Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My isp called and said I have a Torpig in my network


  • This topic is locked This topic is locked
36 replies to this topic

#1 Frank Sovik

Frank Sovik

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 09 November 2012 - 06:20 AM

This is my server pc. I was told to make a new post for each of my systems in my network.


DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by Server at 12:13:09 on 2012-11-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1033.18.12279.7918 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe
C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Boxee Media Manager\bmm_tray.exe
C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Phaser 6121MFP Scan Dashboard] C:\Program Files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe -startup
uRun: [Boxee Media Manager] "C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: Interfaces\{060B8939-BF39-4E12-BF5E-D0EE60586DE4} : NameServer = 8.8.8.8,8.8.4.4
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\iscoynrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtorrents.com/loggedin/my/new_fav_tag_torrents.do
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-8 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-8 676936]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-29 2754984]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-8 25928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-27 1255736]
.
=============== Created Last 30 ================
.
2012-11-08 13:09:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38B77CFA-30AA-48A6-8309-88ADE6F0FCAA}\offreg.dll
2012-11-08 11:58:47 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38B77CFA-30AA-48A6-8309-88ADE6F0FCAA}\mpengine.dll
2012-11-08 09:51:47 -------- d-----w- C:\Users\Server\AppData\Roaming\Malwarebytes
2012-11-08 09:51:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-08 09:51:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-08 09:51:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-07 15:01:13 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-26 15:18:56 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2012-10-26 15:18:56 -------- d-----w- C:\Users\Server\AppData\Local\boxee
2012-10-26 15:18:50 -------- d-----w- C:\Program Files\Bonjour Print Services
2012-10-26 15:18:44 -------- d-----w- C:\Program Files\Bonjour
2012-10-26 15:18:44 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-10-26 15:18:19 -------- d-----w- C:\Program Files (x86)\Boxee Media Manager
2012-10-22 10:32:38 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-22 10:32:34 395600 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-22 09:55:21 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2012-10-22 08:56:32 -------- d-----w- C:\Users\Server\AppData\Local\Chromium
2012-10-22 08:15:37 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2012-10-22 08:15:32 -------- d-----w- C:\ProgramData\TVersity
2012-10-21 22:56:03 -------- d-----w- C:\Windows\PCHEALTH
2012-10-21 22:55:31 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-10-21 22:42:09 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4db884491cdafdd48\bingbarsetup.exe
2012-10-21 22:40:45 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bf1c8941cdafdd3a\MeshBetaRemover.exe
2012-10-21 22:39:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9d585b1cdafdc2c\DXSETUP.exe
2012-10-21 22:39:22 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9d585b1cdafdc2c\DSETUP.dll
2012-10-21 22:39:22 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9d585b1cdafdc2c\dsetup32.dll
2012-10-21 22:39:18 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e7777b7e1cdafdc2b\DXSETUP.exe
2012-10-21 22:39:17 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e7777b7e1cdafdc2b\DSETUP.dll
2012-10-21 22:39:17 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e7777b7e1cdafdc2b\dsetup32.dll
2012-10-21 22:35:19 -------- d-----w- C:\Users\Server\AppData\Local\Windows Live
2012-10-21 22:35:19 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-10-21 20:46:23 -------- d-----w- C:\Users\Server\AppData\Roaming\XBMC
2012-10-21 20:45:26 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-10-21 20:45:26 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-10-21 20:44:43 -------- d-----w- C:\Program Files (x86)\XBMC
2012-10-20 20:11:14 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C730C521-8D2F-456F-B2CD-17E9880226B4}\gapaengine.dll
.
==================== Find3M ====================
.
2012-11-07 11:59:21 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 11:59:21 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-28 09:21:48 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-28 09:21:47 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-28 09:21:47 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-28 09:20:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-28 09:20:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-27 14:36:22 0 ----a-w- C:\Windows\ativpsrm.bin
2012-09-24 21:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:13:16,72 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.09.2012 13:47:37
System Uptime: 08.11.2012 13:42:51 (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage III GENE
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 53,246 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 100,255 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 401,155 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 689,567 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 400,944 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 2795 GiB total, 1445,907 GiB free.
J: is CDROM (UDF)
K: is FIXED (NTFS) - 1863 GiB total, 702,485 GiB free.
L: is FIXED (NTFS) - 931 GiB total, 528,037 GiB free.
M: is FIXED (NTFS) - 1863 GiB total, 905,87 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP35: 21.10.2012 19:00:54 - Windows Backup
RP36: 21.10.2012 22:45:22 - Installed DirectX
RP37: 21.10.2012 22:46:07 - Installed Java 7 Update 9
RP38: 22.10.2012 00:34:52 - Windows Update
RP39: 26.10.2012 09:42:59 - Windows Update
RP40: 26.10.2012 17:18:46 - Installed Bonjour Print Services
RP41: 28.10.2012 19:00:39 - Windows Backup
RP42: 29.10.2012 17:29:48 - Windows Update
RP43: 01.11.2012 22:17:01 - Windows Update
RP44: 04.11.2012 19:00:32 - Windows Backup
RP45: 05.11.2012 22:09:42 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
µTorrent
Bing Bar
Bonjour
Bonjour-utskriftstjenester
Boxee Media Manager
D3DX10
FileZilla Server
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
Malwarebytes Anti-Malware versjon 1.65.1.1000
marvell 91xx driver
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 nb-NO)
Mozilla Maintenance Service
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
Phaser 6121MFP PC-FAX
Phaser 6121MFP Scan Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
TeamViewer 7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client for Windows x64
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Xerox Phaser 6121MFP
Xerox Phaser 6121MFP Scanner
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
08.11.2012 22:55:41, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_E:\Programmer\Microsoft.Office.2010.Norwegian.Language.Pack.x86-XiSO\activator.rar;containerfile:_E:\Programmer\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO\zmoppv14\activator.rar;containerfile:_E:\Programmer\Microsoft.Windows.7.X64.64bit.All.Editions.Activated\Microsoft.Windows.7.X64.64bit.All.Editions\Microsoft Windows 7 X64 64bit All Editions.iso;containerfile:_E:\Programmer\Nod32 ESET Smart Security 4 Version 4.2.71.zip;containerfile:_E:\Programmer\Sony Vegas Pro 11\Sony.Vegas.Pro.v11.Build.370.371.(32Bit-64Bit).DI.DM999.rar;containerfile:_E:\Programmer\TL-0day-0311\Emurasoft.EmEditor.Professional.v11.1.3.x64.BETA.MULTILINGUAL-CRD\cxa3221a.zip;containerfile:_E:\Programmer\TL-0day-0311\Emurasoft.EmEditor.Professional.v11.1.3.x86.BETA.MULTILINGUAL-CRD\cxa3220a.zip;containerfile:_E:\Programmer\TL-0day-0311\Joboshare.DVD.Audio.Ripper.v3.3.0.0227.Incl.Keygen-Lz0\lzwwxdl1.zip;containerfile:_E:\Programmer\TL-0day-0311\Joboshare.DVD.Copy.v3.2.7.0309.Incl.Keygen-Lz0\lzcsesf1 Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1584.0, AS: 1.139.1584.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
08.11.2012 17:23:48, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929 Name: VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso;file:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso->Crack\dvm.dll Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1584.0, AS: 1.139.1584.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
08.11.2012 17:23:48, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_E:\Programmer\Adobe Creative Suite 6 Master Collection - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Adobe SpeedGrade CS6 (64 Bit) - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Corel.PaintShop.Photo.Pro.X4.v14.0.0.332.Incl.Keymaker-CORE\cr-qqj01.zip;containerfile:_E:\Programmer\Microsoft.Office.2010.Norwegian.Language.Pack.x86-XiSO\activator.rar;containerfile:_E:\Programmer\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO\zmoppv14\activator.rar;containerfile:_E:\Programmer\Microsoft.Windows.7.X64.64bit.All.Editions.Activated\Microsoft.Windows.7.X64.64bit.All.Editions\Microsoft Windows 7 X64 64bit All Editions.iso;containerfile:_E:\Programmer\Nod32 ESET Smart Security 4 Version 4.2.71.zip;containerfile:_E:\Programmer\Sony Vegas Pro 11\Sony.Vegas.Pro.v11.Build.370.371.(32Bit-64Bit).DI.DM999.rar;containerfile:_E:\Programmer\TL-0day-0311\Emurasoft.EmEditor.Professional.v1 Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1584.0, AS: 1.139.1584.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
08.11.2012 13:29:14, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929 Name: VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso;file:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso->Crack\dvm.dll Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1584.0, AS: 1.139.1584.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
08.11.2012 13:29:14, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_E:\Programmer\Adobe Creative Suite 6 Master Collection - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Adobe SpeedGrade CS6 (64 Bit) - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Corel.PaintShop.Photo.Pro.X4.v14.0.0.332.Incl.Keymaker-CORE\cr-qqj01.zip;containerfile:_E:\Programmer\Microsoft.Office.2010.Norwegian.Language.Pack.x86-XiSO\activator.rar;containerfile:_E:\Programmer\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO\zmoppv14\activator.rar;containerfile:_E:\Programmer\Microsoft.Windows.7.X64.64bit.All.Editions.Activated\Microsoft.Windows.7.X64.64bit.All.Editions\Microsoft Windows 7 X64 64bit All Editions.iso;containerfile:_E:\Programmer\Nod32 ESET Smart Security 4 Version 4.2.71.zip;containerfile:_E:\Programmer\Sony Vegas Pro 11\Sony.Vegas.Pro.v11.Build.370.371.(32Bit-64Bit).DI.DM999.rar;containerfile:_E:\Programmer\TL-0day-0311\Emurasoft.EmEditor.Professional.v1 Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1584.0, AS: 1.139.1584.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
07.11.2012 23:06:41, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929 Name: VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso;file:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso->Crack\dvm.dll Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1543.0, AS: 1.139.1543.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
07.11.2012 23:06:41, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_E:\Programmer\Adobe Creative Suite 6 Master Collection - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Adobe SpeedGrade CS6 (64 Bit) - Cool Release\C.R. Patch\Adobe CS6 Multi Product Activator [C.R.].zip;containerfile:_E:\Programmer\Corel.PaintShop.Photo.Pro.X4.v14.0.0.332.Incl.Keymaker-CORE\cr-qqj01.zip;containerfile:_E:\Programmer\Microsoft.Office.2010.Norwegian.Language.Pack.x86-XiSO\activator.rar;containerfile:_E:\Programmer\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO\zmoppv14\activator.rar;containerfile:_E:\Programmer\Microsoft.Windows.7.X64.64bit.All.Editions.Activated\Microsoft.Windows.7.X64.64bit.All.Editions\Microsoft Windows 7 X64 64bit All Editions.iso;containerfile:_E:\Programmer\Nod32 ESET Smart Security 4 Version 4.2.71.zip;containerfile:_E:\Programmer\Sony Vegas Pro 11\Sony.Vegas.Pro.v11.Build.370.371.(32Bit-64Bit).DI.DM999.rar;containerfile:_E:\Programmer\TL-0day-0311\Emurasoft.EmEditor.Professional.v1 Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1543.0, AS: 1.139.1543.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
07.11.2012 15:55:31, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929 Name: VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso;file:_I:\Spill\Barnespill\My.Horse.And.Me.2-HI2U\myhorse2\myhorse2.iso->Crack\dvm.dll Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: Server-PC\Server Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.1480.0, AS: 1.139.1480.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
02.11.2012 20:54:29, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 09 November 2012 - 04:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 09 November 2012 - 04:44 PM

