Chrome
Google Update Helper
HP Deskjet 1050 J410 series - basissoftware til enheden
HP Deskjet 1050 J410 series Hjælp
HP Update
HPDiagnosticAlert
iCloud
ImagXpress
iTunes
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft Office Access MUI (Danish) 2010
Microsoft Office Excel MUI (Danish) 2010
Microsoft Office Groove MUI (Danish) 2010
Microsoft Office InfoPath MUI (Danish) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Danish) 2010
Microsoft Office Outlook MUI (Danish) 2010
Microsoft Office PowerPoint MUI (Danish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionel Plus 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Danish) 2010
Microsoft Office Publisher MUI (Danish) 2010
Microsoft Office Shared 32-bit MUI (Danish) 2010
Microsoft Office Shared MUI (Danish) 2010
Microsoft Office Word MUI (Danish) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
NVIDIA 3D Vision-driver 311.06
NVIDIA Grafikdriver 311.06
NVIDIA Install Application
NVIDIA Kontrolpanel 311.06
NVIDIA Opdateringer 1.11.3
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
PDF Settings
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2760597) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype™ 6.6
SoundTrax
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-GB)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Visual Studio 2010 x64 Redistributables
WinRAR arkivering
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar
.
==== End Of File ===========================
 
Link to post
Share on other sites

That's fine. About AVG, if you can't access it, when we finish here, you should re-install it.

Step 1

Please uninstall this application:

AVG Security Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thank you for the quick reply!

 

Following logs were provided:

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Iben Michelsen on 07-10-2013 at 13:18:18,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422162272}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466166672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422162272}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466166672}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466166672}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466166672}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Iben Michelsen\appdata\local\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07-10-2013 at 13:26:31,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v3.006 - Report created 07/10/2013 at 14:06:35
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Iben Michelsen - IBENMICHELSEN
# Running from : C:\Users\Iben Michelsen\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\IBENMI~1\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Iben Michelsen\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Iben Michelsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\IBENMI~1\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Iben Michelsen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2723 octets] - [07/10/2013 14:05:30]
AdwCleaner[s0].txt - [2428 octets] - [07/10/2013 14:06:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2488 octets] ##########
 
 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.07.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Iben Michelsen :: IBENMICHELSEN [administrator]
 
Protection: Disabled
 
07-10-2013 14:11:55
mbam-log-2013-10-07 (14-11-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211400
Time elapsed: 5 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
Link to post
Share on other sites

Hello

 

Thank you so much, broken AVG is uninstalled and new downloaded and installed.

 

Is there any problem in running:

 

Malwarebytes A-M Pro's protection

AVG 2014 - Free edition

Windows Firewall

 

at once?

 

Still having problems, what to do next please?

 

Best Regards

Iben

Link to post
Share on other sites

Result after updating AVG and scan:

 

Scan hele computeren
"Mellem prioritet;""47"";""0"";""47"""
"Valgte mapper til scanning:;""Scan hele computeren"""
"Startet:;""08-10-2013, 00:24:46"""
"Afsluttet:;""08-10-2013, 01:38:46"""
"Objekter scannet i alt:;""397932"""
"Bruger, der startede scanningen:;""Iben Michelsen"""
 
"Status;""Prioritet"";""Navn"";""Beskrivelse"";""Resultat"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DIRECTORY_CONTROL -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLOSE -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SYSTEM_CONTROL -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_SECURITY -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SHUTDOWN -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_POWER -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""Indbygget krog ataport.SYS DllUnload -> spst.sys +0x65300"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_QUOTA -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FILE_SYSTEM_CONTROL -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""pci.sys, hentet import ntoskrnl.exe IoDetachDevice -> spst.sys +0x6953C"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_SYSTEM_CONTROL -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SHUTDOWN -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CREATE -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_VOLUME_INFORMATION -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_WRITE -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_EA -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_QUOTA -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_FLUSH_BUFFERS -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CREATE -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""atapi.sys, hentet import ataport.SYS AtaPortWritePortBufferUshort -> spst.sys +0x2EBA0"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_POWER -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_VOLUME_INFORMATION -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_READ -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_WRITE -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_PNP -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CREATE -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_INFORMATION -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_SECURITY -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""pci.sys, hentet import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spst.sys +0x695B0"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""atapi.sys, hentet import ataport.SYS AtaPortReadPortUchar -> spst.sys +0x2E224"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FLUSH_BUFFERS -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CLEANUP -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_READ -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""atapi.sys, hentet import ataport.SYS AtaPortWritePortUchar -> spst.sys +0x2EA24"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""atapi.sys, hentet import ataport.SYS AtaPortReadPortBufferUshort -> spst.sys +0x2E35C"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_DEVICE_CONTROL -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_LOCK_CONTROL -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLEANUP -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_EA -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_INFORMATION -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_DEVICE_CONTROL -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_PNP -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DEVICE_CONTROL -> spst.sys +0x41034"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CLOSE -> spst.sys +0x42880"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_PNP -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
"Inficeret;""Mellem"";""IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> spst.sys +0x41FC8"";""C:\Windows\System32\Drivers\spst.sys"";""Inficeret"""
Link to post
Share on other sites

