Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torpig


  • Please log in to reply
15 replies to this topic

#1 Frank Sovik

Frank Sovik

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 07 November 2012 - 10:21 AM

Hi. I am in trouble here. My Isp called me today and said there was a Torpig registered on my IP. They basicly told me to get rid of it or they would shut down my connection.

I am a newbie to this problem and in need of help.

I have several computers and android systems. I am beginning with my gamer pc.

NB: Its a 64 bit system and as I understood it, I didn`t need to make/attach a gmer log?

Kindly regards
Frank

Attached Files



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 07 November 2012 - 01:01 PM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 November 2012 - 04:47 AM

10:34:39.0830 4552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:34:39.0999 4552 ============================================================
10:34:39.0999 4552 Current date / time: 2012/11/08 10:34:39.0999
10:34:39.0999 4552 SystemInfo:
10:34:39.0999 4552
10:34:39.0999 4552 OS Version: 6.1.7601 ServicePack: 1.0
10:34:39.0999 4552 Product type: Workstation
10:34:39.0999 4552 ComputerName: FRANK-PC
10:34:39.0999 4552 UserName: Frank
10:34:39.0999 4552 Windows directory: C:\Windows
10:34:39.0999 4552 System windows directory: C:\Windows
10:34:39.0999 4552 Running under WOW64
10:34:39.0999 4552 Processor architecture: Intel x64
10:34:39.0999 4552 Number of processors: 12
10:34:39.0999 4552 Page size: 0x1000
10:34:39.0999 4552 Boot type: Normal boot
10:34:39.0999 4552 ============================================================
10:34:40.0300 4552 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:40.0300 4552 Drive \Device\Harddisk1\DR1 - Size: 0x6A33000000 (424.80 Gb), SectorSize: 0x200, Cylinders: 0xD89D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:40.0306 4552 ============================================================
10:34:40.0306 4552 \Device\Harddisk0\DR0:
10:34:40.0306 4552 MBR partitions:
10:34:40.0306 4552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
10:34:40.0306 4552 \Device\Harddisk1\DR1:
10:34:40.0306 4552 MBR partitions:
10:34:40.0306 4552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:34:40.0306 4552 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35165000
10:34:40.0306 4552 ============================================================
10:34:40.0307 4552 C: <-> \Device\Harddisk1\DR1\Partition2
10:34:40.0730 4552 D: <-> \Device\Harddisk0\DR0\Partition1
10:34:40.0730 4552 ============================================================
10:34:40.0730 4552 Initialize success
10:34:40.0730 4552 ============================================================
10:34:52.0495 7148 ============================================================
10:34:52.0496 7148 Scan started
10:34:52.0496 7148 Mode: Manual;
10:34:52.0496 7148 ============================================================
10:34:53.0007 7148 ================ Scan system memory ========================
10:34:53.0007 7148 System memory - ok
10:34:53.0008 7148 ================ Scan services =============================
10:34:53.0034 7148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:34:53.0037 7148 1394ohci - ok
10:34:53.0045 7148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:34:53.0049 7148 ACPI - ok
10:34:53.0053 7148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:34:53.0054 7148 AcpiPmi - ok
10:34:53.0059 7148 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:34:53.0060 7148 AdobeARMservice - ok
10:34:53.0077 7148 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:34:53.0079 7148 AdobeFlashPlayerUpdateSvc - ok
10:34:53.0085 7148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:34:53.0089 7148 adp94xx - ok
10:34:53.0093 7148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:34:53.0096 7148 adpahci - ok
10:34:53.0099 7148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:34:53.0100 7148 adpu320 - ok
10:34:53.0104 7148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:34:53.0105 7148 AeLookupSvc - ok
10:34:53.0111 7148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:34:53.0114 7148 AFD - ok
10:34:53.0117 7148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:34:53.0118 7148 agp440 - ok
10:34:53.0119 7148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:34:53.0120 7148 ALG - ok
10:34:53.0122 7148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:34:53.0122 7148 aliide - ok
10:34:53.0130 7148 ALSysIO - ok
10:34:53.0133 7148 [ 601D098BD1286377633E47B0E49E4F59 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:34:53.0134 7148 AMD External Events Utility - ok
10:34:53.0136 7148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:34:53.0136 7148 amdide - ok
10:34:53.0138 7148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:34:53.0139 7148 AmdK8 - ok
10:34:53.0182 7148 [ B6CF2A59E35393FA49BE233C1BDF7F8E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:34:53.0220 7148 amdkmdag - ok
10:34:53.0224 7148 [ 978A20C39752EFFFFF75B18B6F5C5AFE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:34:53.0225 7148 amdkmdap - ok
10:34:53.0227 7148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:34:53.0227 7148 AmdPPM - ok
10:34:53.0229 7148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:34:53.0230 7148 amdsata - ok
10:34:53.0233 7148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:34:53.0234 7148 amdsbs - ok
10:34:53.0236 7148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:34:53.0236 7148 amdxata - ok
10:34:53.0238 7148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:34:53.0239 7148 AppID - ok
10:34:53.0241 7148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:34:53.0241 7148 AppIDSvc - ok
10:34:53.0243 7148 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:34:53.0244 7148 Appinfo - ok
10:34:53.0247 7148 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:34:53.0248 7148 AppMgmt - ok
10:34:53.0250 7148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:34:53.0251 7148 arc - ok
10:34:53.0252 7148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:34:53.0253 7148 arcsas - ok
10:34:53.0255 7148 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
10:34:53.0255 7148 asahci64 - ok
10:34:53.0257 7148 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
10:34:53.0258 7148 asmthub3 - ok
10:34:53.0261 7148 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
10:34:53.0262 7148 asmtxhci - ok
10:34:53.0264 7148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:53.0264 7148 AsyncMac - ok
10:34:53.0266 7148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:34:53.0266 7148 atapi - ok
10:34:53.0268 7148 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
10:34:53.0268 7148 AthBTPort - ok
10:34:53.0272 7148 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
10:34:53.0273 7148 Atheros Bt&Wlan Coex Agent - ok
10:34:53.0275 7148 [ 457F3512C1C8E84C911059DA1CF1EAE9 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:34:53.0276 7148 AtherosSvc - ok
10:34:53.0290 7148 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:34:53.0300 7148 athr - ok
10:34:53.0306 7148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:34:53.0309 7148 AudioEndpointBuilder - ok
10:34:53.0312 7148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:34:53.0314 7148 AudioSrv - ok
10:34:53.0317 7148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:34:53.0318 7148 AxInstSV - ok
10:34:53.0322 7148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:34:53.0324 7148 b06bdrv - ok
10:34:53.0327 7148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:34:53.0328 7148 b57nd60a - ok
10:34:53.0331 7148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:34:53.0332 7148 BDESVC - ok
10:34:53.0333 7148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:34:53.0334 7148 Beep - ok
10:34:53.0339 7148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:34:53.0342 7148 BFE - ok
10:34:53.0347 7148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:34:53.0351 7148 BITS - ok
10:34:53.0353 7148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:34:53.0354 7148 blbdrive - ok
10:34:53.0356 7148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:34:53.0356 7148 bowser - ok
10:34:53.0358 7148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:34:53.0358 7148 BrFiltLo - ok
10:34:53.0360 7148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:34:53.0360 7148 BrFiltUp - ok
10:34:53.0362 7148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:34:53.0363 7148 Browser - ok
10:34:53.0376 7148 [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
10:34:53.0384 7148 Browser Manager - ok
10:34:53.0387 7148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:34:53.0388 7148 Brserid - ok
10:34:53.0390 7148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:34:53.0390 7148 BrSerWdm - ok
10:34:53.0391 7148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:34:53.0392 7148 BrUsbMdm - ok
10:34:53.0393 7148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:34:53.0393 7148 BrUsbSer - ok
10:34:53.0396 7148 [ 1A08AACAE705E427BD956794ACC74B66 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
10:34:53.0397 7148 BTATH_A2DP - ok
10:34:53.0399 7148 [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
10:34:53.0399 7148 BTATH_BUS - ok
10:34:53.0402 7148 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:34:53.0402 7148 BTATH_HCRP - ok
10:34:53.0404 7148 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:34:53.0404 7148 BTATH_LWFLT - ok
10:34:53.0407 7148 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
10:34:53.0407 7148 BTATH_RCP - ok
10:34:53.0411 7148 [ 64D4533DB7DE653560DDC511EA074AC8 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
10:34:53.0412 7148 BtFilter - ok
10:34:53.0414 7148 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:34:53.0414 7148 BthEnum - ok
10:34:53.0416 7148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:34:53.0417 7148 BTHMODEM - ok