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versjon 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````









# AdwCleaner v2.007 - Logfile created 11/09/2012 at 22:47:35
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Server - SERVER-PC
# Boot Mode : Normal
# Running from : C:\Users\Server\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (nb-NO)

Profile name : default
File : C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\iscoynrw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [684 octets] - [09/11/2012 22:47:35]

########## EOF - C:\AdwCleaner[S1].txt - [743 octets] ##########









RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Server [Admin rights]
Mode : Remove -- Date : 11/09/2012 22:56:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX3 +++++
--- User ---
[MBR] cf9487acfea49dccd3a94b74a911d12c
[BSP] efd9ba0eb7bb9dacf5b1e94b9f05f0f8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AACS-00G8B0 +++++
--- User ---
[MBR] 5490f32f441f192944e320f46578a25f
[BSP] 560e64132cf9adf8fbbbf35f4fac117c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD5000AACS-00G8B0 +++++
--- User ---
[MBR] bc0708e506ac62a5e7335fb1413acffc
[BSP] 5904afa8dcc50c234a4d4e0b156cb69e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD10EARS-00Y5B1 +++++
--- User ---
[MBR] a1c51f619d19b7a629759f4aef7c9c03
[BSP] 2455fe0d58b31baf128feb116cbe772c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD5000AACS-00G8B0 +++++
--- User ---
[MBR] 24d01421270b1df70a3464194787d257
[BSP] 029b5728081e07dc97b2d259627099d7 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11092012_02d2256.txt >>
RKreport[1]_S_11092012_02d2255.txt ; RKreport[2]_D_11092012_02d2256.txt


Hope this is done as you wanted it. Can I enable teamwiever on the comp? I use it all the time from my phone, it will make me able to reply quicker aswell.

Edited by Frank Sovik, 09 November 2012 - 04:59 PM.


#4 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 07:29 AM

bump

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 10 November 2012 - 12:38 PM

Hello

I seen yesterday that you had only posted one of the reports so I was waiting for you to send the rest - when you edit your posts I am NOT notified of the change and I was still waiting for the other reports

It is best that if you do not edit your posts

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 02:39 PM

ComboFix 12-11-09.02 - Server 10.11.2012 20:33:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1033.18.12279.10454 [GMT 1:00]
Kjører fra: c:\users\Server\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-10 til 2012-11-10 )))))))))))))))))))))))))))))))))
.
.
2012-11-10 19:35 . 2012-11-10 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 12:55 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41BD98D9-EE76-4018-B46D-4238BA047288}\mpengine.dll
2012-11-08 11:58 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-08 09:51 . 2012-11-08 09:51 -------- d-----w- c:\users\Server\AppData\Roaming\Malwarebytes
2012-11-08 09:51 . 2012-11-08 09:51 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 09:51 . 2012-11-08 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 09:51 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-26 15:18 . 2012-10-26 15:18 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\users\Server\AppData\Local\boxee
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files\Bonjour Print Services
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files\Bonjour
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\programdata\Apple
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files (x86)\Boxee Media Manager
2012-10-23 20:58 . 2012-10-23 20:59 -------- d-----w- c:\users\test
2012-10-22 10:52 . 2012-10-22 10:52 -------- d-----w- c:\users\Mcx1-SERVER-PC
2012-10-22 10:32 . 2012-10-22 10:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-22 10:32 . 2012-10-22 10:32 395600 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-22 09:55 . 2012-10-22 09:55 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-10-22 08:56 . 2012-10-22 08:56 -------- d-----w- c:\users\Server\AppData\Local\Chromium
2012-10-22 08:15 . 2012-10-22 14:24 -------- d-----w- c:\program files (x86)\TVersity Codec Pack
2012-10-22 08:15 . 2012-10-22 08:15 -------- d-----w- c:\programdata\TVersity
2012-10-21 22:56 . 2012-10-21 22:56 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-21 22:56 . 2012-10-21 22:56 -------- d-----w- c:\windows\PCHEALTH
2012-10-21 22:55 . 2012-10-21 22:55 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-21 22:35 . 2012-10-21 22:35 -------- d-----w- c:\users\Server\AppData\Local\Windows Live
2012-10-21 22:35 . 2012-10-21 22:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-21 20:46 . 2012-10-21 22:04 -------- d-----w- c:\users\Server\AppData\Roaming\XBMC
2012-10-21 20:45 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-10-21 20:45 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-10-21 20:44 . 2012-10-22 14:23 -------- d-----w- c:\program files (x86)\XBMC
2012-10-20 20:11 . 2012-09-27 16:14 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C730C521-8D2F-456F-B2CD-17E9880226B4}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 11:59 . 2012-09-28 17:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 11:59 . 2012-09-28 17:14 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 22:56 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-10 01:01 . 2012-09-27 13:54 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-28 09:21 . 2012-09-28 09:21 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-28 09:21 . 2012-09-28 09:21 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-28 09:21 . 2012-09-28 09:21 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-28 09:21 . 2012-09-28 09:21 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 09:21 . 2012-09-28 09:21 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 09:21 . 2012-09-28 09:21 188904 ----a-w- c:\windows\system32\java.exe
2012-09-28 09:20 . 2012-09-28 09:20 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 09:20 . 2012-09-28 09:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-27 16:14 . 2012-10-05 20:51 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 13:57 . 2012-09-27 13:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 13:57 . 2012-09-27 13:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 13:57 . 2012-09-27 13:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 13:57 . 2012-09-27 13:57 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 13:57 . 2012-09-27 13:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 13:57 . 2012-09-27 13:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 13:57 . 2012-09-27 13:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 13:57 . 2012-09-27 13:57 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 13:57 . 2012-09-27 13:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 13:57 . 2012-09-27 13:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 13:57 . 2012-09-27 13:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 13:57 . 2012-09-27 13:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 13:57 . 2012-09-27 13:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 13:57 . 2012-09-27 13:57 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 13:57 . 2012-09-27 13:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 13:57 . 2012-09-27 13:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 13:57 . 2012-09-27 13:57 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 13:57 . 2012-09-27 13:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 13:57 . 2012-09-27 13:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 13:57 . 2012-09-27 13:57 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 13:57 . 2012-09-27 13:57 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 13:57 . 2012-09-27 13:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 13:57 . 2012-09-27 13:57 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 13:57 . 2012-09-27 13:57 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 13:57 . 2012-09-27 13:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 13:57 . 2012-09-27 13:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 13:57 . 2012-09-27 13:57 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 13:57 . 2012-09-27 13:57 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 13:57 . 2012-09-27 13:57 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 13:57 . 2012-09-27 13:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 13:57 . 2012-09-27 13:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 13:57 . 2012-09-27 13:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 13:57 . 2012-09-27 13:57 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 13:57 . 2012-09-27 13:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 13:57 . 2012-09-27 13:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 13:57 . 2012-09-27 13:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 13:57 . 2012-09-27 13:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 13:57 . 2012-09-27 13:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 13:57 . 2012-09-27 13:57 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 13:57 . 2012-09-27 13:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 13:57 . 2012-09-27 13:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 13:57 . 2012-09-27 13:57 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 13:57 . 2012-09-27 13:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 13:57 . 2012-09-27 13:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 13:57 . 2012-09-27 13:57 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 13:57 . 2012-09-27 13:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 13:57 . 2012-09-27 13:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 13:57 . 2012-09-27 13:57 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 13:57 . 2012-09-27 13:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 13:57 . 2012-09-27 13:57 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 13:57 . 2012-09-27 13:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 13:57 . 2012-09-27 13:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 13:57 . 2012-09-27 13:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 13:57 . 2012-09-27 13:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 13:57 . 2012-09-27 13:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 13:57 . 2012-09-27 13:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 13:57 . 2012-09-27 13:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 13:57 . 2012-09-27 13:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 13:57 . 2012-09-27 13:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 13:57 . 2012-09-27 13:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 13:57 . 2012-09-27 13:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 13:57 . 2012-09-27 13:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 13:57 . 2012-09-27 13:57 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 13:57 . 2012-09-27 13:57 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-27 13:57 . 2012-09-27 13:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-24 21:16 . 2012-09-28 09:20 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 22:58 . 2012-09-27 14:06 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01C62AAF-8FDB-42A3-B390-17642DD8EB0E}\mpengine.dll
2012-09-14 19:23 . 2012-10-10 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 00:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:02 . 2012-10-10 00:16 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:11 . 2012-10-10 00:16 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 00:16 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 00:16 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 00:15 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 17:10 . 2012-10-10 00:15 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-18 15:43 . 2012-10-10 00:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-18 15:43 . 2012-10-10 00:16 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-18 15:43 . 2012-10-10 00:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-18 15:42 . 2012-10-10 00:16 215040 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-27 896912]
"Phaser 6121MFP Scan Dashboard"="c:\program files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe" [2009-03-25 5898240]
"Boxee Media Manager"="c:\program files (x86)\Boxee Media Manager\BoxeeMediaManager.exe" [2011-10-07 1796240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 11:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{060B8939-BF39-4E12-BF5E-D0EE60586DE4}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\iscoynrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtorrents.com/loggedin/my/new_fav_tag_torrents.do
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-11-10 20:37:14
ComboFix-quarantined-files.txt 2012-11-10 19:37
.
Pre-Run: 57 149 718 528 bytes free
Post-Run: 57 091 702 784 bytes free
.
- - End Of File - - 6CBF8F52A8F38CB4F97A0B9623D81964