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Step 2

    Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

    Please visit this webpage and read the ComboFix User's Guide:

    • Once you've read the article and are ready to use the program you can download it directly from the link below.
    • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
    • Direct download link for: ComboFix.exe
    • Please make sure you disable your security applications before running ComboFix.
    • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
    • Please copy/paste the contents or attach that log file to your next reply.
    • If needed the file can be located here: C:\combofix.txt
    • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
    In your next reply, post the following log files:
    • TDSSKiller log
    • ComboFix log
Link to post
Share on other sites

15:25:08.0670 3008 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:25:09.0013 3008

============================================================

15:25:09.0013 3008 Current date / time: 2013/10/08 15:25:09.0013

15:25:09.0013 3008 SystemInfo:

15:25:09.0013 3008

15:25:09.0013 3008 OS Version: 6.1.7601 ServicePack: 1.0

15:25:09.0013 3008 Product type: Workstation

15:25:09.0013 3008 ComputerName: IBENMICHELSEN

15:25:09.0013 3008 UserName: Iben Michelsen

15:25:09.0013 3008 Windows directory: C:\Windows

15:25:09.0013 3008 System windows directory: C:\Windows

15:25:09.0013 3008 Running under WOW64

15:25:09.0013 3008 Processor architecture: Intel x64

15:25:09.0013 3008 Number of processors: 2

15:25:09.0013 3008 Page size: 0x1000

15:25:09.0013 3008 Boot type: Normal boot

15:25:09.0013 3008

============================================================

15:25:10.0277 3008 BG loaded

15:25:10.0963 3008 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05

Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:25:10.0963 3008 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51

Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:25:10.0979 3008

============================================================

15:25:10.0979 3008 \Device\Harddisk0\DR0:

15:25:10.0979 3008 MBR partitions:

15:25:10.0979 3008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7,

StartLBA 0x800, BlocksNum 0x12A18800

15:25:10.0979 3008 \Device\Harddisk1\DR1:

15:25:10.0979 3008 GPT partitions:

15:25:10.0979 3008 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID:

{E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID:

{80AE0FD7-D7F6-11DD-A5FA-002185122D6B}, Name: Microsoft reserved partition,

StartLBA 0x22, BlocksNum 0x40000

15:25:10.0979 3008 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID:

{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID:

{29E9913F-99C7-4FCE-A858-8E14CAE7DBA0}, Name: Basic data partition, StartLBA

0x40800, BlocksNum 0x746C6000

15:25:10.0979 3008 MBR partitions:

15:25:10.0979 3008

============================================================

15:25:10.0995 3008 C: <-> \Device\Harddisk0\DR0\Partition1

15:25:11.0010 3008 B: <-> \Device\Harddisk1\DR1\Partition2

15:25:11.0010 3008

============================================================

15:25:11.0010 3008 Initialize success

15:25:11.0010 3008

============================================================

15:26:16.0760 4216

============================================================

15:26:16.0760 4216 Scan started

15:26:16.0760 4216 Mode: Manual; SigCheck; TDLFS;

15:26:16.0760 4216

============================================================

15:26:19.0350 4216 ================ Scan system memory

========================

15:26:19.0350 4216 System memory - ok

15:26:19.0350 4216 ================ Scan services

=============================

15:26:19.0537 4216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci

C:\Windows\system32\drivers\1394ohci.sys

15:26:19.0693 4216 1394ohci - ok

15:26:19.0755 4216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI

C:\Windows\system32\drivers\ACPI.sys

15:26:19.0787 4216 ACPI - ok

15:26:19.0818 4216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi

C:\Windows\system32\drivers\acpipmi.sys

15:26:19.0943 4216 AcpiPmi - ok

15:26:20.0067 4216 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue

CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue

CS3\Server\bin\VersionCueCS3.exe

15:26:20.0083 4216 Adobe Version Cue CS3 - ok

15:26:20.0130 4216 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:26:20.0145 4216 AdobeARMservice - ok

15:26:20.0286 4216 [ 24A0876D07EF356DCBC1D7A7929354AB ]

AdobeFlashPlayerUpdateSvc

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:26:20.0301 4216 AdobeFlashPlayerUpdateSvc - ok

