Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransom trojan and others frequently detected by Malwarebytes


  • This topic is locked This topic is locked
25 replies to this topic

#1 Jeff_86_

Jeff_86_

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 08:44 AM

Hi!

I'm afraid that I have some sort of infection on my computer that keeps giving me problems. Microsoft security essentials can't find anything and Malwarebytes from time to time shows me that I have different kinds of trojan infections. I had one today which was called ransom.trojan for example. I also noticed that I can't make changes in some network setting from windows media player which I use to stream videos to my ps3. Small stuff like this make me worried that something is wrong on a level that seems to bypass my antivirus and antimalware programs.

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Jeff at 14:42:11 on 2012-11-03
#Option Extended Search is enabled.
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16297.12932 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\ACE EDGE3200\EDGE 3200.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\ekort\ekort.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Inloggningshjälp för Microsoft-konto: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: e-kort Toolbar: {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Spotify Web Helper] "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [Gaming 3] "C:\ACE EDGE3200\EDGE 3200.exe" /hide
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A04002E7-C4EF-4823-8FE3-7B15E752C606} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gd9dgpom.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 mvs91xx;mvs91xx;C:\Windows\System32\drivers\mvs91xx.sys [2011-4-8 312624]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-9-21 15368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-15 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2011-9-21 15936]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-21 21992]
R2 FortiSslvpnDaemon;FortiClient SSLVPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-29 1258856]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-21 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-9-21 32344]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-21 56344]
R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-16 189288]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2011-9-21 65632]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2011-9-28 23680]
S2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2011-4-20 55296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-11-1 102368]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-15 1431888]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2011-9-21 31808]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-15 129976]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-11-1 203104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2012-6-26 50176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-22 59392]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-30 1255736]
SUnknown zurdtjad;zurdtjad; [x]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 60 ================
.
2012-11-03 12:58:04 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-03 12:57:23 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18DAA3C6-7CC8-4185-8B34-4B2E51EF011D}\offreg.dll
2012-11-03 12:57:14 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18DAA3C6-7CC8-4185-8B34-4B2E51EF011D}\mpengine.dll
2012-11-03 12:43:08 98816 ----a-w- C:\Windows\sed.exe
2012-11-03 12:43:08 256000 ----a-w- C:\Windows\PEV.exe
2012-11-03 12:43:08 208896 ----a-w- C:\Windows\MBR.exe
2012-11-01 17:49:58 -------- d-----w- C:\Users\Jeff\AppData\Local\Samsung
2012-11-01 17:49:57 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Samsung
2012-11-01 17:49:06 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-11-01 17:49:06 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-11-01 17:48:41 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-11-01 17:48:38 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-11-01 17:48:37 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-11-01 17:48:08 -------- d-----w- C:\ProgramData\Samsung
2012-11-01 17:48:08 -------- d-----w- C:\Program Files (x86)\Samsung
2012-10-31 18:21:27 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 21:43:53 -------- d-----w- C:\Users\Jeff\AppData\Local\FLT
2012-10-30 21:01:57 -------- d-----w- C:\Users\Jeff\AppData\Local\Programs
2012-10-25 23:34:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-25 22:41:04 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-10-25 22:40:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-25 22:40:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-24 14:33:43 -------- d-----w- C:\Ladok94
2012-10-24 12:15:44 -------- d-----w- C:\Users\Jeff\AppData\Local\Square Enix
2012-10-21 08:43:12 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{395753F9-1C71-4F8D-AF15-FF607FB22F94}\gapaengine.dll
2012-10-19 19:21:08 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Bioshock2
2012-10-19 19:06:34 -------- d-sh--w- C:\ProgramData\SecuROM
2012-10-17 19:14:18 -------- d-----w- C:\Program Files (x86)\Fortinet
2012-10-16 19:29:56 -------- d-----w- C:\Users\Jeff\AppData\Local\Apple Computer
2012-10-16 15:22:48 -------- d-----w- C:\Users\Jeff\AppData\Roaming\MPEG Streamclip
2012-10-16 15:19:00 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-16 15:18:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-11 17:48:24 -------- d-----w- C:\ProgramData\RELOADED
2012-10-10 17:18:40 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-05 19:25:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-05 19:24:53 -------- d-----w- C:\Users\Jeff\AppData\Local\Apple
2012-10-04 09:10:29 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-01 19:44:55 -------- d-----w- C:\Windows\en-gb
2012-10-01 19:44:53 -------- d-----w- C:\Windows\sv
2012-10-01 19:44:46 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-10-01 19:44:00 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19e806361cda00d04\DXSETUP.exe
2012-10-01 19:43:59 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19e806361cda00d04\DSETUP.dll
2012-10-01 19:43:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19979b181cda00d03\DSETUP.dll
2012-10-01 19:43:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19979b181cda00d03\DXSETUP.exe
2012-10-01 19:43:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19979b181cda00d03\dsetup32.dll
2012-10-01 19:43:59 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\19e806361cda00d04\dsetup32.dll
2012-10-01 19:43:58 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1920949a1cda00d02\DSETUP.dll
2012-10-01 19:43:58 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1920949a1cda00d02\DXSETUP.exe
2012-10-01 19:43:58 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1920949a1cda00d02\dsetup32.dll
2012-10-01 19:43:57 -------- d-----w- C:\Users\Jeff\AppData\Local\Windows Live
2012-10-01 19:43:39 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-09-25 18:59:39 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-20 15:45:30 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Grasshopper
2012-09-16 18:26:13 -------- d-----w- C:\temp
2012-09-16 18:25:48 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-09-16 18:25:48 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-09-16 18:25:47 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2012-09-14 14:46:37 -------- d-sh--w- C:\ProgramData\DSS
2012-09-13 08:56:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 08:56:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 08:56:54 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 08:56:54 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 08:56:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 08:56:54 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 08:56:54 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find6M ====================
.
2012-11-03 10:48:48 328704 ----a-w- C:\Windows\System32\services.exe
2012-10-26 11:08:52 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-26 11:08:52 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-23 19:41:12 280600 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-07-28 00:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-26 17:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 17:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 17:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 17:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 17:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 13:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 13:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 13:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 13:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 13:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 13:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 12:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-15 17:03:42 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 05:41:28 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-02 05:41:28 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-02 05:41:27 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:36:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-02 04:36:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-02 04:36:29 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-14 05:26:34 956928 ----a-w- C:\Windows\System32\localspl.dll
.
============= FINISH: 14:42:18,02 ===============

Edited by hamluis, 03 November 2012 - 09:37 AM.
Moved from Am i Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 12:19 PM

I see ComboFix has been run on this machine, please post the log(s)


NEXT


Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 01:19 PM

Here is the combifixlog that i ran before. I'm sorry, I tried to solve it myself but I then realised that it was more complicated than I first thought.

One problem though. At the Advanced Boot Options screen I don't have the "repair your computer" option (or the swedish counterpart that is since my windows7 is swedish). I installed my windows from a usb-drive so I don't have a windows disk either. Can it be solved anyway? :blink:
--------------------------------------------------------------------------------------------------

ComboFix 12-11-03.01 - Jeff 2012-11-03 13:43:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16297.13908 [GMT 1:00]
Körs från: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2012-10-03 till 2012-11-03 ))))))))))))))))))))))))))))))
.
.
2012-11-03 12:45 . 2012-11-03 12:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-03 12:45 . 2012-11-03 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 10:52 . 2012-11-03 10:52 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C9DA4C-AF87-4CE5-9B83-22FD58427F42}\offreg.dll
2012-11-02 11:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C9DA4C-AF87-4CE5-9B83-22FD58427F42}\mpengine.dll
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Local\Samsung
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Roaming\Samsung
2012-11-01 17:49 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-11-01 17:49 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-11-01 17:48 . 2012-09-26 19:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\MarkAny
2012-11-01 17:48 . 2012-09-26 19:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\Samsung
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\programdata\Samsung
2012-10-31 18:21 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 21:43 . 2012-10-30 21:43 -------- d-----w- c:\users\Jeff\AppData\Local\FLT
2012-10-30 21:01 . 2012-10-30 21:01 -------- d-----w- c:\users\Jeff\AppData\Local\Programs
2012-10-25 23:34 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 22:41 . 2012-10-25 22:41 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-10-25 22:40 . 2012-10-25 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 22:40 . 2012-10-25 22:40 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 14:33 . 2012-10-24 14:33 -------- d-----w- C:\Ladok94
2012-10-24 12:15 . 2012-10-24 12:15 -------- d-----w- c:\users\Jeff\AppData\Local\Square Enix
2012-10-21 08:43 . 2012-10-03 10:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{395753F9-1C71-4F8D-AF15-FF607FB22F94}\gapaengine.dll
2012-10-19 19:21 . 2012-10-19 19:43 -------- d-----w- c:\users\Jeff\AppData\Roaming\Bioshock2
2012-10-19 19:06 . 2012-10-19 19:06 -------- d-sh--w- c:\programdata\SecuROM
2012-10-17 19:14 . 2012-10-17 19:14 -------- d-----w- c:\program files (x86)\Fortinet
2012-10-16 19:29 . 2012-10-16 19:29 -------- d-----w- c:\users\Jeff\AppData\Local\Apple Computer
2012-10-16 15:22 . 2012-10-16 15:22 -------- d-----w- c:\users\Jeff\AppData\Roaming\MPEG Streamclip
2012-10-16 15:19 . 2012-09-24 21:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 15:18 . 2012-09-24 21:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 17:48 . 2012-10-11 17:48 -------- d-----w- c:\programdata\RELOADED
2012-10-10 17:18 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-06 13:26 . 2012-10-06 13:26 -------- d-----w- c:\users\Jeff\AppData\Roaming\Apple Computer
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\programdata\Apple Computer
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\users\Jeff\AppData\Local\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 10:48 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-10-26 11:08 . 2011-09-21 14:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 11:08 . 2011-09-20 21:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 19:41 . 2011-09-20 21:26 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-10 22:23 . 2011-09-30 15:09 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 09:10 . 2012-10-04 09:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-03 10:04 . 2011-10-12 08:59 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 22:21 . 2012-09-16 18:25 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-02-21 11:59 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-02-21 11:59 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-02-21 11:59 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-02-21 11:59 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2011-09-20 22:08 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2011-09-20 22:08 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-09-20 20:57 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2011-09-20 20:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 19:51 . 2012-02-21 12:00 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-23 22:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-23 22:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-23 22:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-23 22:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-23 22:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-23 22:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-26 19:57 . 2012-09-26 19:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-09-26 19:57 . 2012-09-26 19:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 19:57 . 2012-09-26 19:57 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-09-26 19:57 . 2012-09-26 19:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-09-26 19:57 . 2012-09-26 19:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-09-26 19:57 . 2012-09-26 19:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-09-26 19:57 . 2012-09-26 19:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-09-26 19:57 . 2012-09-26 19:57 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-09-26 19:57 . 2012-09-26 19:57 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-09-26 19:57 . 2012-09-26 19:57 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-09-26 19:57 . 2012-09-26 19:57 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-09-26 19:57 . 2012-09-26 19:57 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-09-26 19:57 . 2012-09-26 19:57 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-09-26 19:57 . 2012-09-26 19:57 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-09-26 19:57 . 2012-09-26 19:57 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-09-26 19:57 . 2012-09-26 19:57 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-22 14:22 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 14:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 14:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 14:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 14:22 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 14:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 14:22 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 14:22 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 14:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 14:22 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 14:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 14:22 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 14:22 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 14:22 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 14:22 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 14:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:22 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-13 08:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 08:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 08:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 08:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Spotify Web Helper"="c:\users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-21 4942336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Gaming 3"="c:\ace edge3200\EDGE 3200.exe" [2010-10-21 3715072]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2011-04-20 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-15 1431888]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-09-21 31808]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-28 50176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-21 15936]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gd9dgpom.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-SmartViewAgent - c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\program\Fallout New Vegas\unins000.exe
AddRemove-Mafia II_is1 - d:\program\Mafia II\unins000.exe
AddRemove-Postal 2_is1 - d:\program\Portal 2\unins000.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-11-03 13:46:27
ComboFix-quarantined-files.txt 2012-11-03 12:46
.
Före genomsökningen: 8 491 180 032 byte ledigt
Efter genomsökningen: 12 609 421 312 byte ledigt
.
- - End Of File - - 138DCDBAB918AFC9169FCF6E82F97A8D