When can I connect the external hdd`s

I will not edit post any more, I will make several posts instead

#7 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 02:43 PM

The computer did not let me update to sp1 + some additional win updates
Every now and then when I reboot the computer I have to reboot several times to "make it understand / read the external hdd`s) Some in usb2 and 1 in usb 3

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 10 November 2012 - 07:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 08:14 PM

02:11:58.0633 4776 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:11:58.0820 4776 ============================================================
02:11:58.0820 4776 Current date / time: 2012/11/11 02:11:58.0820
02:11:58.0820 4776 SystemInfo:
02:11:58.0820 4776
02:11:58.0820 4776 OS Version: 6.1.7600 ServicePack: 0.0
02:11:58.0820 4776 Product type: Workstation
02:11:58.0820 4776 ComputerName: SERVER-PC
02:11:58.0820 4776 UserName: Server
02:11:58.0820 4776 Windows directory: C:\Windows
02:11:58.0820 4776 System windows directory: C:\Windows
02:11:58.0820 4776 Running under WOW64
02:11:58.0820 4776 Processor architecture: Intel x64
02:11:58.0820 4776 Number of processors: 8
02:11:58.0820 4776 Page size: 0x1000
02:11:58.0820 4776 Boot type: Normal boot
02:11:58.0820 4776 ============================================================
02:11:59.0008 4776 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:11:59.0600 4776 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:12:00.0162 4776 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:12:00.0162 4776 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:12:00.0724 4776 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:12:00.0739 4776 Drive \Device\Harddisk5\DR5 - Size: 0x2BAA1472000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:12:00.0739 4776 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:12:00.0739 4776 Drive \Device\Harddisk7\DR7 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:12:00.0739 4776 Drive \Device\Harddisk8\DR8 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:12:00.0739 4776 ============================================================
02:12:00.0739 4776 \Device\Harddisk0\DR0:
02:12:00.0739 4776 MBR partitions:
02:12:00.0739 4776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:12:00.0739 4776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
02:12:00.0739 4776 \Device\Harddisk1\DR1:
02:12:00.0739 4776 MBR partitions:
02:12:00.0739 4776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
02:12:00.0739 4776 \Device\Harddisk2\DR2:
02:12:00.0739 4776 MBR partitions:
02:12:00.0739 4776 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
02:12:00.0739 4776 \Device\Harddisk3\DR3:
02:12:00.0739 4776 MBR partitions:
02:12:00.0739 4776 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
02:12:00.0739 4776 \Device\Harddisk4\DR4:
02:12:00.0739 4776 MBR partitions:
02:12:00.0739 4776 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
02:12:00.0739 4776 \Device\Harddisk5\DR5:
02:12:00.0755 4776 MBR partitions:
02:12:00.0755 4776 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA0A20
02:12:00.0755 4776 \Device\Harddisk6\DR6:
02:12:00.0755 4776 MBR partitions:
02:12:00.0755 4776 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
02:12:00.0755 4776 \Device\Harddisk7\DR7:
02:12:00.0755 4776 MBR partitions:
02:12:00.0755 4776 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
02:12:00.0755 4776 \Device\Harddisk8\DR8:
02:12:00.0755 4776 MBR partitions:
02:12:00.0755 4776 \Device\Harddisk8\DR8\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
02:12:00.0755 4776 ============================================================
02:12:00.0755 4776 C: <-> \Device\Harddisk0\DR0\Partition2
02:12:00.0770 4776 D: <-> \Device\Harddisk1\DR1\Partition1
02:12:00.0770 4776 E: <-> \Device\Harddisk2\DR2\Partition1
02:12:01.0176 4776 F: <-> \Device\Harddisk3\DR3\Partition1
02:12:01.0176 4776 G: <-> \Device\Harddisk4\DR4\Partition1
02:12:01.0176 4776 I: <-> \Device\Harddisk5\DR5\Partition1
02:12:01.0644 4776 K: <-> \Device\Harddisk8\DR8\Partition1
02:12:01.0644 4776 L: <-> \Device\Harddisk7\DR7\Partition1
02:12:01.0660 4776 M: <-> \Device\Harddisk6\DR6\Partition1
02:12:01.0660 4776 ============================================================
02:12:01.0660 4776 Initialize success
02:12:01.0660 4776 ============================================================
02:12:05.0544 1248 ============================================================
02:12:05.0544 1248 Scan started
02:12:05.0544 1248 Mode: Manual;
02:12:05.0544 1248 ============================================================
02:12:05.0887 1248 ================ Scan system memory ========================
02:12:05.0887 1248 System memory - ok
02:12:05.0887 1248 ================ Scan services =============================
02:12:05.0919 1248 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
02:12:05.0919 1248 1394ohci - ok
02:12:05.0919 1248 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
02:12:05.0919 1248 ACPI - ok
02:12:05.0919 1248 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
02:12:05.0919 1248 AcpiPmi - ok
02:12:05.0934 1248 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:12:05.0934 1248 AdobeFlashPlayerUpdateSvc - ok
02:12:05.0950 1248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:12:05.0950 1248 adp94xx - ok
02:12:05.0950 1248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:12:05.0950 1248 adpahci - ok
02:12:05.0965 1248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:12:05.0965 1248 adpu320 - ok
02:12:05.0965 1248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:12:05.0965 1248 AeLookupSvc - ok
02:12:05.0965 1248 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
02:12:05.0965 1248 AFD - ok
02:12:05.0981 1248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
02:12:05.0981 1248 agp440 - ok
02:12:05.0981 1248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:12:05.0981 1248 ALG - ok
02:12:05.0981 1248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
02:12:05.0981 1248 aliide - ok
02:12:05.0981 1248 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:12:05.0981 1248 AMD External Events Utility - ok
02:12:05.0981 1248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
02:12:05.0981 1248 amdide - ok
02:12:05.0997 1248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:12:05.0997 1248 AmdK8 - ok
02:12:06.0075 1248 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:12:06.0106 1248 amdkmdag - ok
02:12:06.0121 1248 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
02:12:06.0121 1248 amdkmdap - ok
02:12:06.0121 1248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:12:06.0121 1248 AmdPPM - ok
02:12:06.0121 1248 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
02:12:06.0121 1248 amdsata - ok
02:12:06.0121 1248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:12:06.0121 1248 amdsbs - ok
02:12:06.0137 1248 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
02:12:06.0137 1248 amdxata - ok
02:12:06.0137 1248 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
02:12:06.0137 1248 AppID - ok
02:12:06.0137 1248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:12:06.0137 1248 AppIDSvc - ok
02:12:06.0137 1248 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
02:12:06.0137 1248 Appinfo - ok
02:12:06.0137 1248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:12:06.0137 1248 arc - ok
02:12:06.0153 1248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:12:06.0153 1248 arcsas - ok
02:12:06.0153 1248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:12:06.0153 1248 AsyncMac - ok
02:12:06.0153 1248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
02:12:06.0153 1248 atapi - ok
02:12:06.0168 1248 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:12:06.0168 1248 AudioEndpointBuilder - ok
02:12:06.0168 1248 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:12:06.0168 1248 AudioSrv - ok
02:12:06.0184 1248 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:12:06.0184 1248 AxInstSV - ok
02:12:06.0184 1248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:12:06.0184 1248 b06bdrv - ok
02:12:06.0184 1248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:12:06.0199 1248 b57nd60a - ok
02:12:06.0199 1248 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
02:12:06.0199 1248 BBSvc - ok
02:12:06.0199 1248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:12:06.0199 1248 BDESVC - ok
02:12:06.0199 1248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:12:06.0199 1248 Beep - ok
02:12:06.0215 1248 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
02:12:06.0215 1248 BFE - ok
02:12:06.0231 1248 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
02:12:06.0231 1248 BITS - ok
02:12:06.0231 1248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:12:06.0231 1248 blbdrive - ok
02:12:06.0231 1248 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
02:12:06.0231 1248 Bonjour Service - ok
02:12:06.0246 1248 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:12:06.0246 1248 bowser - ok
02:12:06.0246 1248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:12:06.0246 1248 BrFiltLo - ok
02:12:06.0246 1248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:12:06.0246 1248 BrFiltUp - ok
02:12:06.0246 1248 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:12:06.0246 1248 BridgeMP - ok
02:12:06.0246 1248 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
02:12:06.0246 1248 Browser - ok
02:12:06.0262 1248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:12:06.0262 1248 Brserid - ok
02:12:06.0262 1248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:12:06.0262 1248 BrSerWdm - ok
02:12:06.0262 1248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:12:06.0262 1248 BrUsbMdm - ok
02:12:06.0262 1248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:12:06.0262 1248 BrUsbSer - ok
02:12:06.0262 1248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:12:06.0262 1248 BTHMODEM - ok
02:12:06.0277 1248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:12:06.0277 1248 bthserv - ok
02:12:06.0277 1248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:12:06.0277 1248 cdfs - ok
02:12:06.0277 1248 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:12:06.0277 1248 cdrom - ok
02:12:06.0277 1248 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
02:12:06.0277 1248 CertPropSvc - ok
02:12:06.0277 1248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:12:06.0277 1248 circlass - ok
02:12:06.0293 1248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:12:06.0293 1248 CLFS - ok
02:12:06.0293 1248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:12:06.0293 1248 clr_optimization_v2.0.50727_32 - ok
02:12:06.0293 1248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:12:06.0293 1248 clr_optimization_v2.0.50727_64 - ok
02:12:06.0309 1248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:12:06.0309 1248 clr_optimization_v4.0.30319_32 - ok
02:12:06.0309 1248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:12:06.0309 1248 clr_optimization_v4.0.30319_64 - ok
02:12:06.0309 1248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:12:06.0309 1248 CmBatt - ok
02:12:06.0309 1248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
02:12:06.0309 1248 cmdide - ok
02:12:06.0324 1248 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
02:12:06.0324 1248 CNG - ok
02:12:06.0324 1248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:12:06.0324 1248 Compbatt - ok
02:12:06.0324 1248 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
02:12:06.0324 1248 CompositeBus - ok
02:12:06.0324 1248 COMSysApp - ok
02:12:06.0340 1248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:12:06.0340 1248 crcdisk - ok
02:12:06.0340 1248 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:12:06.0340 1248 CryptSvc - ok
02:12:06.0355 1248 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:12:06.0355 1248 DcomLaunch - ok
02:12:06.0355 1248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:12:06.0355 1248 defragsvc - ok
02:12:06.0355 1248 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:12:06.0355 1248 DfsC - ok
02:12:06.0371 1248 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
02:12:06.0371 1248 Dhcp - ok
02:12:06.0371 1248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:12:06.0371 1248 discache - ok
02:12:06.0371 1248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:12:06.0371 1248 Disk - ok
02:12:06.0371 1248 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:12:06.0371 1248 Dnscache - ok
02:12:06.0387 1248 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
02:12:06.0387 1248 dot3svc - ok
02:12:06.0387 1248 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
02:12:06.0387 1248 DPS - ok
02:12:06.0387 1248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:12:06.0387 1248 drmkaud - ok
02:12:06.0402 1248 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:12:06.0402 1248 DXGKrnl - ok
02:12:06.0402 1248 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
02:12:06.0402 1248 e1yexpress - ok
02:12:06.0402 1248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:12:06.0402 1248 EapHost - ok
02:12:06.0433 1248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:12:06.0449 1248 ebdrv - ok
02:12:06.0449 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
02:12:06.0449 1248 EFS - ok
02:12:06.0465 1248 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:12:06.0465 1248 ehRecvr - ok
02:12:06.0465 1248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:12:06.0465 1248 ehSched - ok
02:12:06.0465 1248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:12:06.0480 1248 elxstor - ok
02:12:06.0480 1248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
02:12:06.0480 1248 ErrDev - ok
02:12:06.0480 1248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:12:06.0480 1248 EventSystem - ok
02:12:06.0480 1248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:12:06.0496 1248 exfat - ok
02:12:06.0496 1248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:12:06.0496 1248 fastfat - ok
02:12:06.0496 1248 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
02:12:06.0496 1248 Fax - ok
02:12:06.0511 1248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:12:06.0511 1248 fdc - ok
02:12:06.0511 1248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:12:06.0511 1248 fdPHost - ok
02:12:06.0511 1248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:12:06.0511 1248 FDResPub - ok
02:12:06.0511 1248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:12:06.0511 1248 FileInfo - ok
02:12:06.0511 1248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:12:06.0511 1248 Filetrace - ok
02:12:06.0527 1248 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZilla Server C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
02:12:06.0527 1248 FileZilla Server - ok
02:12:06.0527 1248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:12:06.0527 1248 flpydisk - ok
02:12:06.0527 1248 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:12:06.0527 1248 FltMgr - ok
02:12:06.0543 1248 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
02:12:06.0543 1248 FontCache - ok
02:12:06.0558 1248 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:12:06.0558 1248 FontCache3.0.0.0 - ok
02:12:06.0558 1248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:12:06.0558 1248 FsDepends - ok
02:12:06.0558 1248 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:12:06.0558 1248 Fs_Rec - ok
02:12:06.0558 1248 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:12:06.0558 1248 fvevol - ok
02:12:06.0558 1248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:12:06.0558 1248 gagp30kx - ok
02:12:06.0574 1248 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
02:12:06.0574 1248 gpsvc - ok
02:12:06.0574 1248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:12:06.0574 1248 hcw85cir - ok
02:12:06.0589 1248 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:12:06.0589 1248 HdAudAddService - ok
02:12:06.0589 1248 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:12:06.0589 1248 HDAudBus - ok