15:26:20.0333 4216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx

C:\Windows\system32\DRIVERS\adp94xx.sys

15:26:20.0379 4216 adp94xx - ok

15:26:20.0395 4216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci

C:\Windows\system32\DRIVERS\adpahci.sys

15:26:20.0426 4216 adpahci - ok

15:26:20.0442 4216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320

C:\Windows\system32\DRIVERS\adpu320.sys

15:26:20.0457 4216 adpu320 - ok

15:26:20.0489 4216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc

C:\Windows\System32\aelupsvc.dll

15:26:20.0551 4216 AeLookupSvc - ok

15:26:20.0613 4216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD

C:\Windows\system32\drivers\afd.sys

15:26:20.0676 4216 AFD - ok

15:26:20.0785 4216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440

C:\Windows\system32\drivers\agp440.sys

15:26:20.0801 4216 agp440 - ok

15:26:20.0847 4216 [ 3290D6946B5E30E70414990574883DDB ] ALG

C:\Windows\System32\alg.exe

15:26:20.0879 4216 ALG - ok

15:26:20.0910 4216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide

C:\Windows\system32\drivers\aliide.sys

15:26:20.0941 4216 aliide - ok

15:26:20.0957 4216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide

C:\Windows\system32\drivers\amdide.sys

15:26:20.0972 4216 amdide - ok

15:26:21.0003 4216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8

C:\Windows\system32\DRIVERS\amdk8.sys

15:26:21.0081 4216 AmdK8 - ok

15:26:21.0097 4216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM

C:\Windows\system32\DRIVERS\amdppm.sys

15:26:21.0144 4216 AmdPPM - ok

15:26:21.0206 4216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata

C:\Windows\system32\drivers\amdsata.sys

15:26:21.0222 4216 amdsata - ok

15:26:21.0253 4216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs

C:\Windows\system32\DRIVERS\amdsbs.sys

15:26:21.0284 4216 amdsbs - ok

15:26:21.0284 4216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata

C:\Windows\system32\drivers\amdxata.sys

15:26:21.0315 4216 amdxata - ok

15:26:21.0362 4216 [ 89A69C3F2F319B43379399547526D952 ] AppID

C:\Windows\system32\drivers\appid.sys

15:26:21.0440 4216 AppID - ok

15:26:21.0471 4216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc

C:\Windows\System32\appidsvc.dll

15:26:21.0549 4216 AppIDSvc - ok

15:26:21.0612 4216 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo

C:\Windows\System32\appinfo.dll

15:26:21.0659 4216 Appinfo - ok

15:26:21.0799 4216 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device

C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe

15:26:21.0815 4216 Apple Mobile Device - ok

15:26:21.0846 4216 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt

C:\Windows\System32\appmgmts.dll

15:26:21.0908 4216 AppMgmt - ok

15:26:21.0955 4216 [ C484F8CEB1717C540242531DB7845C4E ] arc

C:\Windows\system32\DRIVERS\arc.sys

15:26:21.0986 4216 arc - ok

15:26:22.0033 4216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas

C:\Windows\system32\DRIVERS\arcsas.sys

15:26:22.0095 4216 arcsas - ok

15:26:22.0205 4216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac

C:\Windows\system32\DRIVERS\asyncmac.sys

15:26:22.0345 4216 AsyncMac - ok

15:26:22.0501 4216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi

C:\Windows\system32\drivers\atapi.sys

15:26:22.0517 4216 atapi - ok

15:26:22.0813 4216 [ F23FEF6D569FCE88671949894A8BECF1 ]

AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:26:22.0922 4216 AudioEndpointBuilder - ok