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 01:28 PM

yes, there are other tools we can run

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 01:54 PM

19:39:38.0915 1492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:39:39.0020 1492 ============================================================
19:39:39.0020 1492 Current date / time: 2012/11/03 19:39:39.0020
19:39:39.0020 1492 SystemInfo:
19:39:39.0020 1492
19:39:39.0020 1492 OS Version: 6.1.7601 ServicePack: 1.0
19:39:39.0020 1492 Product type: Workstation
19:39:39.0021 1492 ComputerName: JEFF-STATIONÄR
19:39:39.0021 1492 UserName: Jeff
19:39:39.0021 1492 Windows directory: C:\Windows
19:39:39.0021 1492 System windows directory: C:\Windows
19:39:39.0021 1492 Running under WOW64
19:39:39.0021 1492 Processor architecture: Intel x64
19:39:39.0021 1492 Number of processors: 4
19:39:39.0021 1492 Page size: 0x1000
19:39:39.0021 1492 Boot type: Normal boot
19:39:39.0021 1492 ============================================================
19:39:39.0356 1492 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:39.0356 1492 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:39.0358 1492 ============================================================
19:39:39.0358 1492 \Device\Harddisk0\DR0:
19:39:39.0359 1492 MBR partitions:
19:39:39.0359 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
19:39:39.0359 1492 \Device\Harddisk1\DR1:
19:39:39.0359 1492 MBR partitions:
19:39:39.0359 1492 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
19:39:39.0359 1492 ============================================================
19:39:39.0360 1492 C: <-> \Device\Harddisk0\DR0\Partition1
19:39:39.0816 1492 D: <-> \Device\Harddisk1\DR1\Partition1
19:39:39.0816 1492 ============================================================
19:39:39.0816 1492 Initialize success
19:39:39.0816 1492 ============================================================
19:40:27.0916 3792 ============================================================
19:40:27.0916 3792 Scan started
19:40:27.0916 3792 Mode: Manual; TDLFS;
19:40:27.0916 3792 ============================================================
19:40:28.0018 3792 ================ Scan system memory ========================
19:40:28.0018 3792 System memory - ok
19:40:28.0018 3792 ================ Scan services =============================
19:40:28.0041 3792 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:40:28.0043 3792 1394ohci - ok
19:40:28.0046 3792 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:40:28.0049 3792 ACPI - ok
19:40:28.0050 3792 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:40:28.0051 3792 AcpiPmi - ok
19:40:28.0056 3792 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:28.0059 3792 adp94xx - ok
19:40:28.0063 3792 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:40:28.0066 3792 adpahci - ok
19:40:28.0068 3792 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:40:28.0070 3792 adpu320 - ok
19:40:28.0073 3792 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:40:28.0074 3792 AeLookupSvc - ok
19:40:28.0078 3792 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:40:28.0082 3792 AFD - ok
19:40:28.0084 3792 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:40:28.0085 3792 agp440 - ok
19:40:28.0087 3792 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:40:28.0088 3792 ALG - ok
19:40:28.0090 3792 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:40:28.0090 3792 aliide - ok
19:40:28.0092 3792 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:40:28.0093 3792 amdide - ok
19:40:28.0095 3792 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:40:28.0096 3792 AmdK8 - ok
19:40:28.0098 3792 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:40:28.0099 3792 AmdPPM - ok
19:40:28.0101 3792 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:40:28.0103 3792 amdsata - ok
19:40:28.0106 3792 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:28.0107 3792 amdsbs - ok
19:40:28.0109 3792 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:40:28.0109 3792 amdxata - ok
19:40:28.0112 3792 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:40:28.0113 3792 AppID - ok
19:40:28.0114 3792 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:40:28.0115 3792 AppIDSvc - ok
19:40:28.0117 3792 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:40:28.0118 3792 Appinfo - ok
19:40:28.0122 3792 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:40:28.0124 3792 AppMgmt - ok
19:40:28.0126 3792 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:40:28.0127 3792 arc - ok
19:40:28.0129 3792 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:40:28.0130 3792 arcsas - ok
19:40:28.0145 3792 [ EE3F97CBE7B05858BAC0002C4F1C9A44 ] ASGT C:\Windows\SysWOW64\ASGT.exe
19:40:28.0160 3792 ASGT - ok
19:40:28.0170 3792 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:40:28.0173 3792 aspnet_state - ok
19:40:28.0176 3792 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
19:40:28.0189 3792 AsrAppCharger - ok
19:40:28.0191 3792 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:28.0192 3792 AsyncMac - ok
19:40:28.0194 3792 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:40:28.0194 3792 atapi - ok
19:40:28.0200 3792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:28.0205 3792 AudioEndpointBuilder - ok
19:40:28.0210 3792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:40:28.0212 3792 AudioSrv - ok
19:40:28.0218 3792 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
19:40:28.0219 3792 Autodesk Content Service - ok
19:40:28.0221 3792 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:40:28.0222 3792 AxInstSV - ok
19:40:28.0227 3792 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:40:28.0231 3792 b06bdrv - ok
19:40:28.0234 3792 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:28.0237 3792 b57nd60a - ok
19:40:28.0241 3792 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:40:28.0242 3792 BDESVC - ok
19:40:28.0244 3792 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:40:28.0244 3792 Beep - ok
19:40:28.0250 3792 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:40:28.0255 3792 BFE - ok
19:40:28.0262 3792 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:40:28.0267 3792 BITS - ok
19:40:28.0269 3792 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:28.0270 3792 blbdrive - ok
19:40:28.0273 3792 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:40:28.0274 3792 bowser - ok
19:40:28.0275 3792 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:28.0276 3792 BrFiltLo - ok
19:40:28.0278 3792 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:28.0278 3792 BrFiltUp - ok
19:40:28.0281 3792 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:40:28.0282 3792 BridgeMP - ok
19:40:28.0285 3792 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:40:28.0286 3792 Browser - ok
19:40:28.0290 3792 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:40:28.0293 3792 Brserid - ok
19:40:28.0294 3792 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:28.0295 3792 BrSerWdm - ok
19:40:28.0297 3792 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:28.0298 3792 BrUsbMdm - ok
19:40:28.0299 3792 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:28.0300 3792 BrUsbSer - ok
19:40:28.0302 3792 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:28.0303 3792 BTHMODEM - ok
19:40:28.0305 3792 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:40:28.0306 3792 bthserv - ok
19:40:28.0307 3792 catchme - ok
19:40:28.0310 3792 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:40:28.0311 3792 cdfs - ok
19:40:28.0314 3792 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:40:28.0315 3792 cdrom - ok
19:40:28.0318 3792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:40:28.0319 3792 CertPropSvc - ok
19:40:28.0321 3792 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:40:28.0322 3792 circlass - ok
19:40:28.0326 3792 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:40:28.0328 3792 CLFS - ok
19:40:28.0332 3792 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:28.0334 3792 clr_optimization_v2.0.50727_32 - ok
19:40:28.0337 3792 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:28.0340 3792 clr_optimization_v2.0.50727_64 - ok
19:40:28.0349 3792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:28.0360 3792 clr_optimization_v4.0.30319_32 - ok
19:40:28.0363 3792 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:28.0368 3792 clr_optimization_v4.0.30319_64 - ok
19:40:28.0370 3792 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:28.0370 3792 CmBatt - ok
19:40:28.0372 3792 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:40:28.0373 3792 cmdide - ok
19:40:28.0378 3792 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:40:28.0381 3792 CNG - ok
19:40:28.0383 3792 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:40:28.0384 3792 Compbatt - ok
19:40:28.0386 3792 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:40:28.0387 3792 CompositeBus - ok
19:40:28.0388 3792 COMSysApp - ok
19:40:28.0391 3792 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:40:28.0391 3792 cpuz135 - ok
19:40:28.0393 3792 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:28.0394 3792 crcdisk - ok
19:40:28.0397 3792 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:40:28.0399 3792 CryptSvc - ok
19:40:28.0404 3792 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:40:28.0407 3792 CSC - ok
19:40:28.0414 3792 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:40:28.0418 3792 CscService - ok
19:40:28.0424 3792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:40:28.0427 3792 DcomLaunch - ok
19:40:28.0431 3792 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:40:28.0433 3792 defragsvc - ok
19:40:28.0435 3792 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:40:28.0436 3792 DfsC - ok
19:40:28.0440 3792 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:40:28.0441 3792 dg_ssudbus - ok
19:40:28.0444 3792 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:40:28.0447 3792 Dhcp - ok
19:40:28.0449 3792 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:40:28.0450 3792 discache - ok
19:40:28.0452 3792 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:40:28.0452 3792 Disk - ok
19:40:28.0456 3792 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:40:28.0458 3792 Dnscache - ok
19:40:28.0461 3792 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:40:28.0463 3792 dot3svc - ok
19:40:28.0466 3792 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:40:28.0468 3792 DPS - ok
19:40:28.0469 3792 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:40:28.0470 3792 drmkaud - ok
19:40:28.0474 3792 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:40:28.0475 3792 dtsoftbus01 - ok
19:40:28.0482 3792 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:40:28.0485 3792 DXGKrnl - ok
19:40:28.0488 3792 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:40:28.0489 3792 EapHost - ok
19:40:28.0510 3792 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:40:28.0529 3792 ebdrv - ok
19:40:28.0531 3792 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:40:28.0532 3792 EFS - ok
19:40:28.0539 3792 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:40:28.0543 3792 ehRecvr - ok
19:40:28.0546 3792 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:40:28.0547 3792 ehSched - ok
19:40:28.0549 3792 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:40:28.0549 3792 ElbyCDIO - ok
19:40:28.0554 3792 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:40:28.0558 3792 elxstor - ok
19:40:28.0560 3792 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:40:28.0561 3792 ErrDev - ok
19:40:28.0563 3792 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
19:40:28.0564 3792 EtronHub3 - ok
19:40:28.0566 3792 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
19:40:28.0567 3792 EtronXHCI - ok
19:40:28.0572 3792 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:40:28.0575 3792 EventSystem - ok
19:40:28.0578 3792 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:40:28.0579 3792 exfat - ok