02:12:06.0589 1248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:12:06.0589 1248 HidBatt - ok
02:12:06.0589 1248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:12:06.0589 1248 HidBth - ok
02:12:06.0605 1248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:12:06.0605 1248 HidIr - ok
02:12:06.0605 1248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:12:06.0605 1248 hidserv - ok
02:12:06.0605 1248 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:12:06.0605 1248 HidUsb - ok
02:12:06.0605 1248 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:12:06.0605 1248 hkmsvc - ok
02:12:06.0605 1248 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:12:06.0621 1248 HomeGroupListener - ok
02:12:06.0621 1248 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:12:06.0621 1248 HomeGroupProvider - ok
02:12:06.0621 1248 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
02:12:06.0621 1248 HpSAMD - ok
02:12:06.0636 1248 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:12:06.0636 1248 HTTP - ok
02:12:06.0636 1248 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:12:06.0636 1248 hwpolicy - ok
02:12:06.0636 1248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:12:06.0636 1248 i8042prt - ok
02:12:06.0636 1248 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
02:12:06.0652 1248 iaStorV - ok
02:12:06.0652 1248 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:12:06.0652 1248 idsvc - ok
02:12:06.0652 1248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:12:06.0667 1248 iirsp - ok
02:12:06.0667 1248 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
02:12:06.0667 1248 IKEEXT - ok
02:12:06.0683 1248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
02:12:06.0683 1248 intelide - ok
02:12:06.0683 1248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:12:06.0683 1248 intelppm - ok
02:12:06.0683 1248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:12:06.0683 1248 IPBusEnum - ok
02:12:06.0683 1248 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:12:06.0683 1248 IpFilterDriver - ok
02:12:06.0699 1248 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:12:06.0699 1248 iphlpsvc - ok
02:12:06.0699 1248 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:12:06.0699 1248 IPMIDRV - ok
02:12:06.0699 1248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:12:06.0699 1248 IPNAT - ok
02:12:06.0699 1248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:12:06.0699 1248 IRENUM - ok
02:12:06.0699 1248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
02:12:06.0714 1248 isapnp - ok
02:12:06.0714 1248 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
02:12:06.0714 1248 iScsiPrt - ok
02:12:06.0714 1248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:12:06.0714 1248 kbdclass - ok
02:12:06.0714 1248 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:12:06.0714 1248 kbdhid - ok
02:12:06.0714 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
02:12:06.0714 1248 KeyIso - ok
02:12:06.0730 1248 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:12:06.0730 1248 KSecDD - ok
02:12:06.0730 1248 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:12:06.0730 1248 KSecPkg - ok
02:12:06.0730 1248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:12:06.0730 1248 ksthunk - ok
02:12:06.0730 1248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:12:06.0730 1248 KtmRm - ok
02:12:06.0745 1248 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:12:06.0745 1248 LanmanServer - ok
02:12:06.0745 1248 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:12:06.0745 1248 LanmanWorkstation - ok
02:12:06.0745 1248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:12:06.0745 1248 lltdio - ok
02:12:06.0761 1248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:12:06.0761 1248 lltdsvc - ok
02:12:06.0761 1248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:12:06.0761 1248 lmhosts - ok
02:12:06.0761 1248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:12:06.0761 1248 LSI_FC - ok
02:12:06.0761 1248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:12:06.0761 1248 LSI_SAS - ok
02:12:06.0777 1248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:12:06.0777 1248 LSI_SAS2 - ok
02:12:06.0777 1248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:12:06.0777 1248 LSI_SCSI - ok
02:12:06.0777 1248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:12:06.0777 1248 luafv - ok
02:12:06.0777 1248 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
02:12:06.0777 1248 MBAMProtector - ok
02:12:06.0792 1248 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:12:06.0792 1248 MBAMScheduler - ok
02:12:06.0792 1248 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:12:06.0792 1248 MBAMService - ok
02:12:06.0792 1248 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:12:06.0808 1248 Mcx2Svc - ok
02:12:06.0808 1248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:12:06.0808 1248 megasas - ok
02:12:06.0808 1248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:12:06.0808 1248 MegaSR - ok
02:12:06.0808 1248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:12:06.0808 1248 MMCSS - ok
02:12:06.0808 1248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:12:06.0808 1248 Modem - ok
02:12:06.0823 1248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:12:06.0823 1248 monitor - ok
02:12:06.0823 1248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:12:06.0823 1248 mouclass - ok
02:12:06.0823 1248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:12:06.0823 1248 mouhid - ok
02:12:06.0823 1248 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:12:06.0823 1248 mountmgr - ok
02:12:06.0823 1248 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:12:06.0823 1248 MozillaMaintenance - ok
02:12:06.0839 1248 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:12:06.0839 1248 MpFilter - ok
02:12:06.0839 1248 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
02:12:06.0839 1248 mpio - ok
02:12:06.0839 1248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:12:06.0839 1248 mpsdrv - ok
02:12:06.0855 1248 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:12:06.0855 1248 MpsSvc - ok
02:12:06.0855 1248 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:12:06.0855 1248 MRxDAV - ok
02:12:06.0855 1248 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:12:06.0855 1248 mrxsmb - ok
02:12:06.0870 1248 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:12:06.0870 1248 mrxsmb10 - ok
02:12:06.0870 1248 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:12:06.0870 1248 mrxsmb20 - ok
02:12:06.0870 1248 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
02:12:06.0870 1248 msahci - ok
02:12:06.0870 1248 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
02:12:06.0870 1248 msdsm - ok
02:12:06.0886 1248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:12:06.0886 1248 MSDTC - ok
02:12:06.0886 1248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:12:06.0886 1248 Msfs - ok
02:12:06.0886 1248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:12:06.0886 1248 mshidkmdf - ok
02:12:06.0886 1248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
02:12:06.0886 1248 msisadrv - ok
02:12:06.0886 1248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:12:06.0901 1248 MSiSCSI - ok
02:12:06.0901 1248 msiserver - ok
02:12:06.0901 1248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:12:06.0901 1248 MSKSSRV - ok
02:12:06.0901 1248 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:12:06.0901 1248 MsMpSvc - ok
02:12:06.0901 1248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:12:06.0901 1248 MSPCLOCK - ok
02:12:06.0901 1248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:12:06.0901 1248 MSPQM - ok
02:12:06.0917 1248 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:12:06.0917 1248 MsRPC - ok
02:12:06.0917 1248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
02:12:06.0917 1248 mssmbios - ok
02:12:06.0917 1248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:12:06.0917 1248 MSTEE - ok
02:12:06.0917 1248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:12:06.0917 1248 MTConfig - ok
02:12:06.0917 1248 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
02:12:06.0917 1248 MTsensor - ok
02:12:06.0933 1248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:12:06.0933 1248 Mup - ok
02:12:06.0933 1248 [ 8DB5861A8DB19ABAF430FCD001EF5E93 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
02:12:06.0933 1248 mv91xx - ok
02:12:06.0933 1248 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
02:12:06.0948 1248 napagent - ok
02:12:06.0948 1248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:12:06.0948 1248 NativeWifiP - ok
02:12:06.0964 1248 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
02:12:06.0964 1248 NDIS - ok
02:12:06.0964 1248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:12:06.0964 1248 NdisCap - ok
02:12:06.0964 1248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:12:06.0964 1248 NdisTapi - ok
02:12:06.0964 1248 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:12:06.0964 1248 Ndisuio - ok
02:12:06.0979 1248 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:12:06.0979 1248 NdisWan - ok
02:12:06.0979 1248 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:12:06.0979 1248 NDProxy - ok
02:12:06.0979 1248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:12:06.0979 1248 NetBIOS - ok
02:12:06.0979 1248 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:12:06.0979 1248 NetBT - ok
02:12:06.0979 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
02:12:06.0979 1248 Netlogon - ok
02:12:06.0995 1248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:12:06.0995 1248 Netman - ok
02:12:06.0995 1248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:12:07.0011 1248 netprofm - ok
02:12:07.0011 1248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:12:07.0011 1248 NetTcpPortSharing - ok
02:12:07.0011 1248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:12:07.0011 1248 nfrd960 - ok
02:12:07.0011 1248 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:12:07.0011 1248 NisDrv - ok
02:12:07.0011 1248 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
02:12:07.0026 1248 NisSrv - ok
02:12:07.0026 1248 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:12:07.0026 1248 NlaSvc - ok
02:12:07.0026 1248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:12:07.0026 1248 Npfs - ok
02:12:07.0026 1248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:12:07.0026 1248 nsi - ok
02:12:07.0042 1248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:12:07.0042 1248 nsiproxy - ok
02:12:07.0057 1248 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:12:07.0057 1248 Ntfs - ok
02:12:07.0057 1248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:12:07.0057 1248 Null - ok
02:12:07.0057 1248 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
02:12:07.0057 1248 nusb3hub - ok
02:12:07.0073 1248 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
02:12:07.0073 1248 nusb3xhc - ok
02:12:07.0073 1248 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
02:12:07.0073 1248 nvraid - ok
02:12:07.0073 1248 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
02:12:07.0073 1248 nvstor - ok
02:12:07.0073 1248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
02:12:07.0073 1248 nv_agp - ok
02:12:07.0089 1248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
02:12:07.0089 1248 ohci1394 - ok
02:12:07.0089 1248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:12:07.0089 1248 p2pimsvc - ok
02:12:07.0089 1248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:12:07.0089 1248 p2psvc - ok
02:12:07.0104 1248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:12:07.0104 1248 Parport - ok
02:12:07.0104 1248 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:12:07.0104 1248 partmgr - ok
02:12:07.0104 1248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:12:07.0104 1248 PcaSvc - ok
02:12:07.0120 1248 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
02:12:07.0120 1248 pci - ok
02:12:07.0120 1248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
02:12:07.0120 1248 pciide - ok
02:12:07.0120 1248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:12:07.0120 1248 pcmcia - ok
02:12:07.0120 1248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:12:07.0120 1248 pcw - ok
02:12:07.0135 1248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:12:07.0135 1248 PEAUTH - ok
02:12:07.0151 1248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:12:07.0151 1248 PerfHost - ok
02:12:07.0167 1248 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
02:12:07.0167 1248 pla - ok
02:12:07.0182 1248 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:12:07.0182 1248 PlugPlay - ok
02:12:07.0182 1248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:12:07.0182 1248 PNRPAutoReg - ok
02:12:07.0182 1248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:12:07.0198 1248 PNRPsvc - ok
02:12:07.0198 1248 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:12:07.0198 1248 PolicyAgent - ok
02:12:07.0198 1248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:12:07.0213 1248 Power - ok
02:12:07.0213 1248 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:12:07.0213 1248 PptpMiniport - ok
02:12:07.0213 1248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:12:07.0213 1248 Processor - ok
02:12:07.0213 1248 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
02:12:07.0213 1248 ProfSvc - ok
02:12:07.0213 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:12:07.0213 1248 ProtectedStorage - ok
02:12:07.0229 1248 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:12:07.0229 1248 Psched - ok
02:12:07.0245 1248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:12:07.0245 1248 ql2300 - ok
02:12:07.0245 1248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:12:07.0245 1248 ql40xx - ok
02:12:07.0245 1248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:12:07.0245 1248 QWAVE - ok
02:12:07.0260 1248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:12:07.0260 1248 QWAVEdrv - ok
02:12:07.0260 1248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:12:07.0260 1248 RasAcd - ok
02:12:07.0260 1248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:12:07.0260 1248 RasAgileVpn - ok
02:12:07.0260 1248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:12:07.0260 1248 RasAuto - ok
02:12:07.0260 1248 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:12:07.0260 1248 Rasl2tp - ok
02:12:07.0276 1248 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
02:12:07.0276 1248 RasMan - ok
02:12:07.0276 1248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:12:07.0276 1248 RasPppoe - ok
02:12:07.0276 1248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:12:07.0276 1248 RasSstp - ok
02:12:07.0291 1248 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:12:07.0291 1248 rdbss - ok
02:12:07.0291 1248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:12:07.0291 1248 rdpbus - ok
02:12:07.0291 1248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:12:07.0291 1248 RDPCDD - ok
02:12:07.0291 1248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:12:07.0291 1248 RDPENCDD - ok
02:12:07.0291 1248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:12:07.0291 1248 RDPREFMP - ok
02:12:07.0307 1248 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:12:07.0307 1248 RDPWD - ok
02:12:07.0307 1248 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:12:07.0307 1248 rdyboost - ok
02:12:07.0307 1248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:12:07.0307 1248 RemoteAccess - ok
02:12:07.0307 1248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:12:07.0323 1248 RemoteRegistry - ok
02:12:07.0323 1248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:12:07.0323 1248 RpcEptMapper - ok
02:12:07.0323 1248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:12:07.0323 1248 RpcLocator - ok
02:12:07.0323 1248 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
02:12:07.0338 1248 RpcSs - ok
02:12:07.0338 1248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:12:07.0338 1248 rspndr - ok