15:26:23.0187 4216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv

C:\Windows\System32\Audiosrv.dll

15:26:23.0234 4216 AudioSrv - ok

15:26:23.0593 4216 [ 877FC6E4E22218C1C1B1F41E63AC825A ] Avgdiska

C:\Windows\system32\DRIVERS\avgdiska.sys

15:26:23.0671 4216 Avgdiska - ok

15:26:25.0278 4216 [ F0EFB3F533DF6C153033211889023905 ] AVGIDSAgent

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

15:26:25.0356 4216 AVGIDSAgent - ok

15:26:25.0434 4216 [ 829A14AFA90D2CA821BAF49FF280CCC4 ] AVGIDSDriver

C:\Windows\system32\DRIVERS\avgidsdrivera.sys

15:26:25.0449 4216 AVGIDSDriver - ok

15:26:25.0543 4216 [ BB49C8C604F1A1771ED25E7B9A1B6F43 ] AVGIDSHA

C:\Windows\system32\DRIVERS\avgidsha.sys

15:26:25.0559 4216 AVGIDSHA - ok

15:26:25.0574 4216 [ 07F3EADE36F17AB8C1AF1BB4688C8242 ] Avgldx64

C:\Windows\system32\DRIVERS\avgldx64.sys

15:26:25.0590 4216 Avgldx64 - ok

15:26:25.0668 4216 [ F9139BF79B4D64E84479942F9E3DAF99 ] Avgloga

C:\Windows\system32\DRIVERS\avgloga.sys

15:26:25.0699 4216 Avgloga - ok

15:26:25.0730 4216 [ 4B459C2FCF22ECE548766B2FCF46F62C ] Avgmfx64

C:\Windows\system32\DRIVERS\avgmfx64.sys

15:26:25.0761 4216 Avgmfx64 - ok

15:26:25.0793 4216 [ B97B24A97F2DF22C459E87F4BED2E015 ] Avgrkx64

C:\Windows\system32\DRIVERS\avgrkx64.sys

15:26:25.0808 4216 Avgrkx64 - ok

15:26:25.0886 4216 [ 4E364FABBD147F59E5D524C9EA86D772 ] Avgtdia

C:\Windows\system32\DRIVERS\avgtdia.sys

15:26:25.0902 4216 Avgtdia - ok

15:26:25.0933 4216 [ E647C4315F36756DF5FA38BDEB51F224 ] avgtp

C:\Windows\system32\drivers\avgtpx64.sys

15:26:25.0949 4216 avgtp - ok

15:26:26.0027 4216 [ 19781AE826FD0A14BE5B583408C6185F ] avgwd

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

15:26:26.0058 4216 avgwd - ok

15:26:26.0105 4216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV

C:\Windows\System32\AxInstSV.dll

15:26:26.0198 4216 AxInstSV - ok

15:26:26.0229 4216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv

C:\Windows\system32\DRIVERS\bxvbda.sys

15:26:26.0323 4216 b06bdrv - ok

15:26:26.0354 4216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a

C:\Windows\system32\DRIVERS\b57nd60a.sys

15:26:26.0417 4216 b57nd60a - ok

15:26:26.0463 4216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC

C:\Windows\System32\bdesvc.dll

15:26:26.0495 4216 BDESVC - ok

15:26:26.0541 4216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep

C:\Windows\system32\drivers\Beep.sys

15:26:26.0604 4216 Beep - ok

15:26:26.0697 4216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE

C:\Windows\System32\bfe.dll

15:26:26.0760 4216 BFE - ok

15:26:26.0822 4216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS

C:\Windows\System32\qmgr.dll

15:26:26.0900 4216 BITS - ok

15:26:26.0931 4216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive

C:\Windows\system32\DRIVERS\blbdrive.sys

15:26:26.0978 4216 blbdrive - ok

15:26:27.0165 4216 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service

C:\Program Files\Bonjour\mDNSResponder.exe

15:26:27.0181 4216 Bonjour Service - ok

15:26:27.0212 4216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser

C:\Windows\system32\DRIVERS\bowser.sys

15:26:27.0275 4216 bowser - ok

15:26:27.0290 4216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo

C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:26:27.0384 4216 BrFiltLo - ok

15:26:27.0384 4216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp

C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:26:27.0431 4216 BrFiltUp - ok

15:26:27.0477 4216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser

C:\Windows\System32\browser.dll

15:26:27.0540 4216 Browser - ok

15:26:27.0555 4216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid

C:\Windows\System32\Drivers\Brserid.sys

15:26:27.0633 4216 Brserid - ok

15:26:27.0633 4216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm

C:\Windows\System32\Drivers\BrSerWdm.sys

15:26:27.0680 4216 BrSerWdm - ok

15:26:27.0696 4216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm

C:\Windows\System32\Drivers\BrUsbMdm.sys

15:26:27.0743 4216 BrUsbMdm - ok

15:26:27.0758 4216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer

C:\Windows\System32\Drivers\BrUsbSer.sys

15:26:27.0789 4216 BrUsbSer - ok

15:26:27.0789 4216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM

C:\Windows\system32\DRIVERS\bthmodem.sys

15:26:27.0883 4216 BTHMODEM - ok

15:26:27.0914 4216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv

C:\Windows\system32\bthserv.dll

15:26:27.0961 4216 bthserv - ok

15:26:28.0008 4216 [ B8BD2BB284668C84865658C77574381A ] cdfs

C:\Windows\system32\DRIVERS\cdfs.sys

15:26:28.0070 4216 cdfs - ok

15:26:28.0148 4216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom

C:\Windows\system32\drivers\cdrom.sys

15:26:28.0179 4216 cdrom - ok

15:26:28.0242 4216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc

C:\Windows\System32\certprop.dll

15:26:28.0304 4216 CertPropSvc - ok

15:26:28.0335 4216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass

C:\Windows\system32\DRIVERS\circlass.sys

15:26:28.0382 4216 circlass - ok

15:26:28.0429 4216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS

C:\Windows\system32\CLFS.sys

15:26:28.0460 4216 CLFS - ok

15:26:28.0538 4216 [ D88040F816FDA31C3B466F0FA0918F29 ]

clr_optimization_v2.0.50727_32

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:26:28.0554 4216 clr_optimization_v2.0.50727_32 - ok

15:26:28.0601 4216 [ D1CEEA2B47CB998321C579651CE3E4F8 ]

clr_optimization_v2.0.50727_64

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:26:28.0616 4216 clr_optimization_v2.0.50727_64 - ok

15:26:28.0679 4216 [ C5A75EB48E2344ABDC162BDA79E16841 ]

clr_optimization_v4.0.30319_32

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:26:28.0741 4216 clr_optimization_v4.0.30319_32 - ok

15:26:28.0757 4216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ]

clr_optimization_v4.0.30319_64

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:26:28.0772 4216 clr_optimization_v4.0.30319_64 - ok