19:40:28.0583 3792 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:40:28.0584 3792 fastfat - ok
19:40:28.0590 3792 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:40:28.0595 3792 Fax - ok
19:40:28.0597 3792 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:40:28.0597 3792 fdc - ok
19:40:28.0599 3792 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:40:28.0600 3792 fdPHost - ok
19:40:28.0602 3792 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:40:28.0602 3792 FDResPub - ok
19:40:28.0604 3792 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:40:28.0605 3792 FileInfo - ok
19:40:28.0607 3792 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:40:28.0607 3792 Filetrace - ok
19:40:28.0618 3792 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:40:28.0670 3792 FLEXnet Licensing Service 64 - ok
19:40:28.0672 3792 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:28.0673 3792 flpydisk - ok
19:40:28.0676 3792 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:40:28.0678 3792 FltMgr - ok
19:40:28.0680 3792 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
19:40:28.0686 3792 FNETTBOH_305 - ok
19:40:28.0688 3792 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
19:40:28.0693 3792 FNETURPX - ok
19:40:28.0702 3792 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:40:28.0709 3792 FontCache - ok
19:40:28.0711 3792 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:28.0713 3792 FontCache3.0.0.0 - ok
19:40:28.0733 3792 [ B4654909AB91283C196BAFB901BBD510 ] FortiSslvpnDaemon C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
19:40:28.0772 3792 FortiSslvpnDaemon - ok
19:40:28.0774 3792 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:40:28.0775 3792 FsDepends - ok
19:40:28.0777 3792 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:40:28.0777 3792 Fs_Rec - ok
19:40:28.0780 3792 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:40:28.0782 3792 fvevol - ok
19:40:28.0785 3792 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:28.0786 3792 gagp30kx - ok
19:40:28.0792 3792 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:40:28.0797 3792 gpsvc - ok
19:40:28.0802 3792 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:28.0803 3792 gupdate - ok
19:40:28.0806 3792 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:28.0806 3792 gupdatem - ok
19:40:28.0808 3792 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:40:28.0809 3792 hcw85cir - ok
19:40:28.0813 3792 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:28.0816 3792 HdAudAddService - ok
19:40:28.0819 3792 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:40:28.0820 3792 HDAudBus - ok
19:40:28.0822 3792 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:28.0823 3792 HidBatt - ok
19:40:28.0825 3792 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:40:28.0826 3792 HidBth - ok
19:40:28.0828 3792 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:40:28.0828 3792 HidIr - ok
19:40:28.0830 3792 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:40:28.0831 3792 hidserv - ok
19:40:28.0833 3792 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:40:28.0834 3792 HidUsb - ok
19:40:28.0836 3792 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:40:28.0837 3792 hkmsvc - ok
19:40:28.0840 3792 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:28.0843 3792 HomeGroupListener - ok
19:40:28.0845 3792 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:28.0847 3792 HomeGroupProvider - ok
19:40:28.0850 3792 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:40:28.0851 3792 HpSAMD - ok
19:40:28.0857 3792 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:40:28.0861 3792 HTTP - ok
19:40:28.0863 3792 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:40:28.0864 3792 hwpolicy - ok
19:40:28.0866 3792 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:40:28.0868 3792 i8042prt - ok
19:40:28.0873 3792 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:40:28.0876 3792 iaStorV - ok
19:40:28.0879 3792 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:40:28.0882 3792 IDriverT - ok
19:40:28.0889 3792 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:28.0895 3792 idsvc - ok
19:40:28.0967 3792 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:40:29.0051 3792 igfx - ok
19:40:29.0055 3792 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:40:29.0056 3792 iirsp - ok
19:40:29.0063 3792 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:40:29.0068 3792 IKEEXT - ok
19:40:29.0088 3792 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:40:29.0097 3792 IntcAzAudAddService - ok
19:40:29.0099 3792 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:40:29.0100 3792 intelide - ok
19:40:29.0102 3792 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:40:29.0102 3792 intelppm - ok
19:40:29.0104 3792 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys
19:40:29.0104 3792 IOMap - ok
19:40:29.0106 3792 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:40:29.0107 3792 IPBusEnum - ok
19:40:29.0109 3792 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:29.0110 3792 IpFilterDriver - ok
19:40:29.0115 3792 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
19:40:29.0119 3792 IpHlpSvc - ok
19:40:29.0122 3792 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:40:29.0123 3792 IPMIDRV - ok
19:40:29.0125 3792 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:40:29.0126 3792 IPNAT - ok
19:40:29.0128 3792 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:40:29.0128 3792 IRENUM - ok
19:40:29.0130 3792 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:40:29.0131 3792 isapnp - ok
19:40:29.0134 3792 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:40:29.0137 3792 iScsiPrt - ok
19:40:29.0141 3792 [ 1D7AAB58F4E21697AF8F46EAA81823DD ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:40:29.0142 3792 k57nd60a - ok
19:40:29.0144 3792 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:29.0145 3792 kbdclass - ok
19:40:29.0146 3792 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:29.0147 3792 kbdhid - ok
19:40:29.0149 3792 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:40:29.0149 3792 KeyIso - ok
19:40:29.0151 3792 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:40:29.0152 3792 KSecDD - ok
19:40:29.0155 3792 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:40:29.0156 3792 KSecPkg - ok
19:40:29.0158 3792 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:40:29.0159 3792 ksthunk - ok
19:40:29.0163 3792 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:40:29.0166 3792 KtmRm - ok
19:40:29.0168 3792 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
19:40:29.0168 3792 LADF_DHP2 - ok
19:40:29.0172 3792 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
19:40:29.0173 3792 LADF_SBVM - ok
19:40:29.0176 3792 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:40:29.0179 3792 LanmanServer - ok
19:40:29.0181 3792 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:29.0183 3792 LanmanWorkstation - ok
19:40:29.0186 3792 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:40:29.0186 3792 lltdio - ok
19:40:29.0190 3792 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:40:29.0193 3792 lltdsvc - ok
19:40:29.0194 3792 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:40:29.0195 3792 lmhosts - ok
19:40:29.0199 3792 [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:40:29.0202 3792 LMS - ok
19:40:29.0205 3792 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:29.0206 3792 LSI_FC - ok
19:40:29.0208 3792 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:29.0210 3792 LSI_SAS - ok
19:40:29.0212 3792 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:29.0212 3792 LSI_SAS2 - ok
19:40:29.0215 3792 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:29.0216 3792 LSI_SCSI - ok
19:40:29.0218 3792 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:40:29.0219 3792 luafv - ok
19:40:29.0221 3792 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
19:40:29.0221 3792 MBfilt - ok
19:40:29.0223 3792 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:40:29.0225 3792 Mcx2Svc - ok
19:40:29.0226 3792 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:40:29.0227 3792 megasas - ok
19:40:29.0231 3792 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:29.0233 3792 MegaSR - ok
19:40:29.0236 3792 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:40:29.0236 3792 MEIx64 - ok
19:40:29.0239 3792 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:40:29.0240 3792 Microsoft Office Groove Audit Service - ok
19:40:29.0242 3792 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:40:29.0244 3792 MMCSS - ok
19:40:29.0245 3792 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:40:29.0246 3792 Modem - ok
19:40:29.0248 3792 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:40:29.0248 3792 monitor - ok
19:40:29.0250 3792 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:40:29.0250 3792 mouclass - ok
19:40:29.0252 3792 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:40:29.0253 3792 mouhid - ok
19:40:29.0255 3792 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:40:29.0256 3792 mountmgr - ok
19:40:29.0259 3792 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:40:29.0261 3792 MozillaMaintenance - ok
19:40:29.0264 3792 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:40:29.0266 3792 MpFilter - ok
19:40:29.0269 3792 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:40:29.0270 3792 mpio - ok
19:40:29.0272 3792 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:40:29.0273 3792 mpsdrv - ok
19:40:29.0280 3792 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:40:29.0285 3792 MpsSvc - ok
19:40:29.0288 3792 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:40:29.0290 3792 MRxDAV - ok
19:40:29.0293 3792 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:29.0294 3792 mrxsmb - ok
19:40:29.0298 3792 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:29.0301 3792 mrxsmb10 - ok
19:40:29.0304 3792 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:29.0305 3792 mrxsmb20 - ok
19:40:29.0307 3792 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:40:29.0308 3792 msahci - ok
19:40:29.0310 3792 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:40:29.0312 3792 msdsm - ok
19:40:29.0314 3792 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:40:29.0316 3792 MSDTC - ok
19:40:29.0319 3792 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:29.0320 3792 Msfs - ok
19:40:29.0321 3792 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:40:29.0322 3792 mshidkmdf - ok
19:40:29.0323 3792 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:40:29.0324 3792 msisadrv - ok
19:40:29.0326 3792 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:29.0329 3792 MSiSCSI - ok
19:40:29.0330 3792 msiserver - ok
19:40:29.0332 3792 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:29.0333 3792 MSKSSRV - ok
19:40:29.0335 3792 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:40:29.0335 3792 MsMpSvc - ok
19:40:29.0336 3792 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:29.0337 3792 MSPCLOCK - ok
19:40:29.0338 3792 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:29.0339 3792 MSPQM - ok
19:40:29.0343 3792 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:29.0345 3792 MsRPC - ok
19:40:29.0348 3792 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:40:29.0348 3792 mssmbios - ok
19:40:29.0350 3792 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:29.0351 3792 MSTEE - ok
19:40:29.0352 3792 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:29.0353 3792 MTConfig - ok
19:40:29.0355 3792 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:29.0355 3792 Mup - ok
19:40:29.0359 3792 [ 2E6A752E8BB8FF39B5DFCCADD31F6C00 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
19:40:29.0361 3792 mvs91xx - ok
19:40:29.0366 3792 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:40:29.0369 3792 napagent - ok
19:40:29.0373 3792 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:29.0376 3792 NativeWifiP - ok
19:40:29.0383 3792 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:29.0388 3792 NDIS - ok