10:34:53.0419 7148 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:34:53.0420 7148 BthPan - ok
10:34:53.0425 7148 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:34:53.0429 7148 BTHPORT - ok
10:34:53.0431 7148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:34:53.0431 7148 bthserv - ok
10:34:53.0433 7148 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:34:53.0434 7148 BTHUSB - ok
10:34:53.0436 7148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:34:53.0436 7148 cdfs - ok
10:34:53.0439 7148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:34:53.0447 7148 cdrom - ok
10:34:53.0450 7148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:34:53.0451 7148 CertPropSvc - ok
10:34:53.0453 7148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:34:53.0453 7148 circlass - ok
10:34:53.0456 7148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:34:53.0458 7148 CLFS - ok
10:34:53.0461 7148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:34:53.0462 7148 clr_optimization_v2.0.50727_32 - ok
10:34:53.0465 7148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:34:53.0467 7148 clr_optimization_v2.0.50727_64 - ok
10:34:53.0470 7148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:34:53.0474 7148 clr_optimization_v4.0.30319_32 - ok
10:34:53.0478 7148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:34:53.0479 7148 clr_optimization_v4.0.30319_64 - ok
10:34:53.0480 7148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:34:53.0481 7148 CmBatt - ok
10:34:53.0483 7148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:34:53.0483 7148 cmdide - ok
10:34:53.0486 7148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:34:53.0488 7148 CNG - ok
10:34:53.0490 7148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:34:53.0491 7148 Compbatt - ok
10:34:53.0492 7148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:34:53.0493 7148 CompositeBus - ok
10:34:53.0495 7148 COMSysApp - ok
10:34:53.0497 7148 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:34:53.0503 7148 cpudrv64 - ok
10:34:53.0505 7148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:34:53.0505 7148 crcdisk - ok
10:34:53.0508 7148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:34:53.0510 7148 CryptSvc - ok
10:34:53.0513 7148 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:34:53.0516 7148 CSC - ok
10:34:53.0521 7148 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:34:53.0524 7148 CscService - ok
10:34:53.0528 7148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:34:53.0531 7148 DcomLaunch - ok
10:34:53.0534 7148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:34:53.0536 7148 defragsvc - ok
10:34:53.0538 7148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:34:53.0539 7148 DfsC - ok
10:34:53.0542 7148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:34:53.0544 7148 Dhcp - ok
10:34:53.0545 7148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:34:53.0546 7148 discache - ok
10:34:53.0548 7148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:34:53.0548 7148 Disk - ok
10:34:53.0550 7148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:34:53.0552 7148 Dnscache - ok
10:34:53.0554 7148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:34:53.0556 7148 dot3svc - ok
10:34:53.0558 7148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:34:53.0560 7148 DPS - ok
10:34:53.0561 7148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:34:53.0562 7148 drmkaud - ok
10:34:53.0565 7148 [ 2BF965A3B9A525587589EBB270B68263 ] DTSAudioSvc C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
10:34:53.0566 7148 DTSAudioSvc - ok
10:34:53.0570 7148 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:34:53.0570 7148 dtsoftbus01 - ok
10:34:53.0577 7148 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:34:53.0580 7148 DXGKrnl - ok
10:34:53.0584 7148 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:34:53.0586 7148 e1cexpress - ok
10:34:53.0588 7148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:34:53.0589 7148 EapHost - ok
10:34:53.0606 7148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:34:53.0617 7148 ebdrv - ok
10:34:53.0619 7148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:34:53.0620 7148 EFS - ok
10:34:53.0625 7148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:34:53.0628 7148 ehRecvr - ok
10:34:53.0631 7148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:34:53.0632 7148 ehSched - ok
10:34:53.0636 7148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:34:53.0638 7148 elxstor - ok
10:34:53.0640 7148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:34:53.0641 7148 ErrDev - ok
10:34:53.0643 7148 esgiguard - ok
10:34:53.0646 7148 [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
10:34:53.0989 7148 ESLWireAC - ok
10:34:53.0999 7148 [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe
10:34:54.0083 7148 EslWireHelper - ok
10:34:54.0087 7148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:34:54.0089 7148 EventSystem - ok
10:34:54.0091 7148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:34:54.0092 7148 exfat - ok
10:34:54.0095 7148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:34:54.0095 7148 fastfat - ok
10:34:54.0100 7148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:34:54.0103 7148 Fax - ok
10:34:54.0105 7148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:34:54.0105 7148 fdc - ok
10:34:54.0107 7148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:34:54.0108 7148 fdPHost - ok
10:34:54.0109 7148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:34:54.0110 7148 FDResPub - ok
10:34:54.0112 7148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:34:54.0112 7148 FileInfo - ok
10:34:54.0114 7148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:34:54.0114 7148 Filetrace - ok
10:34:54.0116 7148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:34:54.0116 7148 flpydisk - ok
10:34:54.0120 7148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:34:54.0122 7148 FltMgr - ok
10:34:54.0129 7148 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:34:54.0133 7148 FontCache - ok
10:34:54.0135 7148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:34:54.0136 7148 FontCache3.0.0.0 - ok
10:34:54.0138 7148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:34:54.0138 7148 FsDepends - ok
10:34:54.0140 7148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:34:54.0140 7148 Fs_Rec - ok
10:34:54.0143 7148 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:34:54.0144 7148 fvevol - ok
10:34:54.0146 7148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:34:54.0146 7148 gagp30kx - ok
10:34:54.0151 7148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:34:54.0155 7148 gpsvc - ok
10:34:54.0156 7148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:34:54.0157 7148 hcw85cir - ok
10:34:54.0160 7148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:34:54.0162 7148 HdAudAddService - ok
10:34:54.0164 7148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:34:54.0164 7148 HDAudBus - ok
10:34:54.0166 7148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:34:54.0167 7148 HidBatt - ok
10:34:54.0168 7148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:34:54.0169 7148 HidBth - ok
10:34:54.0170 7148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:34:54.0171 7148 HidIr - ok
10:34:54.0173 7148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:34:54.0173 7148 hidserv - ok
10:34:54.0175 7148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:34:54.0176 7148 HidUsb - ok
10:34:54.0178 7148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:34:54.0179 7148 hkmsvc - ok
10:34:54.0182 7148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:34:54.0184 7148 HomeGroupListener - ok
10:34:54.0187 7148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:34:54.0189 7148 HomeGroupProvider - ok
10:34:54.0191 7148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:34:54.0191 7148 HpSAMD - ok
10:34:54.0196 7148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:34:54.0200 7148 HTTP - ok
10:34:54.0202 7148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:34:54.0202 7148 hwpolicy - ok
10:34:54.0204 7148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:34:54.0205 7148 i8042prt - ok
10:34:54.0209 7148 [ 309C5D9EF93AF38ED4FD252FA5E61283 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
10:34:54.0211 7148 iaStorA - ok
10:34:54.0214 7148 [ 8B493D0F190FE23AD8A016EFB115E035 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
10:34:54.0214 7148 IAStorDataMgrSvc - ok
10:34:54.0216 7148 [ E50E3CCB368B1A78405A1766A61B525F ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
10:34:54.0216 7148 iaStorF - ok
10:34:54.0220 7148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:34:54.0223 7148 iaStorV - ok
10:34:54.0228 7148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:34:54.0233 7148 idsvc - ok
10:34:54.0235 7148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:34:54.0235 7148 iirsp - ok
10:34:54.0240 7148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:34:54.0244 7148 IKEEXT - ok
10:34:54.0261 7148 [ E7E0E8F2F44BCB48143FBBA70106D8C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:34:54.0270 7148 IntcAzAudAddService - ok
10:34:54.0274 7148 [ D7B978F4504D3DA95A21002863D0E7EE ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
10:34:54.0275 7148 Intel® PROSet Monitoring Service - ok
10:34:54.0277 7148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:34:54.0278 7148 intelide - ok
10:34:54.0280 7148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:34:54.0280 7148 intelppm - ok
10:34:54.0282 7148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:34:54.0283 7148 IPBusEnum - ok
10:34:54.0285 7148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:34:54.0285 7148 IpFilterDriver - ok
10:34:54.0290 7148 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:34:54.0293 7148 iphlpsvc - ok
10:34:54.0295 7148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:34:54.0296 7148 IPMIDRV - ok