15:26:28.0803 4216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt

C:\Windows\system32\DRIVERS\CmBatt.sys

15:26:28.0835 4216 CmBatt - ok

15:26:28.0881 4216 [ E19D3F095812725D88F9001985B94EDD ] cmdide

C:\Windows\system32\drivers\cmdide.sys

15:26:28.0897 4216 cmdide - ok

15:26:29.0022 4216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG

C:\Windows\system32\Drivers\cng.sys

15:26:29.0084 4216 CNG - ok

15:26:29.0115 4216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt

C:\Windows\system32\DRIVERS\compbatt.sys

15:26:29.0131 4216 Compbatt - ok

15:26:29.0178 4216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus

C:\Windows\system32\drivers\CompositeBus.sys

15:26:29.0225 4216 CompositeBus - ok

15:26:29.0240 4216 COMSysApp - ok

15:26:29.0256 4216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk

C:\Windows\system32\DRIVERS\crcdisk.sys

15:26:29.0271 4216 crcdisk - ok

15:26:29.0303 4216 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc

C:\Windows\system32\cryptsvc.dll

15:26:29.0365 4216 CryptSvc - ok

15:26:29.0459 4216 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC

C:\Windows\system32\drivers\csc.sys

15:26:29.0521 4216 CSC - ok

15:26:29.0568 4216 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService

C:\Windows\System32\cscsvc.dll

15:26:29.0599 4216 CscService - ok

15:26:29.0661 4216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch

C:\Windows\system32\rpcss.dll

15:26:29.0724 4216 DcomLaunch - ok

15:26:29.0771 4216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc

C:\Windows\System32\defragsvc.dll

15:26:29.0849 4216 defragsvc - ok

15:26:29.0895 4216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC

C:\Windows\system32\Drivers\dfsc.sys

15:26:29.0973 4216 DfsC - ok

15:26:30.0036 4216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp

C:\Windows\system32\dhcpcore.dll

15:26:30.0083 4216 Dhcp - ok

15:26:30.0114 4216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache

C:\Windows\system32\drivers\discache.sys

15:26:30.0176 4216 discache - ok

15:26:30.0207 4216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk

C:\Windows\system32\DRIVERS\disk.sys

15:26:30.0223 4216 Disk - ok

15:26:30.0317 4216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache

C:\Windows\System32\dnsrslvr.dll

15:26:30.0363 4216 Dnscache - ok

15:26:30.0426 4216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc

C:\Windows\System32\dot3svc.dll

15:26:30.0504 4216 dot3svc - ok

15:26:30.0535 4216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS

C:\Windows\system32\dps.dll

15:26:30.0566 4216 DPS - ok

15:26:30.0629 4216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud

C:\Windows\system32\drivers\drmkaud.sys

15:26:30.0675 4216 drmkaud - ok

15:26:30.0738 4216 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl

C:\Windows\System32\drivers\dxgkrnl.sys

15:26:30.0769 4216 DXGKrnl - ok

15:26:30.0816 4216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost

C:\Windows\System32\eapsvc.dll

15:26:30.0878 4216 EapHost - ok

15:26:31.0050 4216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv

C:\Windows\system32\DRIVERS\evbda.sys

15:26:31.0206 4216 ebdrv - ok

15:26:31.0253 4216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS

C:\Windows\System32\lsass.exe

15:26:31.0268 4216 EFS - ok

15:26:31.0377 4216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr

C:\Windows\ehome\ehRecvr.exe

15:26:31.0440 4216 ehRecvr - ok

15:26:31.0455 4216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched

C:\Windows\ehome\ehsched.exe

15:26:31.0487 4216 ehSched - ok

15:26:31.0518 4216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor

C:\Windows\system32\DRIVERS\elxstor.sys

15:26:31.0565 4216 elxstor - ok

15:26:31.0596 4216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev

C:\Windows\system32\drivers\errdev.sys

15:26:31.0643 4216 ErrDev - ok

15:26:31.0705 4216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem

C:\Windows\system32\es.dll

15:26:31.0767 4216 EventSystem - ok

15:26:31.0799 4216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat

C:\Windows\system32\drivers\exfat.sys

15:26:31.0861 4216 exfat - ok

15:26:31.0923 4216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat

C:\Windows\system32\drivers\fastfat.sys

15:26:31.0986 4216 fastfat - ok

15:26:32.0048 4216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax

C:\Windows\system32\fxssvc.exe

15:26:32.0111 4216 Fax - ok

15:26:32.0126 4216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc

C:\Windows\system32\DRIVERS\fdc.sys

15:26:32.0157 4216 fdc - ok

15:26:32.0189 4216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost

C:\Windows\system32\fdPHost.dll

15:26:32.0251 4216 fdPHost - ok

15:26:32.0267 4216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub

C:\Windows\system32\fdrespub.dll

15:26:32.0329 4216 FDResPub - ok

15:26:32.0376 4216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo

C:\Windows\system32\drivers\fileinfo.sys

15:26:32.0391 4216 FileInfo - ok

15:26:32.0407 4216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace

C:\Windows\system32\drivers\filetrace.sys

15:26:32.0485 4216 Filetrace - ok

15:26:32.0516 4216 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing

Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe

15:26:32.0532 4216 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic )

- warning

15:26:32.0532 4216 FLEXnet Licensing Service - detected

UnsignedFile.Multi.Generic (1)