02:12:07.0338 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
02:12:07.0338 1248 SamSs - ok
02:12:07.0338 1248 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
02:12:07.0338 1248 sbp2port - ok
02:12:07.0338 1248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:12:07.0338 1248 SCardSvr - ok
02:12:07.0354 1248 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:12:07.0354 1248 scfilter - ok
02:12:07.0354 1248 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
02:12:07.0369 1248 Schedule - ok
02:12:07.0369 1248 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:12:07.0369 1248 SCPolicySvc - ok
02:12:07.0369 1248 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:12:07.0369 1248 SDRSVC - ok
02:12:07.0369 1248 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
02:12:07.0369 1248 SeaPort - ok
02:12:07.0385 1248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:12:07.0385 1248 secdrv - ok
02:12:07.0385 1248 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
02:12:07.0385 1248 seclogon - ok
02:12:07.0385 1248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
02:12:07.0385 1248 SENS - ok
02:12:07.0385 1248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:12:07.0385 1248 SensrSvc - ok
02:12:07.0385 1248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:12:07.0385 1248 Serenum - ok
02:12:07.0401 1248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:12:07.0401 1248 Serial - ok
02:12:07.0401 1248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:12:07.0401 1248 sermouse - ok
02:12:07.0401 1248 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
02:12:07.0401 1248 SessionEnv - ok
02:12:07.0401 1248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
02:12:07.0401 1248 sffdisk - ok
02:12:07.0416 1248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:12:07.0416 1248 sffp_mmc - ok
02:12:07.0416 1248 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
02:12:07.0416 1248 sffp_sd - ok
02:12:07.0416 1248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:12:07.0416 1248 sfloppy - ok
02:12:07.0416 1248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:12:07.0416 1248 SharedAccess - ok
02:12:07.0432 1248 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:12:07.0432 1248 ShellHWDetection - ok
02:12:07.0432 1248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:12:07.0432 1248 SiSRaid2 - ok
02:12:07.0432 1248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:12:07.0432 1248 SiSRaid4 - ok
02:12:07.0432 1248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:12:07.0432 1248 Smb - ok
02:12:07.0447 1248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:12:07.0447 1248 SNMPTRAP - ok
02:12:07.0447 1248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:12:07.0447 1248 spldr - ok
02:12:07.0447 1248 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
02:12:07.0447 1248 Spooler - ok
02:12:07.0479 1248 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
02:12:07.0494 1248 sppsvc - ok
02:12:07.0510 1248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:12:07.0510 1248 sppuinotify - ok
02:12:07.0510 1248 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
02:12:07.0510 1248 srv - ok
02:12:07.0525 1248 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:12:07.0525 1248 srv2 - ok
02:12:07.0525 1248 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:12:07.0525 1248 srvnet - ok
02:12:07.0525 1248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:12:07.0525 1248 SSDPSRV - ok
02:12:07.0525 1248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:12:07.0525 1248 SstpSvc - ok
02:12:07.0541 1248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:12:07.0541 1248 stexstor - ok
02:12:07.0541 1248 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
02:12:07.0541 1248 StillCam - ok
02:12:07.0541 1248 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
02:12:07.0541 1248 stisvc - ok
02:12:07.0557 1248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
02:12:07.0557 1248 swenum - ok
02:12:07.0557 1248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:12:07.0557 1248 swprv - ok
02:12:07.0572 1248 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
02:12:07.0588 1248 SysMain - ok
02:12:07.0588 1248 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:12:07.0588 1248 TabletInputService - ok
02:12:07.0588 1248 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
02:12:07.0588 1248 TapiSrv - ok
02:12:07.0603 1248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:12:07.0603 1248 TBS - ok
02:12:07.0619 1248 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:12:07.0619 1248 Tcpip - ok
02:12:07.0635 1248 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:12:07.0650 1248 TCPIP6 - ok
02:12:07.0650 1248 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:12:07.0650 1248 tcpipreg - ok
02:12:07.0650 1248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:12:07.0650 1248 TDPIPE - ok
02:12:07.0650 1248 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:12:07.0650 1248 TDTCP - ok
02:12:07.0666 1248 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:12:07.0666 1248 tdx - ok
02:12:07.0681 1248 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
02:12:07.0697 1248 TeamViewer7 - ok
02:12:07.0697 1248 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
02:12:07.0697 1248 TermDD - ok
02:12:07.0697 1248 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
02:12:07.0713 1248 TermService - ok
02:12:07.0713 1248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:12:07.0713 1248 Themes - ok
02:12:07.0713 1248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:12:07.0713 1248 THREADORDER - ok
02:12:07.0713 1248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:12:07.0713 1248 TrkWks - ok
02:12:07.0728 1248 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:12:07.0728 1248 TrustedInstaller - ok
02:12:07.0728 1248 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:12:07.0728 1248 tssecsrv - ok
02:12:07.0728 1248 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:12:07.0728 1248 tunnel - ok
02:12:07.0728 1248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:12:07.0728 1248 uagp35 - ok
02:12:07.0744 1248 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:12:07.0744 1248 udfs - ok
02:12:07.0744 1248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:12:07.0744 1248 UI0Detect - ok
02:12:07.0744 1248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
02:12:07.0744 1248 uliagpkx - ok
02:12:07.0744 1248 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:12:07.0744 1248 umbus - ok
02:12:07.0759 1248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:12:07.0759 1248 UmPass - ok
02:12:07.0759 1248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:12:07.0759 1248 upnphost - ok
02:12:07.0759 1248 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:12:07.0759 1248 usbccgp - ok
02:12:07.0759 1248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
02:12:07.0775 1248 usbcir - ok
02:12:07.0775 1248 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:12:07.0775 1248 usbehci - ok
02:12:07.0775 1248 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:12:07.0775 1248 usbhub - ok
02:12:07.0775 1248 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
02:12:07.0775 1248 usbohci - ok
02:12:07.0775 1248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:12:07.0775 1248 usbprint - ok
02:12:07.0791 1248 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:12:07.0791 1248 USBSTOR - ok
02:12:07.0791 1248 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:12:07.0791 1248 usbuhci - ok
02:12:07.0791 1248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:12:07.0791 1248 UxSms - ok
02:12:07.0791 1248 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
02:12:07.0791 1248 VaultSvc - ok
02:12:07.0791 1248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
02:12:07.0791 1248 vdrvroot - ok
02:12:07.0806 1248 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
02:12:07.0806 1248 vds - ok
02:12:07.0806 1248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:12:07.0806 1248 vga - ok
02:12:07.0806 1248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:12:07.0806 1248 VgaSave - ok
02:12:07.0806 1248 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
02:12:07.0822 1248 vhdmp - ok
02:12:07.0822 1248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
02:12:07.0822 1248 viaide - ok
02:12:07.0822 1248 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
02:12:07.0822 1248 volmgr - ok
02:12:07.0822 1248 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:12:07.0822 1248 volmgrx - ok
02:12:07.0837 1248 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
02:12:07.0837 1248 volsnap - ok
02:12:07.0837 1248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:12:07.0837 1248 vsmraid - ok
02:12:07.0853 1248 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
02:12:07.0853 1248 VSS - ok
02:12:07.0853 1248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
02:12:07.0853 1248 vwifibus - ok
02:12:07.0869 1248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:12:07.0869 1248 W32Time - ok
02:12:07.0869 1248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:12:07.0869 1248 WacomPen - ok
02:12:07.0884 1248 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:12:07.0884 1248 WANARP - ok
02:12:07.0884 1248 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:12:07.0884 1248 Wanarpv6 - ok
02:12:07.0900 1248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:12:07.0900 1248 WatAdminSvc - ok
02:12:07.0915 1248 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
02:12:07.0915 1248 wbengine - ok
02:12:07.0915 1248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:12:07.0915 1248 WbioSrvc - ok
02:12:07.0931 1248 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:12:07.0931 1248 wcncsvc - ok
02:12:07.0931 1248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:12:07.0931 1248 WcsPlugInService - ok
02:12:07.0931 1248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:12:07.0931 1248 Wd - ok
02:12:07.0931 1248 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
02:12:07.0931 1248 WDC_SAM - ok
02:12:07.0947 1248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:12:07.0947 1248 Wdf01000 - ok
02:12:07.0947 1248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:12:07.0947 1248 WdiServiceHost - ok
02:12:07.0947 1248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:12:07.0947 1248 WdiSystemHost - ok
02:12:07.0962 1248 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
02:12:07.0962 1248 WebClient - ok
02:12:07.0962 1248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:12:07.0962 1248 Wecsvc - ok
02:12:07.0962 1248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:12:07.0978 1248 wercplsupport - ok
02:12:07.0978 1248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:12:07.0978 1248 WerSvc - ok
02:12:07.0978 1248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:12:07.0978 1248 WfpLwf - ok
02:12:07.0978 1248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:12:07.0978 1248 WIMMount - ok
02:12:07.0978 1248 WinDefend - ok
02:12:07.0978 1248 WinHttpAutoProxySvc - ok
02:12:07.0993 1248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:12:07.0993 1248 Winmgmt - ok
02:12:08.0009 1248 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
02:12:08.0025 1248 WinRM - ok
02:12:08.0025 1248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:12:08.0040 1248 Wlansvc - ok
02:12:08.0056 1248 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:12:08.0056 1248 wlidsvc - ok
02:12:08.0056 1248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
02:12:08.0056 1248 WmiAcpi - ok
02:12:08.0071 1248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:12:08.0071 1248 wmiApSrv - ok
02:12:08.0071 1248 WMPNetworkSvc - ok
02:12:08.0071 1248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:12:08.0071 1248 WPCSvc - ok
02:12:08.0071 1248 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:12:08.0071 1248 WPDBusEnum - ok
02:12:08.0087 1248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:12:08.0087 1248 ws2ifsl - ok
02:12:08.0087 1248 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
02:12:08.0087 1248 wscsvc - ok
02:12:08.0087 1248 WSearch - ok
02:12:08.0118 1248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:12:08.0118 1248 wuauserv - ok
02:12:08.0118 1248 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:12:08.0118 1248 WudfPf - ok
02:12:08.0118 1248 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:12:08.0134 1248 wudfsvc - ok
02:12:08.0134 1248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:12:08.0134 1248 WwanSvc - ok
02:12:08.0134 1248 ================ Scan global ===============================
02:12:08.0134 1248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:12:08.0134 1248 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
02:12:08.0149 1248 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
02:12:08.0149 1248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:12:08.0149 1248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:12:08.0149 1248 [Global] - ok
02:12:08.0149 1248 ================ Scan MBR ==================================
02:12:08.0149 1248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:12:08.0212 1248 \Device\Harddisk0\DR0 - ok
02:12:08.0243 1248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
02:12:08.0415 1248 \Device\Harddisk1\DR1 - ok
02:12:08.0446 1248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
02:12:08.0446 1248 \Device\Harddisk2\DR2 - ok
02:12:08.0446 1248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
02:12:08.0446 1248 \Device\Harddisk3\DR3 - ok
02:12:08.0477 1248 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
02:12:08.0508 1248 \Device\Harddisk4\DR4 - ok
02:12:08.0508 1248 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
02:12:08.0524 1248 \Device\Harddisk5\DR5 - ok
02:12:08.0524 1248 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
02:12:08.0524 1248 \Device\Harddisk6\DR6 - ok
02:12:08.0524 1248 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk7\DR7
02:12:08.0539 1248 \Device\Harddisk7\DR7 - ok
02:12:08.0539 1248 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk8\DR8
02:12:08.0539 1248 \Device\Harddisk8\DR8 - ok
02:12:08.0539 1248 ================ Scan VBR ==================================
02:12:08.0555 1248 [ 68E8588AAACFAEB7BC92E2D9EE8B4DCA ] \Device\Harddisk0\DR0\Partition1
02:12:08.0555 1248 \Device\Harddisk0\DR0\Partition1 - ok
02:12:08.0555 1248 [ 2EB0598E28A8C6BA8C484C37C00A07E4 ] \Device\Harddisk0\DR0\Partition2
02:12:08.0555 1248 \Device\Harddisk0\DR0\Partition2 - ok
02:12:08.0555 1248 [ 748348DB31ACFA051C1DD33FDABB47CE ] \Device\Harddisk1\DR1\Partition1
02:12:08.0555 1248 \Device\Harddisk1\DR1\Partition1 - ok
02:12:08.0555 1248 [ 68A9D7CAB127D440020CE49A15108B2C ] \Device\Harddisk2\DR2\Partition1
02:12:08.0555 1248 \Device\Harddisk2\DR2\Partition1 - ok
02:12:08.0571 1248 [ 2E89172096CD008465B1AE0AF1EB57E8 ] \Device\Harddisk3\DR3\Partition1
02:12:08.0571 1248 \Device\Harddisk3\DR3\Partition1 - ok
02:12:08.0571 1248 [ 766F99B15A9282E7005E7424B14836F0 ] \Device\Harddisk4\DR4\Partition1
02:12:08.0571 1248 \Device\Harddisk4\DR4\Partition1 - ok
02:12:08.0571 1248 [ D7CEF4352E85F64419D18E1A4B18705F ] \Device\Harddisk5\DR5\Partition1
02:12:08.0571 1248 \Device\Harddisk5\DR5\Partition1 - ok
02:12:08.0571 1248 [ 514B32249D2DE79E7E8BF90E4CC4C730 ] \Device\Harddisk6\DR6\Partition1
02:12:08.0571 1248 \Device\Harddisk6\DR6\Partition1 - ok
02:12:08.0571 1248 [ 75A436E51683FE69E90AC2F1E2E679B3 ] \Device\Harddisk7\DR7\Partition1
02:12:08.0586 1248 \Device\Harddisk7\DR7\Partition1 - ok
02:12:08.0586 1248 [ BC15B9A4B1045AF427F23B946E7F6996 ] \Device\Harddisk8\DR8\Partition1
02:12:08.0586 1248 \Device\Harddisk8\DR8\Partition1 - ok
02:12:08.0586 1248 ============================================================
02:12:08.0586 1248 Scan finished
02:12:08.0586 1248 ============================================================
02:12:08.0586 4544 Detected object count: 0
02:12:08.0586 4544 Actual detected object count: 0