10:34:54.0297 7148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:34:54.0298 7148 IPNAT - ok
10:34:54.0300 7148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:34:54.0300 7148 IRENUM - ok
10:34:54.0302 7148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:34:54.0302 7148 isapnp - ok
10:34:54.0305 7148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:34:54.0306 7148 iScsiPrt - ok
10:34:54.0308 7148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:34:54.0308 7148 kbdclass - ok
10:34:54.0310 7148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:34:54.0311 7148 kbdhid - ok
10:34:54.0312 7148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:34:54.0313 7148 KeyIso - ok
10:34:54.0315 7148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:34:54.0316 7148 KSecDD - ok
10:34:54.0318 7148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:34:54.0319 7148 KSecPkg - ok
10:34:54.0321 7148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:34:54.0321 7148 ksthunk - ok
10:34:54.0324 7148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:34:54.0327 7148 KtmRm - ok
10:34:54.0330 7148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:34:54.0331 7148 LanmanServer - ok
10:34:54.0334 7148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:34:54.0335 7148 LanmanWorkstation - ok
10:34:54.0339 7148 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:34:54.0341 7148 LBTServ - ok
10:34:54.0344 7148 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
10:34:54.0344 7148 LGBusEnum - ok
10:34:54.0346 7148 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
10:34:54.0346 7148 LGVirHid - ok
10:34:54.0348 7148 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:34:54.0349 7148 LHidFilt - ok
10:34:54.0350 7148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:34:54.0351 7148 lltdio - ok
10:34:54.0354 7148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:34:54.0355 7148 lltdsvc - ok
10:34:54.0357 7148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:34:54.0358 7148 lmhosts - ok
10:34:54.0359 7148 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:34:54.0360 7148 LMouFilt - ok
10:34:54.0362 7148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:34:54.0363 7148 LSI_FC - ok
10:34:54.0365 7148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:34:54.0366 7148 LSI_SAS - ok
10:34:54.0368 7148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:34:54.0368 7148 LSI_SAS2 - ok
10:34:54.0370 7148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:34:54.0371 7148 LSI_SCSI - ok
10:34:54.0373 7148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:34:54.0374 7148 luafv - ok
10:34:54.0376 7148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:34:54.0378 7148 Mcx2Svc - ok
10:34:54.0379 7148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:34:54.0380 7148 megasas - ok
10:34:54.0382 7148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:34:54.0384 7148 MegaSR - ok
10:34:54.0386 7148 [ E4DD818EF22BBBF4274AF767A96D34C8 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:34:54.0386 7148 MEIx64 - ok
10:34:54.0392 7148 Microsoft SharePoint Workspace Audit Service - ok
10:34:54.0393 7148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:34:54.0394 7148 MMCSS - ok
10:34:54.0396 7148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:34:54.0397 7148 Modem - ok
10:34:54.0398 7148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:34:54.0399 7148 monitor - ok
10:34:54.0401 7148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:34:54.0401 7148 mouclass - ok
10:34:54.0403 7148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:34:54.0403 7148 mouhid - ok
10:34:54.0405 7148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:34:54.0406 7148 mountmgr - ok
10:34:54.0409 7148 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:34:54.0410 7148 MozillaMaintenance - ok
10:34:54.0414 7148 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:34:54.0415 7148 MpFilter - ok
10:34:54.0417 7148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:34:54.0418 7148 mpio - ok
10:34:54.0420 7148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:34:54.0421 7148 mpsdrv - ok
10:34:54.0427 7148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:34:54.0431 7148 MpsSvc - ok
10:34:54.0433 7148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:34:54.0435 7148 MRxDAV - ok
10:34:54.0437 7148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:54.0439 7148 mrxsmb - ok
10:34:54.0442 7148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:54.0443 7148 mrxsmb10 - ok
10:34:54.0446 7148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:54.0447 7148 mrxsmb20 - ok
10:34:54.0448 7148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:34:54.0449 7148 msahci - ok
10:34:54.0451 7148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:34:54.0452 7148 msdsm - ok
10:34:54.0454 7148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:34:54.0455 7148 MSDTC - ok
10:34:54.0458 7148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:34:54.0459 7148 Msfs - ok
10:34:54.0460 7148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:34:54.0460 7148 mshidkmdf - ok
10:34:54.0462 7148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:34:54.0462 7148 msisadrv - ok
10:34:54.0465 7148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:34:54.0466 7148 MSiSCSI - ok
10:34:54.0467 7148 msiserver - ok
10:34:54.0469 7148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:34:54.0470 7148 MSKSSRV - ok
10:34:54.0472 7148 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:34:54.0472 7148 MsMpSvc - ok
10:34:54.0474 7148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:54.0474 7148 MSPCLOCK - ok
10:34:54.0475 7148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:34:54.0476 7148 MSPQM - ok
10:34:54.0479 7148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:34:54.0481 7148 MsRPC - ok
10:34:54.0483 7148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:34:54.0484 7148 mssmbios - ok
10:34:54.0485 7148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:34:54.0486 7148 MSTEE - ok
10:34:54.0487 7148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:34:54.0488 7148 MTConfig - ok
10:34:54.0489 7148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:34:54.0490 7148 Mup - ok
10:34:54.0491 7148 [ 56616652CFE590E2C936C72DF6094B88 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys
10:34:54.0492 7148 mv91cons - ok
10:34:54.0495 7148 [ 97CCA67FCDABB8441149F04B34ABF510 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
10:34:54.0497 7148 mvs91xx - ok
10:34:54.0500 7148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:34:54.0503 7148 napagent - ok
10:34:54.0507 7148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:34:54.0510 7148 NativeWifiP - ok
10:34:54.0515 7148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:34:54.0519 7148 NDIS - ok
10:34:54.0521 7148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:34:54.0521 7148 NdisCap - ok
10:34:54.0523 7148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:54.0523 7148 NdisTapi - ok
10:34:54.0525 7148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:54.0526 7148 Ndisuio - ok
10:34:54.0528 7148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:54.0529 7148 NdisWan - ok
10:34:54.0531 7148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:34:54.0532 7148 NDProxy - ok
10:34:54.0533 7148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:34:54.0534 7148 NetBIOS - ok
10:34:54.0537 7148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:34:54.0538 7148 NetBT - ok
10:34:54.0539 7148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:34:54.0540 7148 Netlogon - ok
10:34:54.0543 7148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:34:54.0545 7148 Netman - ok
10:34:54.0549 7148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:34:54.0551 7148 netprofm - ok
10:34:54.0553 7148 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:34:54.0554 7148 NetTcpPortSharing - ok
10:34:54.0556 7148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:34:54.0557 7148 nfrd960 - ok
10:34:54.0560 7148 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:34:54.0560 7148 NisDrv - ok
10:34:54.0563 7148 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:34:54.0565 7148 NisSrv - ok
10:34:54.0569 7148 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:34:54.0571 7148 NlaSvc - ok
10:34:54.0573 7148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:34:54.0573 7148 Npfs - ok
10:34:54.0575 7148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:34:54.0576 7148 nsi - ok
10:34:54.0578 7148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:34:54.0578 7148 nsiproxy - ok
10:34:54.0587 7148 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:34:54.0593 7148 Ntfs - ok
10:34:54.0595 7148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:34:54.0595 7148 Null - ok
10:34:54.0598 7148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:34:54.0598 7148 nvraid - ok
10:34:54.0601 7148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:34:54.0602 7148 nvstor - ok
10:34:54.0604 7148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:34:54.0605 7148 nv_agp - ok
10:34:54.0607 7148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:34:54.0608 7148 ohci1394 - ok
10:34:54.0611 7148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:34:54.0612 7148 ose - ok
10:34:54.0640 7148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:34:54.0656 7148 osppsvc - ok
10:34:54.0660 7148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:34:54.0662 7148 p2pimsvc - ok
10:34:54.0666 7148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:34:54.0669 7148 p2psvc - ok
10:34:54.0671 7148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:34:54.0672 7148 Parport - ok
10:34:54.0674 7148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:34:54.0675 7148 partmgr - ok
10:34:54.0677 7148 [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
10:34:54.0682 7148 PcaSp60 - ok
10:34:54.0685 7148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:34:54.0686 7148 PcaSvc - ok