15:26:32.0563 4216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk

C:\Windows\system32\DRIVERS\flpydisk.sys

15:26:32.0625 4216 flpydisk - ok

15:26:32.0719 4216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr

C:\Windows\system32\drivers\fltmgr.sys

15:26:32.0750 4216 FltMgr - ok

15:26:32.0828 4216 [ C4C183E6551084039EC862DA1C945E3D ] FontCache

C:\Windows\system32\FntCache.dll

15:26:32.0891 4216 FontCache - ok

15:26:32.0953 4216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:26:32.0969 4216 FontCache3.0.0.0 - ok

15:26:33.0000 4216 [ D43703496149971890703B4B1B723EAC ] FsDepends

C:\Windows\system32\drivers\FsDepends.sys

15:26:33.0015 4216 FsDepends - ok

15:26:33.0047 4216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec

C:\Windows\system32\drivers\Fs_Rec.sys

15:26:33.0062 4216 Fs_Rec - ok

15:26:33.0093 4216 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol

C:\Windows\system32\DRIVERS\fvevol.sys

15:26:33.0125 4216 fvevol - ok

15:26:33.0140 4216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx

C:\Windows\system32\DRIVERS\gagp30kx.sys

15:26:33.0171 4216 gagp30kx - ok

15:26:33.0203 4216 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM

C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:26:33.0218 4216 GEARAspiWDM - ok

15:26:33.0265 4216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc

C:\Windows\System32\gpsvc.dll

15:26:33.0343 4216 gpsvc - ok

15:26:33.0452 4216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:26:33.0468 4216 gupdate - ok

15:26:33.0483 4216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:26:33.0483 4216 gupdatem - ok

15:26:33.0515 4216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir

C:\Windows\system32\drivers\hcw85cir.sys

15:26:33.0546 4216 hcw85cir - ok

15:26:33.0608 4216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService

C:\Windows\system32\drivers\HdAudio.sys

15:26:33.0639 4216 HdAudAddService - ok

15:26:33.0702 4216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus

C:\Windows\system32\drivers\HDAudBus.sys

15:26:33.0733 4216 HDAudBus - ok

15:26:33.0780 4216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt

C:\Windows\system32\DRIVERS\HidBatt.sys

15:26:33.0827 4216 HidBatt - ok

15:26:33.0827 4216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth

C:\Windows\system32\DRIVERS\hidbth.sys

15:26:33.0873 4216 HidBth - ok

15:26:33.0905 4216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr

C:\Windows\system32\DRIVERS\hidir.sys

15:26:33.0951 4216 HidIr - ok

15:26:33.0983 4216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv

C:\Windows\system32\hidserv.dll

15:26:34.0045 4216 hidserv - ok

15:26:34.0092 4216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb

C:\Windows\system32\DRIVERS\hidusb.sys

15:26:34.0107 4216 HidUsb - ok

15:26:34.0154 4216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc

C:\Windows\system32\kmsvc.dll

15:26:34.0217 4216 hkmsvc - ok

15:26:34.0263 4216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener

C:\Windows\system32\ListSvc.dll

15:26:34.0341 4216 HomeGroupListener - ok

15:26:34.0404 4216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider

C:\Windows\system32\provsvc.dll

15:26:34.0435 4216 HomeGroupProvider - ok

15:26:34.0482 4216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD

C:\Windows\system32\drivers\HpSAMD.sys

15:26:34.0513 4216 HpSAMD - ok

15:26:34.0669 4216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP

C:\Windows\system32\drivers\HTTP.sys

15:26:34.0747 4216 HTTP - ok

15:26:34.0794 4216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy

C:\Windows\system32\drivers\hwpolicy.sys

15:26:34.0809 4216 hwpolicy - ok

15:26:34.0872 4216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt

C:\Windows\system32\drivers\i8042prt.sys

15:26:34.0903 4216 i8042prt - ok

15:26:34.0934 4216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV

C:\Windows\system32\drivers\iaStorV.sys

15:26:34.0965 4216 iaStorV - ok

15:26:35.0043 4216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication

Foundation\infocard.exe

15:26:35.0090 4216 idsvc - ok

15:26:35.0106 4216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp

C:\Windows\system32\DRIVERS\iirsp.sys

15:26:35.0121 4216 iirsp - ok

15:26:35.0184 4216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT

C:\Windows\System32\ikeext.dll

15:26:35.0246 4216 IKEEXT - ok

15:26:35.0277 4216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide

C:\Windows\system32\drivers\intelide.sys

15:26:35.0293 4216 intelide - ok

15:26:35.0324 4216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm

C:\Windows\system32\DRIVERS\intelppm.sys

15:26:35.0355 4216 intelppm - ok

15:26:35.0387 4216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum

C:\Windows\system32\ipbusenum.dll

15:26:35.0449 4216 IPBusEnum - ok

15:26:35.0511 4216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver

C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:26:35.0574 4216 IpFilterDriver - ok