19:40:29.0391 3792 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:29.0391 3792 NdisCap - ok
19:40:29.0393 3792 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:29.0394 3792 NdisTapi - ok
19:40:29.0396 3792 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:29.0396 3792 Ndisuio - ok
19:40:29.0399 3792 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:29.0401 3792 NdisWan - ok
19:40:29.0403 3792 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:29.0403 3792 NDProxy - ok
19:40:29.0405 3792 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:29.0406 3792 NetBIOS - ok
19:40:29.0409 3792 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:40:29.0411 3792 NetBT - ok
19:40:29.0413 3792 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:40:29.0413 3792 Netlogon - ok
19:40:29.0417 3792 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:40:29.0420 3792 Netman - ok
19:40:29.0428 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:29.0431 3792 NetMsmqActivator - ok
19:40:29.0432 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:29.0433 3792 NetPipeActivator - ok
19:40:29.0438 3792 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:40:29.0441 3792 netprofm - ok
19:40:29.0443 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:29.0444 3792 NetTcpActivator - ok
19:40:29.0446 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:29.0446 3792 NetTcpPortSharing - ok
19:40:29.0449 3792 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:29.0449 3792 nfrd960 - ok
19:40:29.0452 3792 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:40:29.0452 3792 NisDrv - ok
19:40:29.0456 3792 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:40:29.0459 3792 NisSrv - ok
19:40:29.0463 3792 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:29.0465 3792 NlaSvc - ok
19:40:29.0467 3792 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:29.0468 3792 Npfs - ok
19:40:29.0470 3792 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:40:29.0471 3792 nsi - ok
19:40:29.0472 3792 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:29.0473 3792 nsiproxy - ok
19:40:29.0485 3792 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:29.0495 3792 Ntfs - ok
19:40:29.0497 3792 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:40:29.0497 3792 Null - ok
19:40:29.0500 3792 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:40:29.0501 3792 NVHDA - ok
19:40:29.0595 3792 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:40:29.0634 3792 nvlddmkm - ok
19:40:29.0639 3792 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:40:29.0641 3792 nvraid - ok
19:40:29.0643 3792 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:29.0645 3792 nvstor - ok
19:40:29.0653 3792 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
19:40:29.0659 3792 NVSvc - ok
19:40:29.0669 3792 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:40:29.0676 3792 nvUpdatusService - ok
19:40:29.0679 3792 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:40:29.0681 3792 nv_agp - ok
19:40:29.0687 3792 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:40:29.0691 3792 odserv - ok
19:40:29.0693 3792 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:40:29.0695 3792 ohci1394 - ok
19:40:29.0697 3792 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:29.0699 3792 ose - ok
19:40:29.0704 3792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:40:29.0707 3792 p2pimsvc - ok
19:40:29.0711 3792 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:29.0715 3792 p2psvc - ok
19:40:29.0717 3792 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:40:29.0718 3792 Parport - ok
19:40:29.0720 3792 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:29.0721 3792 partmgr - ok
19:40:29.0724 3792 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:29.0727 3792 PcaSvc - ok
19:40:29.0730 3792 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:40:29.0731 3792 pci - ok
19:40:29.0733 3792 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:40:29.0733 3792 pciide - ok
19:40:29.0737 3792 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:29.0739 3792 pcmcia - ok
19:40:29.0740 3792 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:40:29.0741 3792 pcw - ok
19:40:29.0746 3792 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:29.0750 3792 PEAUTH - ok
19:40:29.0760 3792 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:40:29.0769 3792 PeerDistSvc - ok
19:40:29.0792 3792 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:40:29.0793 3792 PerfHost - ok
19:40:29.0805 3792 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:40:29.0814 3792 pla - ok
19:40:29.0819 3792 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:29.0823 3792 PlugPlay - ok
19:40:29.0826 3792 PnkBstrA - ok
19:40:29.0828 3792 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:40:29.0829 3792 PNRPAutoReg - ok
19:40:29.0832 3792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:40:29.0834 3792 PNRPsvc - ok
19:40:29.0839 3792 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:29.0842 3792 PolicyAgent - ok
19:40:29.0846 3792 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:40:29.0848 3792 Power - ok
19:40:29.0851 3792 [ B0E7D5D2CFAA6ED5F20EB8B84A35E593 ] pppop C:\Windows\system32\DRIVERS\pppop64.sys
19:40:29.0852 3792 pppop - ok
19:40:29.0854 3792 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:29.0855 3792 PptpMiniport - ok
19:40:29.0857 3792 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:40:29.0858 3792 Processor - ok
19:40:29.0861 3792 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:29.0863 3792 ProfSvc - ok
19:40:29.0866 3792 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:29.0867 3792 ProtectedStorage - ok
19:40:29.0870 3792 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:40:29.0871 3792 Psched - ok
19:40:29.0881 3792 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:40:29.0890 3792 ql2300 - ok
19:40:29.0893 3792 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:29.0895 3792 ql40xx - ok
19:40:29.0898 3792 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:40:29.0900 3792 QWAVE - ok
19:40:29.0902 3792 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:29.0903 3792 QWAVEdrv - ok
19:40:29.0904 3792 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:29.0905 3792 RasAcd - ok
19:40:29.0907 3792 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:29.0908 3792 RasAgileVpn - ok
19:40:29.0910 3792 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:29.0912 3792 RasAuto - ok
19:40:29.0915 3792 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:29.0916 3792 Rasl2tp - ok
19:40:29.0920 3792 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:40:29.0923 3792 RasMan - ok
19:40:29.0925 3792 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:29.0926 3792 RasPppoe - ok
19:40:29.0928 3792 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:29.0929 3792 RasSstp - ok
19:40:29.0932 3792 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:29.0935 3792 rdbss - ok
19:40:29.0937 3792 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:29.0937 3792 rdpbus - ok
19:40:29.0939 3792 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:29.0939 3792 RDPCDD - ok
19:40:29.0943 3792 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:40:29.0944 3792 RDPDR - ok
19:40:29.0946 3792 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:29.0947 3792 RDPENCDD - ok
19:40:29.0949 3792 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:40:29.0949 3792 RDPREFMP - ok
19:40:29.0952 3792 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:29.0954 3792 RDPWD - ok
19:40:29.0958 3792 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:40:29.0959 3792 rdyboost - ok
19:40:29.0962 3792 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:29.0963 3792 RemoteAccess - ok
19:40:29.0966 3792 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:29.0967 3792 RemoteRegistry - ok
19:40:29.0970 3792 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:40:29.0971 3792 RpcEptMapper - ok
19:40:29.0972 3792 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:40:29.0973 3792 RpcLocator - ok
19:40:29.0978 3792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:40:29.0980 3792 RpcSs - ok
19:40:29.0982 3792 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:29.0983 3792 rspndr - ok
19:40:29.0985 3792 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:40:29.0985 3792 s3cap - ok
19:40:29.0987 3792 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:40:29.0988 3792 SamSs - ok
19:40:29.0990 3792 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:40:29.0991 3792 sbp2port - ok
19:40:29.0994 3792 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:29.0996 3792 SCardSvr - ok
19:40:30.0001 3792 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
19:40:30.0005 3792 SCBackService - ok
19:40:30.0007 3792 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:40:30.0007 3792 scfilter - ok
19:40:30.0015 3792 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:40:30.0022 3792 Schedule - ok
19:40:30.0025 3792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:30.0025 3792 SCPolicySvc - ok
19:40:30.0028 3792 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:30.0030 3792 SDRSVC - ok
19:40:30.0032 3792 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:30.0033 3792 secdrv - ok
19:40:30.0034 3792 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:40:30.0035 3792 seclogon - ok
19:40:30.0038 3792 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:40:30.0039 3792 SENS - ok
19:40:30.0040 3792 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:40:30.0042 3792 SensrSvc - ok
19:40:30.0043 3792 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:40:30.0044 3792 Serenum - ok
19:40:30.0046 3792 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:40:30.0047 3792 Serial - ok
19:40:30.0049 3792 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:40:30.0050 3792 sermouse - ok
19:40:30.0054 3792 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:30.0055 3792 SessionEnv - ok
19:40:30.0057 3792 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:40:30.0058 3792 sffdisk - ok
19:40:30.0060 3792 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:40:30.0060 3792 sffp_mmc - ok
19:40:30.0062 3792 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:40:30.0063 3792 sffp_sd - ok
19:40:30.0065 3792 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:30.0065 3792 sfloppy - ok
19:40:30.0069 3792 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:40:30.0072 3792 SharedAccess - ok
19:40:30.0076 3792 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:30.0079 3792 ShellHWDetection - ok
19:40:30.0081 3792 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:30.0082 3792 SiSRaid2 - ok
19:40:30.0084 3792 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:30.0085 3792 SiSRaid4 - ok
19:40:30.0089 3792 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:40:30.0090 3792 SkypeUpdate - ok
19:40:30.0091 3792 SmartViewService - ok
19:40:30.0094 3792 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:30.0095 3792 Smb - ok
19:40:30.0099 3792 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:30.0100 3792 SNMPTRAP - ok
19:40:30.0101 3792 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:30.0102 3792 spldr - ok
19:40:30.0107 3792 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:30.0111 3792 Spooler - ok
19:40:30.0133 3792 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:40:30.0153 3792 sppsvc - ok
19:40:30.0156 3792 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:40:30.0157 3792 sppuinotify - ok
19:40:30.0161 3792 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:40:30.0165 3792 srv - ok
19:40:30.0169 3792 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:40:30.0172 3792 srv2 - ok
19:40:30.0175 3792 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:40:30.0177 3792 srvnet - ok
19:40:30.0180 3792 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:40:30.0182 3792 SSDPSRV - ok
19:40:30.0184 3792 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:40:30.0185 3792 SstpSvc - ok