10:34:54.0689 7148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:34:54.0690 7148 pci - ok
10:34:54.0691 7148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:34:54.0692 7148 pciide - ok
10:34:54.0694 7148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:34:54.0695 7148 pcmcia - ok
10:34:54.0697 7148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:34:54.0697 7148 pcw - ok
10:34:54.0702 7148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:34:54.0705 7148 PEAUTH - ok
10:34:54.0712 7148 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:34:54.0717 7148 PeerDistSvc - ok
10:34:54.0732 7148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:34:54.0732 7148 PerfHost - ok
10:34:54.0743 7148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:34:54.0749 7148 pla - ok
10:34:54.0753 7148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:34:54.0755 7148 PlugPlay - ok
10:34:54.0757 7148 PnkBstrA - ok
10:34:54.0759 7148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:34:54.0760 7148 PNRPAutoReg - ok
10:34:54.0762 7148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:34:54.0764 7148 PNRPsvc - ok
10:34:54.0768 7148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:34:54.0771 7148 PolicyAgent - ok
10:34:54.0775 7148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:34:54.0776 7148 Power - ok
10:34:54.0779 7148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:34:54.0780 7148 PptpMiniport - ok
10:34:54.0782 7148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:34:54.0783 7148 Processor - ok
10:34:54.0786 7148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:34:54.0787 7148 ProfSvc - ok
10:34:54.0789 7148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:34:54.0789 7148 ProtectedStorage - ok
10:34:54.0792 7148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:34:54.0793 7148 Psched - ok
10:34:54.0794 7148 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:34:54.0795 7148 PxHlpa64 - ok
10:34:54.0803 7148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:34:54.0809 7148 ql2300 - ok
10:34:54.0811 7148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:34:54.0812 7148 ql40xx - ok
10:34:54.0815 7148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:34:54.0817 7148 QWAVE - ok
10:34:54.0818 7148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:34:54.0819 7148 QWAVEdrv - ok
10:34:54.0821 7148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:34:54.0821 7148 RasAcd - ok
10:34:54.0823 7148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:34:54.0824 7148 RasAgileVpn - ok
10:34:54.0826 7148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:34:54.0827 7148 RasAuto - ok
10:34:54.0830 7148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:54.0830 7148 Rasl2tp - ok
10:34:54.0835 7148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:34:54.0838 7148 RasMan - ok
10:34:54.0840 7148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:54.0841 7148 RasPppoe - ok
10:34:54.0843 7148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:34:54.0843 7148 RasSstp - ok
10:34:54.0847 7148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:34:54.0849 7148 rdbss - ok
10:34:54.0851 7148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:34:54.0851 7148 rdpbus - ok
10:34:54.0853 7148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:54.0853 7148 RDPCDD - ok
10:34:54.0856 7148 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:34:54.0857 7148 RDPDR - ok
10:34:54.0859 7148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:34:54.0859 7148 RDPENCDD - ok
10:34:54.0861 7148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:34:54.0862 7148 RDPREFMP - ok
10:34:54.0864 7148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:34:54.0870 7148 RdpVideoMiniport - ok
10:34:54.0873 7148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:34:54.0874 7148 RDPWD - ok
10:34:54.0877 7148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:34:54.0879 7148 rdyboost - ok
10:34:54.0881 7148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:34:54.0882 7148 RemoteAccess - ok
10:34:54.0884 7148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:34:54.0886 7148 RemoteRegistry - ok
10:34:54.0889 7148 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:34:54.0889 7148 RFCOMM - ok
10:34:54.0892 7148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:34:54.0893 7148 RpcEptMapper - ok
10:34:54.0894 7148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:34:54.0895 7148 RpcLocator - ok
10:34:54.0899 7148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:34:54.0901 7148 RpcSs - ok
10:34:54.0904 7148 [ DC37E853C300B6F45753F52A2EB71F23 ] rr62x C:\Windows\system32\DRIVERS\rr62x.sys
10:34:54.0924 7148 rr62x - ok
10:34:54.0927 7148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:34:54.0928 7148 rspndr - ok
10:34:54.0931 7148 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:34:54.0933 7148 RTL8167 - ok
10:34:54.0935 7148 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:34:54.0935 7148 s3cap - ok
10:34:54.0937 7148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:34:54.0937 7148 SamSs - ok
10:34:54.0939 7148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:34:54.0940 7148 sbp2port - ok
10:34:54.0943 7148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:34:54.0944 7148 SCardSvr - ok
10:34:54.0946 7148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:34:54.0947 7148 scfilter - ok
10:34:54.0953 7148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:34:54.0958 7148 Schedule - ok
10:34:54.0960 7148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:34:54.0961 7148 SCPolicySvc - ok
10:34:54.0963 7148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:34:54.0965 7148 SDRSVC - ok
10:34:54.0967 7148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:34:54.0967 7148 secdrv - ok
10:34:54.0969 7148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:34:54.0970 7148 seclogon - ok
10:34:54.0972 7148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:34:54.0973 7148 SENS - ok
10:34:54.0975 7148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:34:54.0976 7148 SensrSvc - ok
10:34:54.0978 7148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:34:54.0978 7148 Serenum - ok
10:34:54.0980 7148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:34:54.0981 7148 Serial - ok
10:34:54.0983 7148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:34:54.0983 7148 sermouse - ok
10:34:54.0988 7148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:34:54.0989 7148 SessionEnv - ok
10:34:54.0991 7148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:34:54.0991 7148 sffdisk - ok
10:34:54.0993 7148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:34:54.0993 7148 sffp_mmc - ok
10:34:54.0995 7148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:34:54.0995 7148 sffp_sd - ok
10:34:54.0997 7148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:34:54.0998 7148 sfloppy - ok
10:34:55.0001 7148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:34:55.0003 7148 SharedAccess - ok
10:34:55.0006 7148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:34:55.0009 7148 ShellHWDetection - ok
10:34:55.0011 7148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:34:55.0012 7148 SiSRaid2 - ok
10:34:55.0014 7148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:34:55.0014 7148 SiSRaid4 - ok
10:34:55.0016 7148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:34:55.0017 7148 Smb - ok
10:34:55.0021 7148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:34:55.0022 7148 SNMPTRAP - ok
10:34:55.0023 7148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:34:55.0024 7148 spldr - ok
10:34:55.0028 7148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:34:55.0032 7148 Spooler - ok
10:34:55.0052 7148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:34:55.0064 7148 sppsvc - ok
10:34:55.0067 7148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:34:55.0068 7148 sppuinotify - ok
10:34:55.0072 7148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:34:55.0075 7148 srv - ok
10:34:55.0078 7148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:34:55.0080 7148 srv2 - ok
10:34:55.0083 7148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:34:55.0084 7148 srvnet - ok
10:34:55.0087 7148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:34:55.0089 7148 SSDPSRV - ok
10:34:55.0091 7148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:34:55.0092 7148 SstpSvc - ok
10:34:55.0094 7148 Steam Client Service - ok
10:34:55.0096 7148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:34:55.0097 7148 stexstor - ok
10:34:55.0099 7148 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:34:55.0099 7148 StillCam - ok
10:34:55.0104 7148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:34:55.0108 7148 stisvc - ok
10:34:55.0110 7148 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:34:55.0111 7148 storflt - ok
10:34:55.0113 7148 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:34:55.0113 7148 storvsc - ok
10:34:55.0115 7148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:34:55.0115 7148 swenum - ok
10:34:55.0120 7148 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:34:55.0122 7148 SwitchBoard - ok
10:34:55.0126 7148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:34:55.0129 7148 swprv - ok
10:34:55.0131 7148 Synth3dVsc - ok
10:34:55.0140 7148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:34:55.0147 7148 SysMain - ok
10:34:55.0150 7148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:34:55.0151 7148 TabletInputService - ok
10:34:55.0154 7148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:34:55.0156 7148 TapiSrv - ok
10:34:55.0158 7148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:34:55.0159 7148 TBS - ok
10:34:55.0170 7148 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:34:55.0176 7148 Tcpip - ok
10:34:55.0184 7148 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:34:55.0189 7148 TCPIP6 - ok