15:26:35.0652 4216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc

C:\Windows\System32\iphlpsvc.dll

15:26:35.0714 4216 iphlpsvc - ok

15:26:35.0761 4216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV

C:\Windows\system32\drivers\IPMIDrv.sys

15:26:35.0792 4216 IPMIDRV - ok

15:26:35.0823 4216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT

C:\Windows\system32\drivers\ipnat.sys

15:26:35.0886 4216 IPNAT - ok

15:26:36.0011 4216 [ 78486992AC657AE5065C4A2135838570 ] iPod Service

C:\Program Files\iPod\bin\iPodService.exe

15:26:36.0042 4216 iPod Service - ok

15:26:36.0073 4216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM

C:\Windows\system32\drivers\irenum.sys

15:26:36.0167 4216 IRENUM - ok

15:26:36.0198 4216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp

C:\Windows\system32\drivers\isapnp.sys

15:26:36.0229 4216 isapnp - ok

15:26:36.0260 4216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt

C:\Windows\system32\drivers\msiscsi.sys

15:26:36.0291 4216 iScsiPrt - ok

15:26:36.0323 4216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass

C:\Windows\system32\drivers\kbdclass.sys

15:26:36.0338 4216 kbdclass - ok

15:26:36.0369 4216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid

C:\Windows\system32\drivers\kbdhid.sys

15:26:36.0416 4216 kbdhid - ok

15:26:36.0432 4216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso

C:\Windows\system32\lsass.exe

15:26:36.0447 4216 KeyIso - ok

15:26:36.0494 4216 KMService - ok

15:26:36.0525 4216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD

C:\Windows\system32\Drivers\ksecdd.sys

15:26:36.0557 4216 KSecDD - ok

15:26:36.0572 4216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg

C:\Windows\system32\Drivers\ksecpkg.sys

15:26:36.0588 4216 KSecPkg - ok

15:26:36.0603 4216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk

C:\Windows\system32\drivers\ksthunk.sys

15:26:36.0650 4216 ksthunk - ok

15:26:36.0681 4216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm

C:\Windows\system32\msdtckrm.dll

15:26:36.0759 4216 KtmRm - ok

15:26:36.0869 4216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer

C:\Windows\system32\srvsvc.dll

15:26:36.0931 4216 LanmanServer - ok

15:26:36.0962 4216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation

C:\Windows\System32\wkssvc.dll

15:26:37.0025 4216 LanmanWorkstation - ok

15:26:37.0056 4216 [ 1538831CF8AD2979A04C423779465827 ] lltdio

C:\Windows\system32\DRIVERS\lltdio.sys

15:26:37.0118 4216 lltdio - ok

15:26:37.0196 4216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc

C:\Windows\System32\lltdsvc.dll

15:26:37.0274 4216 lltdsvc - ok

15:26:37.0290 4216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts

C:\Windows\System32\lmhsvc.dll

15:26:37.0368 4216 lmhosts - ok

15:26:37.0415 4216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC

C:\Windows\system32\DRIVERS\lsi_fc.sys

15:26:37.0430 4216 LSI_FC - ok

15:26:37.0446 4216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS

C:\Windows\system32\DRIVERS\lsi_sas.sys

15:26:37.0461 4216 LSI_SAS - ok

15:26:37.0461 4216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2

C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:26:37.0477 4216 LSI_SAS2 - ok

15:26:37.0493 4216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI

C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:26:37.0508 4216 LSI_SCSI - ok

15:26:37.0524 4216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv

C:\Windows\system32\drivers\luafv.sys

15:26:37.0602 4216 luafv - ok

15:26:37.0633 4216 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector

C:\Windows\system32\drivers\mbam.sys

15:26:37.0649 4216 MBAMProtector - ok

15:26:37.0695 4216 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:26:37.0727 4216 MBAMScheduler - ok

15:26:37.0758 4216 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:26:37.0789 4216 MBAMService - ok

15:26:37.0820 4216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc

C:\Windows\system32\Mcx2Svc.dll

15:26:37.0851 4216 Mcx2Svc - ok

15:26:37.0867 4216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas

C:\Windows\system32\DRIVERS\megasas.sys

15:26:37.0898 4216 megasas - ok

15:26:37.0898 4216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR

C:\Windows\system32\DRIVERS\MegaSR.sys

15:26:37.0929 4216 MegaSR - ok

15:26:37.0976 4216 Microsoft SharePoint Workspace Audit Service - ok

15:26:38.0007 4216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS

C:\Windows\system32\mmcss.dll

15:26:38.0085 4216 MMCSS - ok

15:26:38.0117 4216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem

C:\Windows\system32\drivers\modem.sys

15:26:38.0195 4216 Modem - ok

15:26:38.0241 4216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor

C:\Windows\system32\DRIVERS\monitor.sys

15:26:38.0273 4216 monitor - ok

15:26:38.0304 4216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass

C:\Windows\system32\DRIVERS\mouclass.sys

15:26:38.0319 4216 mouclass - ok

15:26:38.0335 4216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid

C:\Windows\system32\DRIVERS\mouhid.sys

15:26:38.0382 4216 mouhid - ok

15:26:38.0413 4216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr

C:\Windows\system32\drivers\mountmgr.sys

15:26:38.0429 4216 mountmgr - ok

15:26:38.0460 4216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio

C:\Windows\system32\drivers\mpio.sys

15:26:38.0491 4216 mpio - ok

15:26:38.0522 4216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv

C:\Windows\system32\drivers\mpsdrv.sys

15:26:38.0585 4216 mpsdrv - ok

15:26:38.0741 4216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc

C:\Windows\system32\mpssvc.dll

15:26:38.0819 4216 MpsSvc - ok

15:26:38.0850 4216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV

C:\Windows\system32\drivers\mrxdav.sys

15:26:38.0897 4216 MRxDAV - ok

15:26:38.0928 4216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb

C:\Windows\system32\DRIVERS\mrxsmb.sys

15:26:38.0959 4216 mrxsmb - ok

15:26:38.0975 4216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10

C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:26:39.0021 4216 mrxsmb10 - ok