#10 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 08:18 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 02:15:43
-----------------------------
02:15:43.627 OS Version: Windows x64 6.1.7600
02:15:43.627 Number of processors: 8 586 0x1A05
02:15:43.627 ComputerName: SERVER-PC UserName: Server
02:15:43.783 Initialize success
02:16:19.686 AVAST engine defs: 12111002
02:16:44.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:16:44.755 Disk 0 Vendor: OCZ-VERT 2.15 Size: 114473MB BusType: 8
02:16:44.755 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
02:16:44.755 Disk 1 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
02:16:44.771 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
02:16:44.771 Disk 2 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
02:16:44.771 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
02:16:44.771 Disk 3 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 8
02:16:44.771 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IAAStorageDevice-5
02:16:44.771 Disk 4 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
02:16:44.771 Disk 5 \Device\Harddisk5\DR5 -> \Device\00000077
02:16:44.787 Disk 5 Vendor: Size: 476940MB BusType: 0
02:16:44.787 Disk 6 \Device\Harddisk6\DR6 -> \Device\0000007a
02:16:44.787 Disk 6 Vendor: Size: 476940MB BusType: 0
02:16:44.787 Disk 7 \Device\Harddisk7\DR7 -> \Device\00000084
02:16:44.787 Disk 7 Vendor: Size: 476940MB BusType: 0
02:16:44.802 Disk 8 \Device\Harddisk8\DR8 -> \Device\00000087
02:16:44.802 Disk 8 Vendor: Size: 476940MB BusType: 0
02:16:44.802 Disk 0 MBR read successfully
02:16:44.802 Disk 0 MBR scan
02:16:44.818 Disk 0 Windows 7 default MBR code
02:16:44.818 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:16:44.818 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
02:16:44.833 Disk 0 scanning C:\Windows\system32\drivers
02:16:46.612 Service scanning
02:16:51.791 Modules scanning
02:16:51.791 Disk 0 trace - called modules:
02:16:51.807 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
02:16:51.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c173060]
02:16:51.807 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800aba1050]
02:16:51.978 AVAST engine scan C:\Windows
02:16:52.477 AVAST engine scan C:\Windows\system32
02:17:35.346 AVAST engine scan C:\Windows\system32\drivers
02:17:37.546 AVAST engine scan C:\Users\Server
02:17:42.990 AVAST engine scan C:\ProgramData
02:17:44.581 Scan finished successfully
02:18:09.620 Disk 0 MBR has been saved successfully to "C:\Users\Server\Desktop\MBR.dat"
02:18:09.620 The log file has been saved successfully to "C:\Users\Server\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 10 November 2012 - 08:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 10 November 2012 - 08:51 PM