10:34:55.0192 7148 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:34:55.0193 7148 tcpipreg - ok
10:34:55.0195 7148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:34:55.0196 7148 TDPIPE - ok
10:34:55.0198 7148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:34:55.0198 7148 TDTCP - ok
10:34:55.0201 7148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:34:55.0202 7148 tdx - ok
10:34:55.0216 7148 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:34:55.0224 7148 TeamViewer7 - ok
10:34:55.0226 7148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:34:55.0227 7148 TermDD - ok
10:34:55.0232 7148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:34:55.0235 7148 TermService - ok
10:34:55.0237 7148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:34:55.0238 7148 Themes - ok
10:34:55.0241 7148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:34:55.0241 7148 THREADORDER - ok
10:34:55.0244 7148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:34:55.0245 7148 TrkWks - ok
10:34:55.0248 7148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:34:55.0249 7148 TrustedInstaller - ok
10:34:55.0252 7148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:55.0252 7148 tssecsrv - ok
10:34:55.0254 7148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:34:55.0260 7148 TsUsbFlt - ok
10:34:55.0261 7148 tsusbhub - ok
10:34:55.0264 7148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:34:55.0265 7148 tunnel - ok
10:34:55.0267 7148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:34:55.0268 7148 uagp35 - ok
10:34:55.0271 7148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:34:55.0273 7148 udfs - ok
10:34:55.0276 7148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:34:55.0277 7148 UI0Detect - ok
10:34:55.0279 7148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:34:55.0280 7148 uliagpkx - ok
10:34:55.0282 7148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:34:55.0283 7148 umbus - ok
10:34:55.0284 7148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:34:55.0285 7148 UmPass - ok
10:34:55.0288 7148 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:34:55.0290 7148 UmRdpService - ok
10:34:55.0293 7148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:34:55.0296 7148 upnphost - ok
10:34:55.0298 7148 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:34:55.0299 7148 usbaudio - ok
10:34:55.0301 7148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:55.0302 7148 usbccgp - ok
10:34:55.0304 7148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:34:55.0305 7148 usbcir - ok
10:34:55.0307 7148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:34:55.0308 7148 usbehci - ok
10:34:55.0311 7148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:34:55.0313 7148 usbhub - ok
10:34:55.0315 7148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:34:55.0315 7148 usbohci - ok
10:34:55.0317 7148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:34:55.0318 7148 usbprint - ok
10:34:55.0319 7148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:34:55.0320 7148 USBSTOR - ok
10:34:55.0322 7148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:34:55.0322 7148 usbuhci - ok
10:34:55.0324 7148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:34:55.0326 7148 UxSms - ok
10:34:55.0327 7148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:34:55.0328 7148 VaultSvc - ok
10:34:55.0330 7148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:34:55.0330 7148 vdrvroot - ok
10:34:55.0334 7148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:34:55.0337 7148 vds - ok
10:34:55.0339 7148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:55.0340 7148 vga - ok
10:34:55.0342 7148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:34:55.0343 7148 VgaSave - ok
10:34:55.0344 7148 VGPU - ok
10:34:55.0347 7148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:34:55.0348 7148 vhdmp - ok
10:34:55.0350 7148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:34:55.0350 7148 viaide - ok
10:34:55.0353 7148 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:34:55.0355 7148 vmbus - ok
10:34:55.0357 7148 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:34:55.0357 7148 VMBusHID - ok
10:34:55.0359 7148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:34:55.0359 7148 volmgr - ok
10:34:55.0363 7148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:34:55.0365 7148 volmgrx - ok
10:34:55.0369 7148 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:34:55.0371 7148 volsnap - ok
10:34:55.0373 7148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:34:55.0375 7148 vsmraid - ok
10:34:55.0384 7148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:34:55.0392 7148 VSS - ok
10:34:55.0394 7148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:34:55.0394 7148 vwifibus - ok
10:34:55.0396 7148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:34:55.0397 7148 vwififlt - ok
10:34:55.0401 7148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:34:55.0404 7148 W32Time - ok
10:34:55.0407 7148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:34:55.0407 7148 WacomPen - ok
10:34:55.0410 7148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:34:55.0411 7148 WANARP - ok
10:34:55.0412 7148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:34:55.0413 7148 Wanarpv6 - ok
10:34:55.0420 7148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:34:55.0425 7148 WatAdminSvc - ok
10:34:55.0434 7148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:34:55.0440 7148 wbengine - ok
10:34:55.0444 7148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:34:55.0446 7148 WbioSrvc - ok
10:34:55.0449 7148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:34:55.0452 7148 wcncsvc - ok
10:34:55.0454 7148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:34:55.0455 7148 WcsPlugInService - ok
10:34:55.0457 7148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:34:55.0457 7148 Wd - ok
10:34:55.0462 7148 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:34:55.0466 7148 Wdf01000 - ok
10:34:55.0468 7148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:34:55.0469 7148 WdiServiceHost - ok
10:34:55.0471 7148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:34:55.0472 7148 WdiSystemHost - ok
10:34:55.0475 7148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:34:55.0477 7148 WebClient - ok
10:34:55.0480 7148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:34:55.0483 7148 Wecsvc - ok
10:34:55.0485 7148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:34:55.0486 7148 wercplsupport - ok
10:34:55.0488 7148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:34:55.0490 7148 WerSvc - ok
10:34:55.0492 7148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:34:55.0492 7148 WfpLwf - ok
10:34:55.0495 7148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:34:55.0495 7148 WIMMount - ok
10:34:55.0496 7148 WinDefend - ok
10:34:55.0499 7148 WinHttpAutoProxySvc - ok
10:34:55.0504 7148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:34:55.0506 7148 Winmgmt - ok
10:34:55.0518 7148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:34:55.0526 7148 WinRM - ok
10:34:55.0534 7148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:34:55.0539 7148 Wlansvc - ok
10:34:55.0541 7148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:34:55.0542 7148 WmiAcpi - ok
10:34:55.0545 7148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:34:55.0546 7148 wmiApSrv - ok
10:34:55.0548 7148 WMPNetworkSvc - ok
10:34:55.0550 7148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:34:55.0551 7148 WPCSvc - ok
10:34:55.0554 7148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:34:55.0555 7148 WPDBusEnum - ok
10:34:55.0557 7148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:34:55.0558 7148 ws2ifsl - ok
10:34:55.0560 7148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:34:55.0561 7148 wscsvc - ok
10:34:55.0563 7148 WSearch - ok
10:34:55.0579 7148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:34:55.0588 7148 wuauserv - ok
10:34:55.0591 7148 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:34:55.0592 7148 WudfPf - ok
10:34:55.0594 7148 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:55.0596 7148 WUDFRd - ok
10:34:55.0598 7148 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:34:55.0599 7148 wudfsvc - ok
10:34:55.0602 7148 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:34:55.0604 7148 WwanSvc - ok
10:34:55.0609 7148 ================ Scan global ===============================
10:34:55.0611 7148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:34:55.0614 7148 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:34:55.0617 7148 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:34:55.0619 7148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:34:55.0623 7148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:34:55.0626 7148 [Global] - ok
10:34:55.0626 7148 ================ Scan MBR ==================================
10:34:55.0639 7148 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk0\DR0
10:34:55.0666 7148 \Device\Harddisk0\DR0 - ok
10:34:55.0669 7148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:34:55.0704 7148 \Device\Harddisk1\DR1 - ok
10:34:55.0705 7148 ================ Scan VBR ==================================
10:34:55.0706 7148 [ 406C58822D515A66A02792915D29997A ] \Device\Harddisk0\DR0\Partition1
10:34:55.0708 7148 \Device\Harddisk0\DR0\Partition1 - ok
10:34:55.0710 7148 [ F608DE08175E5D42E9CDDDAC9D25BD59 ] \Device\Harddisk1\DR1\Partition1
10:34:55.0711 7148 \Device\Harddisk1\DR1\Partition1 - ok
10:34:55.0713 7148 [ 91B95184135060B68C9483A0131C3647 ] \Device\Harddisk1\DR1\Partition2
10:34:55.0714 7148 \Device\Harddisk1\DR1\Partition2 - ok
10:34:55.0714 7148 ============================================================
10:34:55.0714 7148 Scan finished
10:34:55.0714 7148 ============================================================
10:34:55.0721 6384 Detected object count: 0
10:34:55.0721 6384 Actual detected object count: 0
10:40:36.0698 4828 Deinitialize success