15:26:39.0037 4216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20

C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:26:39.0053 4216 mrxsmb20 - ok

15:26:39.0084 4216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci

C:\Windows\system32\drivers\msahci.sys

15:26:39.0099 4216 msahci - ok

15:26:39.0177 4216 [ DB801A638D011B9633829EB6F663C900 ] msdsm

C:\Windows\system32\drivers\msdsm.sys

15:26:39.0193 4216 msdsm - ok

15:26:39.0209 4216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC

C:\Windows\System32\msdtc.exe

15:26:39.0255 4216 MSDTC - ok

15:26:39.0302 4216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs

C:\Windows\system32\drivers\Msfs.sys

15:26:39.0333 4216 Msfs - ok

15:26:39.0349 4216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf

C:\Windows\System32\drivers\mshidkmdf.sys

15:26:39.0427 4216 mshidkmdf - ok

15:26:39.0443 4216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv

C:\Windows\system32\drivers\msisadrv.sys

15:26:39.0458 4216 msisadrv - ok

15:26:39.0489 4216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI

C:\Windows\system32\iscsiexe.dll

15:26:39.0536 4216 MSiSCSI - ok

15:26:39.0536 4216 msiserver - ok

15:26:39.0583 4216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV

C:\Windows\system32\drivers\MSKSSRV.sys

15:26:39.0645 4216 MSKSSRV - ok

15:26:39.0661 4216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK

C:\Windows\system32\drivers\MSPCLOCK.sys

15:26:39.0723 4216 MSPCLOCK - ok

15:26:39.0739 4216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM

C:\Windows\system32\drivers\MSPQM.sys

15:26:39.0801 4216 MSPQM - ok

15:26:39.0848 4216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC

C:\Windows\system32\drivers\MsRPC.sys

15:26:39.0864 4216 MsRPC - ok

15:26:39.0926 4216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios

C:\Windows\system32\drivers\mssmbios.sys

15:26:39.0942 4216 mssmbios - ok

15:26:39.0989 4216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE

C:\Windows\system32\drivers\MSTEE.sys

15:26:40.0035 4216 MSTEE - ok

15:26:40.0067 4216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig

C:\Windows\system32\DRIVERS\MTConfig.sys

15:26:40.0098 4216 MTConfig - ok

15:26:40.0113 4216 [ F9A18612FD3526FE473C1BDA678D61

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Thanks once again...

B:\IBENMICHELSEN\Backup Set 2013-05-19 194451\Backup Files 2013-05-19 194451\Backup files 13.zip Win32/OpenCandy application deleted - quarantined

B:\IBENMICHELSEN\Backup Set 2013-05-19 194451\Backup Files 2013-05-19 194451\Backup files 14.zip Win32/OpenCandy application deleted - quarantined

B:\IBENMICHELSEN\Backup Set 2013-07-19 140533\Backup Files 2013-07-19 140533\Backup files 13.zip Win32/OpenCandy application deleted - quarantined

B:\IBENMICHELSEN\Backup Set 2013-09-08 204010\Backup Files 2013-09-15 190012\Backup files 1.zip Win32/Somoto.D application deleted - quarantined

B:\IBENMICHELSEN\Backup Set 2013-10-05 100942\Backup Files 2013-10-05 100942\Backup files 9.zip Win32/Somoto.D application deleted - quarantined

Link to post
Share on other sites

Good!

One last additional scan:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Hello again :)

had an error message during installing KasperSky, version 11 (se attached file)

post-146453-0-94726300-1381475642_thumb.

and it wouldnt load. After restarting computer though it started it self and i ran a scan, which took around 12 hours :o

It didnt find any threats and there for no "threats result" to paste here.

Not sure though that i trust the scan?!

Wonder if i should start over downloading KasperSky...

then please i need your help to uninstall it first.

Thank you so much!

Iben

Link to post
Share on other sites

Hi there...

It seems to run fine and no interferance in browsers...

I almost cant believe it, ive been struggling for quite some time.

Thank you so much for your help, its no less than a miracle!!!

Can we leave the thread open for a few days.. just in case?

Thanks again!

Best regards

Iben :)

Link to post
Share on other sites

Hello Again!

Computer seems to be running fine now.. maybe a bit slow, but...

When i boot my computer it keeps giving me the message that KasperSky failed to install and opens the software anyway ready to scan.

(I did not turn of any protection software when downloading and installing,

since other instruction from you have told me when to do so and downloading KasperSky it didnt)

Should I continiously suspect infection or please let me know what do about it?!

Best Regards

Iben

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.