ComboFix 12-11-09.02 - Server 11.11.2012 2:47.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1033.18.12279.9767 [GMT 1:00]
Kjører fra: c:\users\Server\Desktop\ComboFix.exe
Command switches brukt :: c:\users\Server\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\Autorun.inf
I:\Setup.exe
K:\Autorun.inf
M:\Autorun.inf
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-11 til 2012-11-11 )))))))))))))))))))))))))))))))))
.
.
2012-11-11 01:49 . 2012-11-11 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 00:49 . 2012-11-11 00:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DA9E499-410A-42CA-BE01-E049CCA1B81A}\offreg.dll
2012-11-10 22:07 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DA9E499-410A-42CA-BE01-E049CCA1B81A}\mpengine.dll
2012-11-10 21:56 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-08 09:51 . 2012-11-08 09:51 -------- d-----w- c:\users\Server\AppData\Roaming\Malwarebytes
2012-11-08 09:51 . 2012-11-08 09:51 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 09:51 . 2012-11-08 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 09:51 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-26 15:18 . 2012-10-26 15:18 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\users\Server\AppData\Local\boxee
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files\Bonjour Print Services
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files\Bonjour
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\programdata\Apple
2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files (x86)\Boxee Media Manager
2012-10-23 20:58 . 2012-10-23 20:59 -------- d-----w- c:\users\test
2012-10-22 10:52 . 2012-10-22 10:52 -------- d-----w- c:\users\Mcx1-SERVER-PC
2012-10-22 10:32 . 2012-10-22 10:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-22 10:32 . 2012-10-22 10:32 395600 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-22 09:55 . 2012-10-22 09:55 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-10-22 08:56 . 2012-10-22 08:56 -------- d-----w- c:\users\Server\AppData\Local\Chromium
2012-10-22 08:15 . 2012-10-22 14:24 -------- d-----w- c:\program files (x86)\TVersity Codec Pack
2012-10-22 08:15 . 2012-10-22 08:15 -------- d-----w- c:\programdata\TVersity
2012-10-21 22:56 . 2012-10-21 22:56 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-21 22:56 . 2012-10-21 22:56 -------- d-----w- c:\windows\PCHEALTH
2012-10-21 22:55 . 2012-10-21 22:55 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-21 22:35 . 2012-10-21 22:35 -------- d-----w- c:\users\Server\AppData\Local\Windows Live
2012-10-21 22:35 . 2012-10-21 22:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-21 20:46 . 2012-10-21 22:04 -------- d-----w- c:\users\Server\AppData\Roaming\XBMC
2012-10-21 20:45 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-10-21 20:45 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-10-21 20:44 . 2012-10-22 14:23 -------- d-----w- c:\program files (x86)\XBMC
2012-10-20 20:11 . 2012-09-27 16:14 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C730C521-8D2F-456F-B2CD-17E9880226B4}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 11:59 . 2012-09-28 17:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 11:59 . 2012-09-28 17:14 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 22:56 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-10 01:01 . 2012-09-27 13:54 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-28 09:21 . 2012-09-28 09:21 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-28 09:21 . 2012-09-28 09:21 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-28 09:21 . 2012-09-28 09:21 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-28 09:21 . 2012-09-28 09:21 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 09:21 . 2012-09-28 09:21 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 09:21 . 2012-09-28 09:21 188904 ----a-w- c:\windows\system32\java.exe
2012-09-28 09:20 . 2012-09-28 09:20 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 09:20 . 2012-09-28 09:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-27 16:14 . 2012-10-05 20:51 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-27 13:57 . 2012-09-27 13:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-27 13:57 . 2012-09-27 13:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-27 13:57 . 2012-09-27 13:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-27 13:57 . 2012-09-27 13:57 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-27 13:57 . 2012-09-27 13:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-27 13:57 . 2012-09-27 13:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-27 13:57 . 2012-09-27 13:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-27 13:57 . 2012-09-27 13:57 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-27 13:57 . 2012-09-27 13:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-27 13:57 . 2012-09-27 13:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-27 13:57 . 2012-09-27 13:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-27 13:57 . 2012-09-27 13:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-27 13:57 . 2012-09-27 13:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-27 13:57 . 2012-09-27 13:57 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-27 13:57 . 2012-09-27 13:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-27 13:57 . 2012-09-27 13:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-27 13:57 . 2012-09-27 13:57 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-27 13:57 . 2012-09-27 13:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-27 13:57 . 2012-09-27 13:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-27 13:57 . 2012-09-27 13:57 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-27 13:57 . 2012-09-27 13:57 448512 ----a-w- c:\windows\system32\html.iec
2012-09-27 13:57 . 2012-09-27 13:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-27 13:57 . 2012-09-27 13:57 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-27 13:57 . 2012-09-27 13:57 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-27 13:57 . 2012-09-27 13:57 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-27 13:57 . 2012-09-27 13:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-27 13:57 . 2012-09-27 13:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-27 13:57 . 2012-09-27 13:57 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-27 13:57 . 2012-09-27 13:57 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-27 13:57 . 2012-09-27 13:57 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-27 13:57 . 2012-09-27 13:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-27 13:57 . 2012-09-27 13:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-27 13:57 . 2012-09-27 13:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-27 13:57 . 2012-09-27 13:57 237056 ----a-w- c:\windows\system32\url.dll
2012-09-27 13:57 . 2012-09-27 13:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-27 13:57 . 2012-09-27 13:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-27 13:57 . 2012-09-27 13:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-27 13:57 . 2012-09-27 13:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-27 13:57 . 2012-09-27 13:57 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-27 13:57 . 2012-09-27 13:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-27 13:57 . 2012-09-27 13:57 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-27 13:57 . 2012-09-27 13:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-27 13:57 . 2012-09-27 13:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-27 13:57 . 2012-09-27 13:57 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-27 13:57 . 2012-09-27 13:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-27 13:57 . 2012-09-27 13:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-27 13:57 . 2012-09-27 13:57 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-27 13:57 . 2012-09-27 13:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-27 13:57 . 2012-09-27 13:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-27 13:57 . 2012-09-27 13:57 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-27 13:57 . 2012-09-27 13:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-27 13:57 . 2012-09-27 13:57 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-27 13:57 . 2012-09-27 13:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-27 13:57 . 2012-09-27 13:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-27 13:57 . 2012-09-27 13:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-27 13:57 . 2012-09-27 13:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-27 13:57 . 2012-09-27 13:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-27 13:57 . 2012-09-27 13:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-27 13:57 . 2012-09-27 13:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-27 13:57 . 2012-09-27 13:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-27 13:57 . 2012-09-27 13:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-27 13:57 . 2012-09-27 13:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-27 13:57 . 2012-09-27 13:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-27 13:57 . 2012-09-27 13:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-27 13:57 . 2012-09-27 13:57 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-27 13:57 . 2012-09-27 13:57 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-27 13:57 . 2012-09-27 13:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-24 21:16 . 2012-09-28 09:20 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-18 22:58 . 2012-09-27 14:06 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01C62AAF-8FDB-42A3-B390-17642DD8EB0E}\mpengine.dll
2012-09-14 19:23 . 2012-10-10 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 00:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:02 . 2012-10-10 00:16 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:11 . 2012-10-10 00:16 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 00:16 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 00:16 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 00:15 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 17:10 . 2012-10-10 00:15 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-18 15:43 . 2012-10-10 00:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-18 15:43 . 2012-10-10 00:16 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-18 15:43 . 2012-10-10 00:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-18 15:42 . 2012-10-10 00:16 215040 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-27 896912]
"Phaser 6121MFP Scan Dashboard"="c:\program files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe" [2009-03-25 5898240]
"Boxee Media Manager"="c:\program files (x86)\Boxee Media Manager\BoxeeMediaManager.exe" [2011-10-07 1796240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-27 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - 02107401
*NewlyCreated* - 51425918
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 02107401
*Deregistered* - 51425918
*Deregistered* - aswMBR
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 11:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{060B8939-BF39-4E12-BF5E-D0EE60586DE4}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\iscoynrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvtorrents.com/loggedin/my/new_fav_tag_torrents.do
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-11-11 02:50:30
ComboFix-quarantined-files.txt 2012-11-11 01:50
ComboFix2.txt 2012-11-10 19:37
.
Pre-Run: 58 043 228 160 bytes free
Post-Run: 57 983 729 664 bytes free
.
- - End Of File - - 6B424716F180DD781F64CD25100CF787