19:40:30.0188 3792 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:40:30.0190 3792 ssudmdm - ok
19:40:30.0192 3792 Steam Client Service - ok
19:40:30.0198 3792 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:40:30.0201 3792 Stereo Service - ok
19:40:30.0203 3792 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:40:30.0204 3792 stexstor - ok
19:40:30.0209 3792 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:40:30.0213 3792 stisvc - ok
19:40:30.0215 3792 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:40:30.0215 3792 storflt - ok
19:40:30.0217 3792 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:40:30.0218 3792 StorSvc - ok
19:40:30.0220 3792 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:40:30.0221 3792 storvsc - ok
19:40:30.0223 3792 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:40:30.0223 3792 swenum - ok
19:40:30.0228 3792 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:40:30.0231 3792 SwitchBoard - ok
19:40:30.0236 3792 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:40:30.0240 3792 swprv - ok
19:40:30.0251 3792 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:40:30.0262 3792 SysMain - ok
19:40:30.0265 3792 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:30.0266 3792 TabletInputService - ok
19:40:30.0270 3792 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:40:30.0273 3792 TapiSrv - ok
19:40:30.0275 3792 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:40:30.0276 3792 TBS - ok
19:40:30.0289 3792 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:40:30.0300 3792 Tcpip - ok
19:40:30.0313 3792 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:40:30.0318 3792 TCPIP6 - ok
19:40:30.0321 3792 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:40:30.0322 3792 tcpipreg - ok
19:40:30.0324 3792 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:40:30.0325 3792 TDPIPE - ok
19:40:30.0327 3792 [ 03E62CD83A62859F4F796434EE6C385E ] Tdsshbecr C:\Windows\system32\DRIVERS\shbecr.sys
19:40:30.0328 3792 Tdsshbecr - ok
19:40:30.0330 3792 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:40:30.0331 3792 TDTCP - ok
19:40:30.0333 3792 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:40:30.0334 3792 tdx - ok
19:40:30.0336 3792 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:40:30.0337 3792 TermDD - ok
19:40:30.0342 3792 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:40:30.0347 3792 TermService - ok
19:40:30.0349 3792 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:40:30.0350 3792 Themes - ok
19:40:30.0352 3792 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:40:30.0353 3792 THREADORDER - ok
19:40:30.0356 3792 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:40:30.0357 3792 TrkWks - ok
19:40:30.0360 3792 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:30.0362 3792 TrustedInstaller - ok
19:40:30.0364 3792 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:30.0365 3792 tssecsrv - ok
19:40:30.0367 3792 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:40:30.0368 3792 TsUsbFlt - ok
19:40:30.0370 3792 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:40:30.0371 3792 tunnel - ok
19:40:30.0373 3792 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:40:30.0374 3792 uagp35 - ok
19:40:30.0378 3792 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:40:30.0380 3792 udfs - ok
19:40:30.0384 3792 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:40:30.0385 3792 UI0Detect - ok
19:40:30.0387 3792 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:40:30.0388 3792 uliagpkx - ok
19:40:30.0390 3792 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:40:30.0391 3792 umbus - ok
19:40:30.0392 3792 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:40:30.0393 3792 UmPass - ok
19:40:30.0396 3792 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:40:30.0398 3792 UmRdpService - ok
19:40:30.0416 3792 [ CD114CE02A10FA79C229770788106842 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:40:30.0431 3792 UNS - ok
19:40:30.0436 3792 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:40:30.0439 3792 upnphost - ok
19:40:30.0441 3792 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:40:30.0443 3792 usbaudio - ok
19:40:30.0445 3792 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:30.0446 3792 usbccgp - ok
19:40:30.0448 3792 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:40:30.0449 3792 usbcir - ok
19:40:30.0452 3792 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:40:30.0452 3792 usbehci - ok
19:40:30.0456 3792 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:40:30.0459 3792 usbhub - ok
19:40:30.0461 3792 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:40:30.0461 3792 usbohci - ok
19:40:30.0463 3792 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:40:30.0464 3792 usbprint - ok
19:40:30.0466 3792 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:30.0467 3792 USBSTOR - ok
19:40:30.0469 3792 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:40:30.0470 3792 usbuhci - ok
19:40:30.0472 3792 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:40:30.0473 3792 UxSms - ok
19:40:30.0475 3792 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:40:30.0475 3792 VaultSvc - ok
19:40:30.0477 3792 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:40:30.0478 3792 VClone - ok
19:40:30.0479 3792 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:40:30.0480 3792 vdrvroot - ok
19:40:30.0485 3792 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:40:30.0489 3792 vds - ok
19:40:30.0491 3792 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:30.0492 3792 vga - ok
19:40:30.0493 3792 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:40:30.0494 3792 VgaSave - ok
19:40:30.0497 3792 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:40:30.0499 3792 vhdmp - ok
19:40:30.0501 3792 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:40:30.0501 3792 viaide - ok
19:40:30.0504 3792 [ 639AC4E25B001CC471872A77E20A4CAB ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
19:40:30.0510 3792 VirtuWDDM - ok
19:40:30.0513 3792 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:40:30.0515 3792 vmbus - ok
19:40:30.0516 3792 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:40:30.0517 3792 VMBusHID - ok
19:40:30.0519 3792 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:40:30.0520 3792 volmgr - ok
19:40:30.0524 3792 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:30.0527 3792 volmgrx - ok
19:40:30.0530 3792 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:40:30.0532 3792 volsnap - ok
19:40:30.0535 3792 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:40:30.0537 3792 vsmraid - ok
19:40:30.0548 3792 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:40:30.0558 3792 VSS - ok
19:40:30.0560 3792 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:40:30.0560 3792 vwifibus - ok
19:40:30.0564 3792 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:40:30.0568 3792 W32Time - ok
19:40:30.0570 3792 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:40:30.0571 3792 WacomPen - ok
19:40:30.0573 3792 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:40:30.0575 3792 WANARP - ok
19:40:30.0577 3792 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:40:30.0577 3792 Wanarpv6 - ok
19:40:30.0586 3792 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:40:30.0594 3792 WatAdminSvc - ok
19:40:30.0605 3792 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:40:30.0614 3792 wbengine - ok
19:40:30.0617 3792 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:40:30.0620 3792 WbioSrvc - ok
19:40:30.0624 3792 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:40:30.0627 3792 wcncsvc - ok
19:40:30.0629 3792 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:30.0630 3792 WcsPlugInService - ok
19:40:30.0632 3792 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:40:30.0632 3792 Wd - ok
19:40:30.0638 3792 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:40:30.0642 3792 Wdf01000 - ok
19:40:30.0644 3792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:40:30.0645 3792 WdiServiceHost - ok
19:40:30.0647 3792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:40:30.0648 3792 WdiSystemHost - ok
19:40:30.0651 3792 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:40:30.0654 3792 WebClient - ok
19:40:30.0657 3792 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:40:30.0660 3792 Wecsvc - ok
19:40:30.0662 3792 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:40:30.0663 3792 wercplsupport - ok
19:40:30.0666 3792 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:40:30.0667 3792 WerSvc - ok
19:40:30.0669 3792 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:40:30.0670 3792 WfpLwf - ok
19:40:30.0671 3792 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:40:30.0672 3792 WIMMount - ok
19:40:30.0673 3792 WinDefend - ok
19:40:30.0676 3792 WinHttpAutoProxySvc - ok
19:40:30.0682 3792 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:40:30.0684 3792 Winmgmt - ok
19:40:30.0697 3792 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:40:30.0709 3792 WinRM - ok
19:40:30.0713 3792 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:40:30.0719 3792 WinUsb - ok
19:40:30.0726 3792 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:40:30.0732 3792 Wlansvc - ok
19:40:30.0749 3792 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:40:30.0762 3792 wlidsvc - ok
19:40:30.0765 3792 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:40:30.0765 3792 WmiAcpi - ok
19:40:30.0768 3792 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:40:30.0770 3792 wmiApSrv - ok
19:40:30.0772 3792 WMPNetworkSvc - ok
19:40:30.0774 3792 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:40:30.0775 3792 WPCSvc - ok
19:40:30.0777 3792 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:40:30.0779 3792 WPDBusEnum - ok
19:40:30.0781 3792 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:40:30.0781 3792 ws2ifsl - ok
19:40:30.0784 3792 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:40:30.0786 3792 wscsvc - ok
19:40:30.0787 3792 WSearch - ok
19:40:30.0804 3792 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:40:30.0818 3792 wuauserv - ok
19:40:30.0821 3792 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:40:30.0822 3792 WudfPf - ok
19:40:30.0825 3792 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:30.0827 3792 WUDFRd - ok
19:40:30.0829 3792 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:40:30.0830 3792 wudfsvc - ok
19:40:30.0834 3792 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:40:30.0836 3792 WwanSvc - ok
19:40:30.0838 3792 ================ Scan global ===============================
19:40:30.0840 3792 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:40:30.0843 3792 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:40:30.0847 3792 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:40:30.0850 3792 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:40:30.0854 3792 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:40:30.0867 3792 [Global] - ok
19:40:30.0867 3792 ================ Scan MBR ==================================
19:40:30.0868 3792 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:30.0945 3792 \Device\Harddisk0\DR0 - ok
19:40:30.0947 3792 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:40:31.0623 3792 \Device\Harddisk1\DR1 - ok
19:40:31.0624 3792 ================ Scan VBR ==================================
19:40:31.0626 3792 [ 0CCC6E2E3D8AC95C4F0B9521F8262202 ] \Device\Harddisk0\DR0\Partition1
19:40:31.0628 3792 \Device\Harddisk0\DR0\Partition1 - ok
19:40:31.0631 3792 [ AC364DC6A96C011C61863DA1A43B65DE ] \Device\Harddisk1\DR1\Partition1
19:40:31.0633 3792 \Device\Harddisk1\DR1\Partition1 - ok
19:40:31.0633 3792 ============================================================
19:40:31.0633 3792 Scan finished
19:40:31.0633 3792 ============================================================
19:40:31.0643 4388 Detected object count: 0
19:40:31.0643 4388 Actual detected object count: 0
19:43:29.0051 4320 Deinitialize success




RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Scan -- Date : 11/03/2012 19:46:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[TASK][SUSP PATH] {BFD527F5-EE69-40FA-9F38-F7F58F5AFC27} : C:\Windows\system32\pcalua.exe -a C:\Users\Jeff\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Windows\system32 -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{97f62e94-8c58-be33-546b-0000d1b88a1b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{97f62e94-8c58-be33-546b-0000d1b88a1b}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] d63b1b06b743c99d434c08786fb72199
[BSP] f1423ddd66c152e7ff749a9fb3149e41 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 305b42d56353336bed67ed27ed54bd0f
[BSP] ea0cf94f120094dd68e8a20f55661ac2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11032012_02d1946.txt >>
RKreport[1]_S_11032012_02d1946.txt




RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Remove -- Date : 11/03/2012 19:47:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> DELETED
[TASK][SUSP PATH] {BFD527F5-EE69-40FA-9F38-F7F58F5AFC27} : C:\Windows\system32\pcalua.exe -a C:\Users\Jeff\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Windows\system32 -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{97f62e94-8c58-be33-546b-0000d1b88a1b}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{97f62e94-8c58-be33-546b-0000d1b88a1b}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] d63b1b06b743c99d434c08786fb72199
[BSP] f1423ddd66c152e7ff749a9fb3149e41 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 305b42d56353336bed67ed27ed54bd0f
[BSP] ea0cf94f120094dd68e8a20f55661ac2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11032012_02d1947.txt >>
RKreport[1]_S_11032012_02d1946.txt ; RKreport[2]_D_11032012_02d1947.txt




RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/03/2012 19:49:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 88 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 213 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\CdRom2 -- 0x5 --> Skipped

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[3]_SC_11032012_02d1949.txt >>
RKreport[1]_S_11032012_02d1946.txt ; RKreport[2]_D_11032012_02d1947.txt ; RKreport[3]_SC_11032012_02d1949.txt

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 01:57 PM

that's looking better,

please re-run ComboFix, allow it to update if it asks to do so, post the resulting log

(remember to disable your security programs)

also, please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 02:10 PM

Here is the Combofix log. I will restart my computer after I post this and see what happens. I am soooo greatful for the fast help I'm getting :thumbsup:


ComboFix 12-11-03.02 - Jeff 2012-11-03 20:02:42.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16297.14270 [GMT 1:00]
Körs från: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((( Filer skapade från 2012-10-03 till 2012-11-03 ))))))))))))))))))))))))))))))
.
.
2012-11-03 19:05 . 2012-11-03 19:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-03 19:05 . 2012-11-03 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Local\Samsung
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Roaming\Samsung
2012-11-01 17:49 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-11-01 17:49 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-11-01 17:48 . 2012-09-26 19:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\MarkAny
2012-11-01 17:48 . 2012-09-26 19:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\Samsung
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\programdata\Samsung
2012-10-30 21:43 . 2012-10-30 21:43 -------- d-----w- c:\users\Jeff\AppData\Local\FLT
2012-10-30 21:01 . 2012-10-30 21:01 -------- d-----w- c:\users\Jeff\AppData\Local\Programs
2012-10-25 23:34 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 22:41 . 2012-10-25 22:41 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-10-25 22:40 . 2012-10-25 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 22:40 . 2012-10-25 22:40 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 14:33 . 2012-10-24 14:33 -------- d-----w- C:\Ladok94
2012-10-24 12:15 . 2012-10-24 12:15 -------- d-----w- c:\users\Jeff\AppData\Local\Square Enix
2012-10-21 08:43 . 2012-10-03 10:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{395753F9-1C71-4F8D-AF15-FF607FB22F94}\gapaengine.dll
2012-10-19 19:06 . 2012-10-19 19:06 -------- d-s---w- c:\programdata\SecuROM
2012-10-17 19:14 . 2012-10-17 19:14 -------- d-----w- c:\program files (x86)\Fortinet
2012-10-16 19:29 . 2012-10-16 19:29 -------- d-----w- c:\users\Jeff\AppData\Local\Apple Computer
2012-10-16 15:22 . 2012-10-16 15:22 -------- d-----w- c:\users\Jeff\AppData\Roaming\MPEG Streamclip
2012-10-16 15:19 . 2012-09-24 21:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 15:18 . 2012-09-24 21:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 17:48 . 2012-10-11 17:48 -------- d-----w- c:\programdata\RELOADED
2012-10-10 17:18 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-06 13:26 . 2012-10-06 13:26 -------- d-----w- c:\users\Jeff\AppData\Roaming\Apple Computer
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\programdata\Apple Computer
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\users\Jeff\AppData\Local\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 10:48 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-10-26 11:08 . 2011-09-21 14:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 11:08 . 2011-09-20 21:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 19:41 . 2011-09-20 21:26 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-10 22:23 . 2011-09-30 15:09 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 09:10 . 2012-10-04 09:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-03 10:04 . 2011-10-12 08:59 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 22:21 . 2012-09-16 18:25 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-02-21 11:59 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-02-21 11:59 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-02-21 11:59 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-02-21 11:59 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2011-09-20 22:08 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2011-09-20 22:08 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-09-20 20:57 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2011-09-20 20:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 19:51 . 2012-02-21 12:00 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-23 22:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-23 22:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-23 22:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-23 22:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-23 22:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-23 22:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-26 19:57 . 2012-09-26 19:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-09-26 19:57 . 2012-09-26 19:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 19:57 . 2012-09-26 19:57 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-09-26 19:57 . 2012-09-26 19:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-09-26 19:57 . 2012-09-26 19:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-09-26 19:57 . 2012-09-26 19:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-09-26 19:57 . 2012-09-26 19:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-09-26 19:57 . 2012-09-26 19:57 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-09-26 19:57 . 2012-09-26 19:57 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-09-26 19:57 . 2012-09-26 19:57 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-09-26 19:57 . 2012-09-26 19:57 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-09-26 19:57 . 2012-09-26 19:57 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-09-26 19:57 . 2012-09-26 19:57 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-09-26 19:57 . 2012-09-26 19:57 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-09-26 19:57 . 2012-09-26 19:57 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-09-26 19:57 . 2012-09-26 19:57 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-22 14:22 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 14:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 14:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 14:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 14:22 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 14:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 14:22 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 14:22 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 14:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 14:22 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 14:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 14:22 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 14:22 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 14:22 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 14:22 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 14:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:22 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-13 08:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 08:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 08:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 08:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Spotify Web Helper"="c:\users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-21 4942336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Gaming 3"="c:\ace edge3200\EDGE 3200.exe" [2010-10-21 3715072]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2011-04-20 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-15 1431888]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-09-21 31808]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-28 50176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-21 15936]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gd9dgpom.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\program\Fallout New Vegas\unins000.exe
AddRemove-Mafia II_is1 - d:\program\Mafia II\unins000.exe
AddRemove-Postal 2_is1 - d:\program\Portal 2\unins000.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-11-03 20:05:55
ComboFix-quarantined-files.txt 2012-11-03 19:05
ComboFix2.txt 2012-11-03 12:46
.
Före genomsökningen: 12 434 640 896 byte ledigt
Efter genomsökningen: 12 095 569 920 byte ledigt
.
- - End Of File - - 84D39DEA0DCA4A52C3E5CA2032B2435B