Edited by Frank Sovik, 08 November 2012 - 06:15 AM.


#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 08 November 2012 - 09:50 AM

This log appears clean. No signs of torpig aka Sinowal.

Do you notice any problems with your PC like Google Redirections or a slow boot. Any tiny detail helps :)


Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 November 2012 - 10:05 AM

ComboFix 12-11-08.01 - Frank 08.11.2012 16:01:37.1.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.32744.29233 [GMT 1:00]
Kjører fra: c:\users\Frank\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-08 til 2012-11-08 )))))))))))))))))))))))))))))))))
.
.
2012-11-08 15:03 . 2012-11-08 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 14:42 . 2012-11-07 14:42 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-07 14:42 . 2012-11-07 14:42 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-07 11:30 . 2012-11-07 11:30 -------- d-----w- c:\program files\Enigma Software Group
2012-11-07 11:29 . 2012-11-07 11:40 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-07 11:00 . 2012-11-07 11:00 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-07 10:59 . 2012-11-01 14:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-11-07 10:59 . 2012-11-07 16:13 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-07 10:59 . 2012-11-07 11:05 -------- d-----w- c:\programdata\PC Tools
2012-11-07 10:59 . 2012-11-07 10:59 -------- d-----w- c:\users\Frank\AppData\Roaming\TestApp
2012-11-07 10:43 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE06FD7A-D231-4714-8F9B-E08E55039FE9}\mpengine.dll
2012-11-07 10:37 . 2012-11-07 11:42 -------- d-----w- c:\users\Frank\AppData\Roaming\Systweak
2012-11-07 10:37 . 2012-09-21 11:05 17080 ----a-w- c:\windows\system32\roboot64.exe
2012-11-05 19:52 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-21 17:30 . 2012-08-07 14:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74481884-4C0F-4207-B483-7A81A60B1D13}\gapaengine.dll
2012-10-12 14:15 . 2012-11-08 12:48 -------- d-----w- c:\users\Frank\AppData\Local\ESL Wire Game Client
2012-10-12 14:15 . 2012-09-04 10:16 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-10-12 14:15 . 2012-10-12 14:15 -------- d-----w- c:\program files\EslWire
2012-10-12 14:15 . 2012-10-12 14:15 -------- d-----w- c:\programdata\ESL Wire
2012-10-11 12:02 . 2012-11-08 12:47 -------- d-----w- c:\program files (x86)\Steam
2012-10-11 12:02 . 2012-11-07 16:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-11 09:52 . 2012-11-08 09:18 -------- d-----w- c:\users\Frank\AppData\Local\Spotify
2012-10-11 09:52 . 2012-11-08 14:48 -------- d-----w- c:\users\Frank\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 20:55 . 2012-09-27 15:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-31 20:55 . 2012-09-27 13:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-31 20:54 . 2012-09-27 13:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-10 10:31 . 2012-09-27 11:50 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 17:10 . 2012-09-27 14:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:10 . 2012-09-27 14:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 09:41 . 2012-09-28 09:41 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 09:41 . 2012-09-28 09:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-27 15:47 . 2012-09-27 13:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-27 13:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-27 13:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-27 12:48 . 2012-09-27 12:48 53248 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-27 12:48 . 2012-09-27 12:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-27 11:54 . 2012-09-27 11:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 11:54 . 2012-09-27 11:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 11:54 . 2012-09-27 11:54 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 11:54 . 2012-09-27 11:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 11:54 . 2012-09-27 11:54 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 11:54 . 2012-09-27 11:54 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 11:54 . 2012-09-27 11:54 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 11:54 . 2012-09-27 11:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 11:54 . 2012-09-27 11:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 11:54 . 2012-09-27 11:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 11:54 . 2012-09-27 11:54 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 11:54 . 2012-09-27 11:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 11:54 . 2012-09-27 11:54 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 11:54 . 2012-09-27 11:54 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 11:54 . 2012-09-27 11:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 11:54 . 2012-09-27 11:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 11:54 . 2012-09-27 11:54 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 11:54 . 2012-09-27 11:54 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 11:54 . 2012-09-27 11:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 11:54 . 2012-09-27 11:54 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 11:54 . 2012-09-27 11:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 11:54 . 2012-09-27 11:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 11:54 . 2012-09-27 11:54 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 11:54 . 2012-09-27 11:54 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 11:54 . 2012-09-27 11:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 11:54 . 2012-09-27 11:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 11:54 . 2012-09-27 11:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 11:54 . 2012-09-27 11:54 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 11:54 . 2012-09-27 11:54 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 11:54 . 2012-09-27 11:54 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 11:54 . 2012-09-27 11:54 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 11:54 . 2012-09-27 11:54 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 11:54 . 2012-09-27 11:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 11:54 . 2012-09-27 11:54 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 11:54 . 2012-09-27 11:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 11:54 . 2012-09-27 11:54 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 11:54 . 2012-09-27 11:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 11:54 . 2012-09-27 11:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 11:54 . 2012-09-27 11:54 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 11:54 . 2012-09-27 11:54 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 11:54 . 2012-09-27 11:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 11:54 . 2012-09-27 11:54 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 11:54 . 2012-09-27 11:54 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 11:54 . 2012-09-27 11:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 11:54 . 2012-09-27 11:54 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 11:54 . 2012-09-27 11:54 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 11:54 . 2012-09-27 11:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 11:54 . 2012-09-27 11:54 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 11:54 . 2012-09-27 11:54 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 11:54 . 2012-09-27 11:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 11:54 . 2012-09-27 11:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 11:54 . 2012-09-27 11:54 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 11:54 . 2012-09-27 11:54 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 11:54 . 2012-09-27 11:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-27 11:54 . 2012-09-27 11:54 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 11:54 . 2012-09-27 11:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 11:54 . 2012-09-27 11:54 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 11:54 . 2012-09-27 11:54 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 11:54 . 2012-09-27 11:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 11:54 . 2012-09-27 11:54 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 11:54 . 2012-09-27 11:54 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 11:54 . 2012-09-27 11:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 11:54 . 2012-09-27 11:54 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 11:54 . 2012-09-27 11:54 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 11:54 . 2012-09-27 11:54 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-24 21:16 . 2012-09-28 09:41 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 22:58 . 2012-09-27 12:00 9308616 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4ACAE4E-2E7D-426B-BD89-DA8454C6024D}\mpengine.dll
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-27 14:29 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-27 14:29 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-27 14:29 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-27 14:29 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-27 14:29 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 07:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-10-31 3389080]
"Akamai NetSession Interface"="c:\users\Frank\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Phaser 6121MFP Scan Dashboard"="c:\program files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe" [2009-03-25 5898240]
"Spotify"="c:\users\Frank\AppData\Roaming\Spotify\Spotify.exe" [2012-10-29 7880664]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-11 1353080]
"Spotify Web Helper"="c:\users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2012-10-10 4104192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-06-20 286720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-02 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Frank\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-06-20 578008]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-06-20 26072]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-08-09 24880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 rr62x;rr62x;c:\windows\system32\DRIVERS\rr62x.sys [2010-06-16 156256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-07 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-03 204288]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-15 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-15 80032]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-10 2309656]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-09-04 147472]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-09-04 678416]
S2 IAStorDataMgrSvc;Intel® Rapid lagringsteknologi;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-06-20 7168]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-06-15 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-06-15 299680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-06-15 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-06-15 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-06-15 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-06-15 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-06-15 282272]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - 45641833
*Deregistered* - 45641833
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-22 7284328]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-15 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-15 379552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{42DC4274-02DF-48BE-9044-A88A99D48C24}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/
FF - ExtSQL: 2012-09-27 16:15; jid1-qQSMEVsYTOjgYA@jetpack; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
FF - ExtSQL: 2012-09-27 20:13; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-28 11:31; plugin@yontoo.com; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\extensions\plugin@yontoo.com
FF - user.js: extentions.y2layers.installId - dc054a2c-3839-4341-849b-8d2528680e16
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2a9427e60000000000005404a6406623&q=
FF - user.js: extensions.BabylonToolbar.id - 2a9427e60000000000005404a6406623
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15611
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111511&tt=270912_7a_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-11-08 16:04:43
ComboFix-quarantined-files.txt 2012-11-08 15:04
.
Pre-Run: 293 928 304 640 byte ledig
Post-Run: 293 991 915 520 byte ledig
.
- - End Of File - - DC4F4A01BA18245983111731D6652DD6