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 10 November 2012 - 09:21 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 November 2012 - 06:00 AM

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Databaseversjon: v2012.11.11.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Server :: SERVER-PC [administrator]

Beskyttelse: Aktivert

11.11.2012 11:58:46
mbam-log-2012-11-11 (11-58-46).txt

Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 241448
Tid tilbakelagt: 22 sekund(er)

Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)

Mapper oppdaget: 0
(Ingen skadelige objekter funnet)

Filer oppdaget 0
(Ingen skadelige objekter funnet)









2012/11/08 10:58:06 +0100 SERVER-PC Server MESSAGE Starting protection
2012/11/08 10:58:06 +0100 SERVER-PC Server MESSAGE Protection started successfully
2012/11/08 10:58:06 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 10:58:07 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 11:09:57 +0100 SERVER-PC Server MESSAGE Executing scheduled update: Daily
2012/11/08 11:33:17 +0100 SERVER-PC Server MESSAGE Stopping IP protection
2012/11/08 11:33:17 +0100 SERVER-PC Server MESSAGE IP Protection stopped successfully
2012/11/08 11:33:17 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 11:33:18 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 11:33:18 +0100 SERVER-PC Server MESSAGE Stopping IP protection
2012/11/08 11:33:18 +0100 SERVER-PC Server MESSAGE IP Protection stopped successfully
2012/11/08 11:33:18 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 11:33:19 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 11:33:19 +0100 SERVER-PC Server MESSAGE Stopping IP protection
2012/11/08 11:33:19 +0100 SERVER-PC Server MESSAGE IP Protection stopped successfully
2012/11/08 11:33:19 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 11:33:20 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 13:41:52 +0100 SERVER-PC Server MESSAGE Starting protection
2012/11/08 13:41:52 +0100 SERVER-PC Server MESSAGE Protection started successfully
2012/11/08 13:41:52 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 13:41:52 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 13:45:05 +0100 SERVER-PC Server MESSAGE Starting protection
2012/11/08 13:45:05 +0100 SERVER-PC Server MESSAGE Protection started successfully
2012/11/08 13:45:05 +0100 SERVER-PC Server MESSAGE Starting IP protection
2012/11/08 13:45:05 +0100 SERVER-PC Server MESSAGE IP Protection started successfully
2012/11/08 20:25:22 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:25:22 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 56019, Process: utorrent.exe)
2012/11/08 20:25:22 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:25:30 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:26:50 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 56064, Process: utorrent.exe)
2012/11/08 20:26:50 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:26:58 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:26:58 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:31:14 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 56196, Process: utorrent.exe)
2012/11/08 20:31:38 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:31:46 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 20:31:46 +0100 SERVER-PC Server IP-BLOCK 213.163.65.50 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:44:44 +0100 SERVER-PC Server IP-BLOCK 109.163.231.254 (Type: outgoing, Port: 57466, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57505, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57506, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57507, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57508, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57509, Process: firefox.exe)
2012/11/08 21:45:00 +0100 SERVER-PC Server IP-BLOCK 212.117.177.190 (Type: outgoing, Port: 57510, Process: firefox.exe)
2012/11/08 21:45:48 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:45:48 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 57553, Process: utorrent.exe)
2012/11/08 21:45:48 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:45:48 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 57554, Process: utorrent.exe)
2012/11/08 21:45:56 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:45:56 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:46:04 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:46:04 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:00 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 57622, Process: utorrent.exe)
2012/11/08 21:47:24 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 57654, Process: utorrent.exe)
2012/11/08 21:47:24 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:24 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:32 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:40 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:40 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:47:48 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:51:32 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 57757, Process: utorrent.exe)
2012/11/08 21:51:41 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 57758, Process: utorrent.exe)
2012/11/08 21:51:57 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:51:57 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:52:05 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:52:29 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:52:37 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:52:37 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 21:58:53 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 21:58:53 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 21:58:53 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:00:53 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:01:01 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:01:01 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:01:01 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:04:05 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:04:05 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:04:05 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:04:13 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:06 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:22 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:22 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:22 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:22 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:12:30 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:13:58 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:13:58 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:13:58 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:13:58 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:14:06 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:42 +0100 SERVER-PC Server IP-BLOCK 109.163.231.254 (Type: outgoing, Port: 58218, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 58221, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 58222, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:50 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:58 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:15:58 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:18:23 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:18:23 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:18:31 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:18:31 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:18:39 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:29:27 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:29:27 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:29:27 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:29:35 +0100 SERVER-PC Server IP-BLOCK 212.117.167.124 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:32:15 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:32:15 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 58504, Process: utorrent.exe)
2012/11/08 22:32:24 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:32:32 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: outgoing, Port: 46411, Process: utorrent.exe)
2012/11/08 22:42:32 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:42:32 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:42:40 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:42:40 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 22:42:48 +0100 SERVER-PC Server IP-BLOCK 193.105.134.84 (Type: incoming, Port: 46411, Process: utorrent.exe)
2012/11/08 23:02:33 +0100 SERVER-PC Server IP-BLOCK 109.163.231.254 (Type: outgoing, Port: 59334, Process: utorrent.exe)


(klar)

Edited by Frank Sovik, 11 November 2012 - 06:05 AM.


#15 Frank Sovik

Frank Sovik
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 November 2012 - 06:10 AM

It gave me the error about the hosts file. It didnt have permissions to write to the file. I found the file and added rights to it so it works. Hope this was ok? I had to do this earlier on my gamer pc too when adding hosts.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:07:43, on 11.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe
C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\teamviewer\version7\TeamViewer.exe
C:\Program Files (x86)\Boxee Media Manager\bmm_tray.exe
C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\Server\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Phaser 6121MFP Scan Dashboard] C:\Program Files (x86)\xerox\Phaser 6121MFP\Phaser 6121MFP Scan Dashboard\sd6121.exe -startup
O4 - HKCU\..\Run: [Boxee Media Manager] "C:\Program Files (x86)\Boxee Media Manager\BoxeeMediaManager.exe"
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{060B8939-BF39-4E12-BF5E-D0EE60586DE4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{060B8939-BF39-4E12-BF5E-D0EE60586DE4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{060B8939-BF39-4E12-BF5E-D0EE60586DE4}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7847 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users