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 02:24 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 02:25 PM

There's still the problems with windows media player. That I can't change the network settings for streaming and therefore my ps3 can't find my computer either like it did before. Basically I can't activate "media direct play"(rough translation from swedish :whistle: ). When I click the icon "activate" nothing happens. This and Microsoft security essentials won't boot at startup, actually I believe it boots but the system tray icon for it doesn't show until I start it manually.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 03:05 PM

we posted at the same time, please don't miss my post with further instructions


Please try uninstalling Microsoft Security essentials and then download a fresh copy and re-install it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 03:38 PM

The eset online scanner is currently running 55 min at the moment, but there's some way still to go. I'll send you the other logs for now and then the eset one when it's done. I'll try to re-install MSE after ESET is done.


# AdwCleaner v2.006 - Logfile created 11/03/2012 at 20:27:55
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jeff - JEFF-STATIONÄR
# Boot Mode : Normal
# Running from : C:\Users\Jeff\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\splashtop
Folder Deleted : C:\ProgramData\splashtop
Folder Deleted : C:\Users\Jeff\AppData\Roaming\splashtop

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (sv-SE)

Profile name : default
File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gd9dgpom.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1977 octets] - [03/11/2012 20:27:42]
AdwCleaner[S1].txt - [1937 octets] - [03/11/2012 20:27:55]

########## EOF - C:\AdwCleaner[S1].txt - [1997 octets] ##########




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Databasversion: v2012.11.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeff :: JEFF-STATIONÄR [administratör]

2012-11-03 20:32:44
mbam-log-2012-11-03 (20-32-44).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 230114
Förfluten tid: 38 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

#12 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 05:54 PM

The results from the eset scan.


C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:\Program Files (x86)\Rhinoceros 4.0\System\Rhino 4.0 SR8 PATCH.exe probably a variant of Win32/HackTool.Patcher.A application
D:\Download\Max.Payne.3-RELOADED\DVD4\rld-mp3d.iso a variant of Win32/Packed.VMProtect.AAH trojan
D:\Download\Rhinoceros 4.0 SR8 & PATCH_By RREEXX [ARG]\Rhinoceros 4.0 SR8.iso Win32/HackTool.Patcher.A application
D:\Download\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso a variant of Win32/Packed.VMProtect.AAA trojan
D:\Installerade Program\LA Noire\La Noire 60 fps tool.EXE a variant of Win32/HackTool.CheatEngine.AF application
D:\Installerade Program\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan
D:\Installerade Program\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
D:\Mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\adobemasterkeygen55-multi.exe Win32/Keygen.CB application
D:\Mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\WIN\disable_activation.cmd BAT/HostsChanger.A application
D:\Mjukvara\autocad2012 x64\x-force_2012_x64.exe Win32/Keygen.BL application
D:\Mjukvara\CS5 Master Collection EN Retail NLUPPER\CS5 Master Collection EN Retail\Disk 1\MasterCollection_CS5_D1_Win.iso BAT/HostsChanger.A application
D:\Mjukvara\Rhino3D\rh40sr_en_20090226\patch.exe a variant of Win32/HackTool.Patcher.T application
D:\Mjukvara\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar probably a variant of Win32/Agent.JGIFYBE trojan

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 06:14 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\Rhinoceros 4.0\System\Rhino 4.0 SR8 PATCH.exe 
D:\Download\Max.Payne.3-RELOADED\DVD4\rld-mp3d.iso 
D:\Download\Rhinoceros 4.0 SR8 & PATCH_By RREEXX [ARG]\Rhinoceros 4.0 SR8.iso 
D:\Download\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso 
D:\Installerade Program\LA Noire\La Noire 60 fps tool.EXE 
D:\Installerade Program\Max Payne 3\gsrld.dll 
D:\Installerade Program\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll 
D:\Mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\adobemasterkeygen55-multi.exe 
D:\Mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\WIN\disable_activation.cmd 
D:\Mjukvara\autocad2012 x64\x-force_2012_x64.exe 
D:\Mjukvara\CS5 Master Collection EN Retail NLUPPER\CS5 Master Collection EN Retail\Disk 1\MasterCollection_CS5_D1_Win.iso 
D:\Mjukvara\Rhino3D\rh40sr_en_20090226\patch.exe 
D:\Mjukvara\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Jeff_86_

Jeff_86_
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 November 2012 - 07:11 PM

I re-installed MSE and it's back in the system tray so that's solved. I checked windows media player as well but that problem remains unfortunately. I still can't activate direct play.