#6 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 November 2012 - 10:10 AM

If this machine is ok, shall I do the same on my server machine and continue to paste here or start a new topic for each machine?

I have not noticed anything wrong with any of the computers actually. Its my Isp (Lyse.no) that called me and said that (Telenor`s surveilance) had detected Torpig on my IP.
I bet it is on either my server or on my wifes computer. She is also posting in this forum as funlover

Edited by Frank Sovik, 08 November 2012 - 11:47 AM.


#7 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 08 November 2012 - 04:34 PM

Hy there

ahall I do the same on my server machine and continue to paste here or start a new topic for each machine?

Yes, please create one topic for each of your systems in your Home Network.

For me, this PC appears clean.
Please run a last scan for me to be sure.


Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#8 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 November 2012 - 05:38 PM

done. it found this;

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 09 November 2012 - 02:54 PM

This is only Adware but we will remove it.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
Yontoo 1.10.02


Open notepad and copy/paste the text in the Code-box below into it:

Folder::
C:\Program Files (x86)\Yontoo
C:\ProgramData\Tarma Installer
FireFox::
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\
FF - ExtSQL: 2012-09-28 11:31; plugin@yontoo.com; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\extensions\plugin@yontoo.com
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2a9427e60000000000005404a6406623&q=
FF - user.js: extensions.BabylonToolbar.id - 2a9427e60000000000005404a6406623
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15611
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111511&tt=270912_7a_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 November 2012 - 03:13 PM

ComboFix 12-11-09.02 - Frank 09.11.2012 21:08:18.2.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.32744.27758 [GMT 1:00]
Kjører fra: c:\users\Frank\Desktop\ComboFix.exe
Command switches brukt :: c:\users\Frank\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-09 til 2012-11-09 )))))))))))))))))))))))))))))))))
.
.
2012-11-09 20:10 . 2012-11-09 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 18:59 . 2012-11-09 19:01 -------- d-----w- c:\program files\Babylon
2012-11-09 18:59 . 2012-11-09 18:59 -------- d-----w- c:\program files (x86)\Babylon
2012-11-09 16:21 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{297750EA-7967-403A-90FE-1415DEFEA40D}\mpengine.dll
2012-11-09 13:53 . 2012-11-09 19:13 -------- d-----w- c:\users\Frank\AppData\Roaming\Skype
2012-11-09 13:53 . 2012-11-09 13:53 -------- d-----r- c:\program files (x86)\Skype
2012-11-09 13:53 . 2012-11-09 13:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-09 13:53 . 2012-11-09 13:53 -------- d-----w- c:\programdata\Skype
2012-11-09 13:02 . 2012-11-09 13:02 -------- d-----w- c:\users\Frank\fwup
2012-11-09 13:01 . 2012-11-09 13:01 -------- d-----w- c:\users\Frank\r4i
2012-11-08 21:52 . 2012-11-08 21:52 -------- d-----w- c:\program files (x86)\ESET
2012-11-08 15:07 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-07 14:42 . 2012-11-07 14:42 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-07 14:42 . 2012-11-07 14:42 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-07 11:30 . 2012-11-07 11:30 -------- d-----w- c:\program files\Enigma Software Group
2012-11-07 11:29 . 2012-11-07 11:40 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-07 11:00 . 2012-11-07 11:00 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-07 10:59 . 2012-11-01 14:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-11-07 10:59 . 2012-11-07 16:13 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-07 10:59 . 2012-11-07 11:05 -------- d-----w- c:\programdata\PC Tools
2012-11-07 10:59 . 2012-11-07 10:59 -------- d-----w- c:\users\Frank\AppData\Roaming\TestApp
2012-11-07 10:37 . 2012-11-07 11:42 -------- d-----w- c:\users\Frank\AppData\Roaming\Systweak
2012-11-07 10:37 . 2012-09-21 11:05 17080 ----a-w- c:\windows\system32\roboot64.exe
2012-10-21 17:30 . 2012-08-07 14:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74481884-4C0F-4207-B483-7A81A60B1D13}\gapaengine.dll
2012-10-12 14:15 . 2012-11-09 16:31 -------- d-----w- c:\users\Frank\AppData\Local\ESL Wire Game Client
2012-10-12 14:15 . 2012-09-04 10:16 147472 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-10-12 14:15 . 2012-10-12 14:15 -------- d-----w- c:\program files\EslWire
2012-10-12 14:15 . 2012-10-12 14:15 -------- d-----w- c:\programdata\ESL Wire
2012-10-11 12:02 . 2012-11-09 19:26 -------- d-----w- c:\program files (x86)\Steam
2012-10-11 12:02 . 2012-11-07 16:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-11 09:52 . 2012-11-09 16:31 -------- d-----w- c:\users\Frank\AppData\Local\Spotify
2012-10-11 09:52 . 2012-11-09 18:56 -------- d-----w- c:\users\Frank\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 16:04 . 2012-09-27 15:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-09 16:04 . 2012-09-27 13:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-09 16:03 . 2012-09-27 13:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-10 10:31 . 2012-09-27 11:50 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 17:10 . 2012-09-27 14:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:10 . 2012-09-27 14:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 09:41 . 2012-09-28 09:41 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 09:41 . 2012-09-28 09:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-27 15:47 . 2012-09-27 13:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-27 13:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-27 13:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-27 12:48 . 2012-09-27 12:48 53248 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-27 12:48 . 2012-09-27 12:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-27 11:54 . 2012-09-27 11:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 11:54 . 2012-09-27 11:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 11:54 . 2012-09-27 11:54 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 11:54 . 2012-09-27 11:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 11:54 . 2012-09-27 11:54 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 11:54 . 2012-09-27 11:54 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 11:54 . 2012-09-27 11:54 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 11:54 . 2012-09-27 11:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 11:54 . 2012-09-27 11:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 11:54 . 2012-09-27 11:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 11:54 . 2012-09-27 11:54 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 11:54 . 2012-09-27 11:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 11:54 . 2012-09-27 11:54 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 11:54 . 2012-09-27 11:54 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 11:54 . 2012-09-27 11:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 11:54 . 2012-09-27 11:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 11:54 . 2012-09-27 11:54 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 11:54 . 2012-09-27 11:54 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 11:54 . 2012-09-27 11:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 11:54 . 2012-09-27 11:54 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 11:54 . 2012-09-27 11:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 11:54 . 2012-09-27 11:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 11:54 . 2012-09-27 11:54 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 11:54 . 2012-09-27 11:54 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 11:54 . 2012-09-27 11:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 11:54 . 2012-09-27 11:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 11:54 . 2012-09-27 11:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 11:54 . 2012-09-27 11:54 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 11:54 . 2012-09-27 11:54 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 11:54 . 2012-09-27 11:54 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 11:54 . 2012-09-27 11:54 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 11:54 . 2012-09-27 11:54 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 11:54 . 2012-09-27 11:54 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 11:54 . 2012-09-27 11:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 11:54 . 2012-09-27 11:54 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 11:54 . 2012-09-27 11:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 11:54 . 2012-09-27 11:54 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 11:54 . 2012-09-27 11:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 11:54 . 2012-09-27 11:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 11:54 . 2012-09-27 11:54 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 11:54 . 2012-09-27 11:54 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 11:54 . 2012-09-27 11:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 11:54 . 2012-09-27 11:54 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 11:54 . 2012-09-27 11:54 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 11:54 . 2012-09-27 11:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 11:54 . 2012-09-27 11:54 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 11:54 . 2012-09-27 11:54 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 11:54 . 2012-09-27 11:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 11:54 . 2012-09-27 11:54 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 11:54 . 2012-09-27 11:54 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 11:54 . 2012-09-27 11:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 11:54 . 2012-09-27 11:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 11:54 . 2012-09-27 11:54 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 11:54 . 2012-09-27 11:54 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 11:54 . 2012-09-27 11:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-27 11:54 . 2012-09-27 11:54 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 11:54 . 2012-09-27 11:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 11:54 . 2012-09-27 11:54 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 11:54 . 2012-09-27 11:54 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 11:54 . 2012-09-27 11:54 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 11:54 . 2012-09-27 11:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 11:54 . 2012-09-27 11:54 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 11:54 . 2012-09-27 11:54 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 11:54 . 2012-09-27 11:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 11:54 . 2012-09-27 11:54 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 11:54 . 2012-09-27 11:54 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 11:54 . 2012-09-27 11:54 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-24 21:16 . 2012-09-28 09:41 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 22:58 . 2012-09-27 12:00 9308616 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4ACAE4E-2E7D-426B-BD89-DA8454C6024D}\mpengine.dll
2012-09-14 19:19 . 2012-10-10 07:48 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 07:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 07:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 07:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 07:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 07:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 07:48 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 07:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-27 14:29 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-27 14:29 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-27 14:29 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-27 14:29 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-10-31 3389080]
"Akamai NetSession Interface"="c:\users\Frank\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Phaser 6121MFP Scan Dashboard"="c:\program files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe" [2009-03-25 5898240]
"Spotify"="c:\users\Frank\AppData\Roaming\Spotify\Spotify.exe" [2012-10-29 7880664]
"Spotify Web Helper"="c:\users\Frank\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2012-10-10 4104192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-06-20 286720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-02 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 ALSysIO;ALSysIO;c:\users\Frank\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-06-20 578008]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-06-20 26072]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-08-09 24880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 rr62x;rr62x;c:\windows\system32\DRIVERS\rr62x.sys [2010-06-16 156256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-07 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-03 204288]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-15 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-15 80032]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-10 2309656]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-09-04 147472]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-09-04 678416]
S2 IAStorDataMgrSvc;Intel® Rapid lagringsteknologi;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-06-20 7168]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-06-15 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-06-15 299680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-06-15 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-06-15 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-06-15 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-06-15 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-06-15 282272]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-22 7284328]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-15 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-15 379552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{42DC4274-02DF-48BE-9044-A88A99D48C24}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/
FF - ExtSQL: 2012-09-27 16:15; jid1-qQSMEVsYTOjgYA@jetpack; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
FF - ExtSQL: 2012-09-27 20:13; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-28 11:31; plugin@yontoo.com; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mq4j44zd.default\extensions\plugin@yontoo.com
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2a9427e60000000000005404a6406623&q=
FF - user.js: extensions.BabylonToolbar.id - 2a9427e60000000000005404a6406623
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15611
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111511&tt=270912_7a_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-11-09 21:11:09
ComboFix-quarantined-files.txt 2012-11-09 20:11
ComboFix2.txt 2012-11-08 15:04
.
Pre-Run: 293 198 163 968 byte ledig
Post-Run: 293 177 327 616 byte ledig
.
- - End Of File - - F53A360B4B1594616A77F72B8DB7D7E5



BTW: I started a new post (from my server) and hope you can help me with this one too. http://www.bleepingcomputer.com/forums/topic474610.html

And when all this is done, me and my wife will donate to this site. We could not have done this ourselves. Thankyou!

EDIT: Gringo is helping with it

Edited by Frank Sovik, 09 November 2012 - 04:49 PM.


#11 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 November 2012 - 07:29 AM

bump

Edited by Frank Sovik, 10 November 2012 - 07:33 AM.


#12 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 10 November 2012 - 08:13 AM

Could I ask for the reason why you bump this topic ?
Dont you have a life away from the PC. Anyway, I have.


Please press the Posted Image + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall


This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.




Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date
  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates
  • Software Updates
    Your installed Software also can have vulnerabilities that malware can use to infect your system.
    To keep your installed Software up to date I recommend File Hippo.


Anti Virus Software
Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.


Safer Browsing


Use an alternate browser
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.
Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance
Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).



Thinking while surfing
There is no software which will protect your system from yourself.
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.


If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#13 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 November 2012 - 08:20 AM

Done.

And again. Thankyou.

PS: I dont have a life away from the Pc......

Should I donate to you now or is the donations to the site or personal?

Kindly regards

Frank Søvik

#14 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:24 PM

Posted 10 November 2012 - 10:01 AM

You are welcome.

PS: I dont have a life away from the Pc

I was only kidding :thumbup2:

The donate button in my signature is a personal donation. There is no way for a site donation :)
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#15 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 November 2012 - 10:17 AM

Pls check if I did correct with the donation... Thankyou again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users