ComboFix 12-11-04.01 - Jeff 2012-11-04 0:46.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16297.14180 [GMT 1:00]
Körs från: c:\users\Jeff\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Jeff\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Rhinoceros 4.0\System\Rhino 4.0 SR8 PATCH.exe"
"d:\download\Max.Payne.3-RELOADED\DVD4\rld-mp3d.iso"
"d:\download\Rhinoceros 4.0 SR8 & PATCH_By RREEXX [ARG]\Rhinoceros 4.0 SR8.iso"
"d:\download\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso"
"d:\installerade program\LA Noire\La Noire 60 fps tool.EXE"
"d:\installerade program\Max Payne 3\gsrld.dll"
"d:\installerade program\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
"d:\mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\adobemasterkeygen55-multi.exe"
"d:\mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\WIN\disable_activation.cmd"
"d:\mjukvara\autocad2012 x64\x-force_2012_x64.exe"
"d:\mjukvara\CS5 Master Collection EN Retail NLUPPER\CS5 Master Collection EN Retail\Disk 1\MasterCollection_CS5_D1_Win.iso"
"d:\mjukvara\Rhino3D\rh40sr_en_20090226\patch.exe"
"d:\mjukvara\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar"
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Rhinoceros 4.0\System\Rhino 4.0 SR8 PATCH.exe
d:\download\Max.Payne.3-RELOADED\DVD4\rld-mp3d.iso
d:\download\Rhinoceros 4.0 SR8 & PATCH_By RREEXX [ARG]\Rhinoceros 4.0 SR8.iso
d:\download\Tom.Clancys.Splinter.Cell.Conviction-SKIDROW\sr-tcscc.iso
d:\installerade program\LA Noire\La Noire 60 fps tool.EXE
d:\installerade program\Max Payne 3\gsrld.dll
d:\installerade program\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll
d:\mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\adobemasterkeygen55-multi.exe
d:\mjukvara\ADOBE.CS5.5.MASTER.COLLECTION.KEYGEN.UPDATE.WIN.OSX-XFORCE\Crack\WIN\disable_activation.cmd
d:\mjukvara\autocad2012 x64\x-force_2012_x64.exe
d:\mjukvara\CS5 Master Collection EN Retail NLUPPER\CS5 Master Collection EN Retail\Disk 1\MasterCollection_CS5_D1_Win.iso
d:\mjukvara\Rhino3D\rh40sr_en_20090226\patch.exe
d:\mjukvara\Rhino3D\RhinoMarine\RhinoMarine.v4.0.1.rar
.
.
(((((((((((((((((((((((( Filer skapade från 2012-10-03 till 2012-11-03 ))))))))))))))))))))))))))))))
.
.
2012-11-03 23:48 . 2012-11-03 23:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-03 23:48 . 2012-11-03 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 23:12 . 2012-11-03 23:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0047A2BD-7C34-4D29-896C-9845FF9B259B}\offreg.dll
2012-11-03 23:09 . 2012-11-03 23:09 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD5F7D-C226-4C96-B712-1E2D9C224053}\gapaengine.dll
2012-11-03 23:09 . 2012-10-11 23:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0047A2BD-7C34-4D29-896C-9845FF9B259B}\mpengine.dll
2012-11-03 23:08 . 2012-11-03 23:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-03 23:08 . 2012-11-03 23:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-03 19:36 . 2012-11-03 19:36 -------- d-----w- c:\program files (x86)\ESET
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Local\Samsung
2012-11-01 17:49 . 2012-11-01 17:49 -------- d-----w- c:\users\Jeff\AppData\Roaming\Samsung
2012-11-01 17:49 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-11-01 17:49 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-11-01 17:48 . 2012-09-26 19:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\MarkAny
2012-11-01 17:48 . 2012-09-26 19:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\program files (x86)\Samsung
2012-11-01 17:48 . 2012-11-01 17:48 -------- d-----w- c:\programdata\Samsung
2012-10-30 21:43 . 2012-10-30 21:43 -------- d-----w- c:\users\Jeff\AppData\Local\FLT
2012-10-30 21:01 . 2012-10-30 21:01 -------- d-----w- c:\users\Jeff\AppData\Local\Programs
2012-10-25 23:34 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 22:41 . 2012-10-25 22:41 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-10-25 22:40 . 2012-10-25 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-25 22:40 . 2012-10-25 22:40 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 14:33 . 2012-10-24 14:33 -------- d-----w- C:\Ladok94
2012-10-24 12:15 . 2012-10-24 12:15 -------- d-----w- c:\users\Jeff\AppData\Local\Square Enix
2012-10-19 19:06 . 2012-10-19 19:06 -------- d-s---w- c:\programdata\SecuROM
2012-10-17 19:14 . 2012-10-17 19:14 -------- d-----w- c:\program files (x86)\Fortinet
2012-10-16 19:29 . 2012-10-16 19:29 -------- d-----w- c:\users\Jeff\AppData\Local\Apple Computer
2012-10-16 15:22 . 2012-10-16 15:22 -------- d-----w- c:\users\Jeff\AppData\Roaming\MPEG Streamclip
2012-10-16 15:19 . 2012-09-24 21:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 15:18 . 2012-09-24 21:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 17:48 . 2012-10-11 17:48 -------- d-----w- c:\programdata\RELOADED
2012-10-10 17:18 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-06 13:26 . 2012-10-06 13:26 -------- d-----w- c:\users\Jeff\AppData\Roaming\Apple Computer
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-05 19:25 . 2012-10-05 19:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-05 19:25 . 2012-10-05 19:25 -------- d-----w- c:\programdata\Apple Computer
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\users\Jeff\AppData\Local\Apple
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-10-05 19:24 . 2012-10-05 19:24 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 10:48 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-10-26 11:08 . 2011-09-21 14:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 11:08 . 2011-09-20 21:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 19:41 . 2011-09-20 21:26 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-10 22:23 . 2011-09-30 15:09 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 09:10 . 2012-10-04 09:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-02 22:21 . 2012-09-16 18:25 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-02-21 11:59 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-02-21 11:59 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-02-21 11:59 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-02-21 11:59 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2011-09-20 22:08 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2011-09-20 22:08 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-09-20 20:57 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2011-09-20 20:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 19:51 . 2012-02-21 12:00 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-23 22:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-23 22:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-23 22:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-23 22:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-23 22:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-23 22:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-26 19:57 . 2012-09-26 19:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-09-26 19:57 . 2012-09-26 19:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 19:57 . 2012-09-26 19:57 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-09-26 19:57 . 2012-09-26 19:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-09-26 19:57 . 2012-09-26 19:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 19:57 . 2012-09-26 19:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 19:57 . 2012-09-26 19:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-09-26 19:57 . 2012-09-26 19:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-09-26 19:57 . 2012-09-26 19:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-09-26 19:57 . 2012-09-26 19:57 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-09-26 19:57 . 2012-09-26 19:57 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-09-26 19:57 . 2012-09-26 19:57 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-09-26 19:57 . 2012-09-26 19:57 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-09-26 19:57 . 2012-09-26 19:57 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-09-26 19:57 . 2012-09-26 19:57 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-09-26 19:57 . 2012-09-26 19:57 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-09-26 19:57 . 2012-09-26 19:57 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-09-26 19:57 . 2012-09-26 19:57 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-09-26 19:57 . 2012-09-26 19:57 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-09-26 19:57 . 2012-09-26 19:57 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-09-26 19:57 . 2012-09-26 19:57 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2012-08-30 21:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-22 14:22 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 14:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 14:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 14:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 14:22 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 14:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 14:22 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 14:22 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 14:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 14:22 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 14:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 14:22 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 14:22 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 14:22 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 14:22 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 14:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:22 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-13 08:56 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 08:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 08:56 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 08:56 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Spotify Web Helper"="c:\users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-21 4942336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Gaming 3"="c:\ace edge3200\EDGE 3200.exe" [2010-10-21 3715072]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2011-04-20 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-15 1431888]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-09-21 31808]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-28 50176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-21 15936]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - MPFILTER
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 17:53]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700642841-2051243060-1395227626-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gd9dgpom.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
URLSearchHooks-{0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
Wow6432Node-HKLM-Run-STCAgent - c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe
Wow6432Node-HKLM-Run-ZyngaGamesAgent - c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\program\Fallout New Vegas\unins000.exe
AddRemove-Mafia II_is1 - d:\program\Mafia II\unins000.exe
AddRemove-Postal 2_is1 - d:\program\Portal 2\unins000.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-11-04 00:51:44
ComboFix-quarantined-files.txt 2012-11-03 23:51
ComboFix2.txt 2012-11-03 19:05
ComboFix3.txt 2012-11-03 12:46
.
Före genomsökningen: 13 338 710 016 byte ledigt
Efter genomsökningen: 570 273 792 byte ledigt
.
- - End Of File - - 1A272D4B803A0B220AA80E7A9C457B4A



MiniToolBox by Farbar Version: 23-07-2012
Ran by Jeff (administrator) on 04-11-2012 at 00:57:41
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

IP-konfiguration f”r Windows

DNS-matcharens cacheminne har rensats.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Media Player (Version: 1.8)
Adobe Reader 9 (Version: 9.0.0)
Alan Wake
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ASGvis Material Studio (Version: 1.00.0000)
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.98
ASRock InstantBoot v1.26
Assassin's Creed Revelations (Version: 1.00)
ASUS GPU Tweak (Version: 1.1.0.9)
ASUS nVidia Driver (Version: 1.00.0000)
µTorrent (Version: 3.1.3)
AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
Autodesk Content Service (Version: 2.0.90)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
BankID säkerhetsprogram (Version: 4.19.1)
Batman: Arkham City™ PC
Battlefield 3™ (Version: 1.4.0.0)
Battlelog Web Plugins (Version: 1.138.0)
Borderlands 2
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
Cheat Engine 6.2
Cities XL 2012 (Version: 1.0.0)
Company of Heroes: Opposing Fronts
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
CPUID CPU-Z 1.58
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Deadlight
Dual-Core Optimizer (Version: 1.1.4.0169)
e-kort (Version: 1.1.0.0)
e-kort (Version: 3.16.8.0)
ESN Sonar (Version: 0.70.0)
ESN Sonar (Version: 0.70.4)
Etron USB3.0 Host Controller (Version: 0.96)
Fallout New Vegas
Far Cry 2 (Version: 1.00.00)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Flamingo 1.1 (Version: 1.1 Release 20051111)
Flamingo 1.1 for Rhino 4.0 (Version: 1.1.4 Release 2007-01-16)
FortiClient SSLVPN v4.0.2148 (Version: 4.0.2148)
Fotogalleriet (Version: 16.4.3503.0728)
Fraps (remove only)
Gaming Mouse
Google Chrome (Version: 22.0.1229.94)
Google Earth (Version: 6.1.0.5001)
Google SketchUp Pro 8 (Version: 3.0.3117)
Google Update Helper (Version: 1.3.21.123)
Grasshopper
Handelsbanken kortläsare (Version: 1.00.0000)
hueyPRO 1.5.1
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2372)
L.A. Noire (Version: 1.00.0000)
LadokKlient9.4.01 [2011-11-03]
Logitech G35 (Version: 1.1.178)
Mafia II
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
marvell 91xx driver (Version: 1.2.0.1003)
Max Payne 3 (Version: 1.0.0.0)
Metro 2033
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Antimalware Service SV-SE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Client SV-SE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC80 Support DLLs (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3503.0728)
Mozilla Firefox 12.0 (x86 sv-SE) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
NVIDIA-uppdatering 1.10.8 (Version: 1.10.8)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision drivrutin 306.97 (Version: 306.97)
NVIDIA 3D Vision drivrutin för styrenhet 306.97 (Version: 306.97)
NVIDIA Grafikdrivrutin 306.97 (Version: 306.97)
NVIDIA HD audiodrivrutin 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX systemprogramvara 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update Components (Version: 1.10.8)
NVIDIAs kontrollpanel 306.97 (Version: 306.97)
Origin (Version: 8.5.0.4550)
PDF Settings CS5 (Version: 10.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Pixie 1.7.6 (Version: 1.7.6)
Portal 2
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.6392)
Rhino RDK
Rhinoceros 3.0 (Version: 3.0 Release)
Rhinoceros 4.0 (Version: 4.0.20118)
Rhinoceros 4.0 SR3 (Version: 4.0.30222)
Rhinoceros 4.0 SR4 (Version: 4.0.30807)
Rhinoceros 4.0 SR4b (Version: 4.0.30827)
Rhinoceros 4.0 SR5 (Version: 4.0.31215)
Rhinoceros 4.0 SR8 (Version: 4.0.50401)
Rockstar Games Social Club (Version: 1.0.9.5)
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister (Version: 1.00.000)
RollerCoaster Tycoon Deluxe (Version: 1.00.000)
Saints Row The Third
Samsung Kies (Version: 2.5.0.12094_28)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0)
Sid Meier's Civilization V
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Sniper Elite V2
Spec Ops The Line
Splashtop Connect IE (Version: 1.1.12.1)
Spotify (Version: 0.8.5.1333.g822e0de8)
Square Enix Secure Launcher (Version: 1.0.0.108)
T-Splines for Rhino (Version: 1.2)
TeamSpeak 3 Client
THX TruStudio (Version: 1.00.01)
Tom Clancy's Splinter Cell Conviction (Version: 1.00.000)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
V-Ray for Rhinoceros (Version: 01.01.71)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
VIRTU 1.2.103 (Version: 1.2.103)
VirtualCloneDrive
VLC media player 1.1.11 (Version: 1.1.11)
XFastUsb

**** End of log ****


Farbar Service Scanner Version: 03-11-2012
Ran by Jeff (administrator) on 04-11-2012 at 00:59:34
Running from "C:\Users\Jeff\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:43 PM

Posted 03 November 2012 - 07:57 PM

try this:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Posted Image

Once that is done then go to step 3 and allow it to run SFC

Posted Image

On the the Start Repairs tab => Click the Start

Posted Image

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.


then see if there are any windows updates waiting to install

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users