Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper.BCMiner


  • This topic is locked This topic is locked
17 replies to this topic

#1 wouterdekabouter

wouterdekabouter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2012 - 09:57 AM

I first made this topic, but got the advice to post it here. I think I have a virus named Trojan.Dropper.BCMiner, that made my computer stop working, then i had to do a system restore. Something I just remember is that I clicked on a java update before my troubles began. I made a log with DDS and GMER, but with GMER I wasn't able to check/uncheck most of the boxes (I was able to this with services registry and files).


edit: i attached the files for dds and gmer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Wouter at 16:13:34 on 2012-06-03
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110627182543.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Wouter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.87.106.106 192.87.36.36
TCP: Interfaces\{BFC2E472-362C-42FA-A827-65857017B27E} : DhcpNameServer = 192.87.106.106 192.87.36.36
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8dcb7100-df86-4384-8842-8fa844297b3f}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(standaard)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-03 00:05:40 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-02 23:14:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 13:43:35 -------- d--h--w- C:\$AVG
2012-06-02 13:43:34 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-02 13:43:34 -------- d-----w- C:\ProgramData\AVG2012
2012-06-02 13:42:57 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-01 00:55:07 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Malwarebytes
2012-06-01 00:54:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 00:54:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 00:46:33 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-01 00:44:57 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Ad-Aware Antivirus
2012-06-01 00:21:02 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-27 13:03:44 36864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst2cpc.dll
2012-05-27 13:01:22 11576 ----a-w- C:\Windows\System32\drivers\SSPORT.SYS
2012-05-14 15:25:17 -------- d-----w- C:\ProgramData\RELOADED
2012-05-14 15:23:17 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-05-09 15:44:20 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44:20 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 15:44:20 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 15:44:20 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 15:44:20 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 15:44:18 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 15:44:17 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 15:44:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:44:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 15:44:16 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 15:43:45 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 15:43:29 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-06-01 00:21:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 22:53:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-20 22:53:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-20 22:53:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 16:14:03,53 ===============

Attached Files


Edited by wouterdekabouter, 03 June 2012 - 09:58 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 03 June 2012 - 12:48 PM

Hi,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2012 - 02:42 PM

Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 03-06-2012 21:35:51
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-27] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-05-05] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-05-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Wouter\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\Wouter\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5487488 2012-01-20] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 192.87.106.106 192.87.36.36
Startup: C:\Users\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-12] (SUPERAntiSpyware.com)
2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [236016 2010-10-26] (CyberLink)
2 CVPND; "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-14] ()
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.)
3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-06-27] (DT Soft Ltd)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-12-21] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-12-12] (Lavasoft AB)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-03 21:35 - 2012-06-03 21:36 - 0000000 ____D C:\FRST
2012-06-03 20:22 - 2012-06-03 20:22 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw - Microsoft Word-document (2).docx
2012-06-03 20:19 - 2012-06-03 20:19 - 1395739 ____A C:\Users\Wouter\Desktop\FRST64.exe
2012-06-03 15:54 - 2012-06-03 15:54 - 0000270 ____A C:\Users\Wouter\Desktop\ark.txt
2012-06-03 15:16 - 2012-06-03 15:16 - 0302592 ____A C:\Users\Wouter\Desktop\owcl16y0.exe
2012-06-03 15:16 - 2012-06-03 15:16 - 0000000 ____D C:\Users\Wouter\Desktop\dds log
2012-06-03 15:13 - 2012-06-03 15:13 - 0607260 ____R (Swearware) C:\Users\Wouter\Desktop\dds.scr
2012-06-03 15:12 - 2012-06-03 15:12 - 0000168 ____A C:\Users\Wouter\defogger_reenable
2012-06-03 13:58 - 2012-06-03 15:12 - 0000000 ____D C:\Users\Wouter\Desktop\virus gedoe
2012-06-03 01:05 - 2012-06-03 01:05 - 0000000 ____D C:\Program Files (x86)\ESET
2012-06-03 00:46 - 2012-06-03 01:04 - 0000512 ____A C:\Users\Wouter\Desktop\MBR.dat
2012-06-03 00:32 - 2012-06-03 02:10 - 0000361 ____A C:\rkill.log
2012-06-03 00:20 - 2012-06-03 00:21 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.20.54_log.txt
2012-06-03 00:18 - 2012-06-03 00:19 - 0257386 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.18.54_log.txt
2012-06-03 00:18 - 2012-06-03 00:18 - 0002638 ____A C:\Users\Wouter\Desktop\mbam-log-2012-06-03 (01-18-29).txt
2012-06-03 00:14 - 2012-04-04 14:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-03 00:11 - 2012-06-03 00:11 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.11.11_log.txt
2012-06-02 23:48 - 2012-06-02 23:49 - 0130472 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.48.21_log.txt
2012-06-02 23:45 - 2012-06-02 23:48 - 0052444 ____A C:\Windows\ntbtlog.txt
2012-06-02 23:30 - 2012-06-02 23:31 - 0257386 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.30.35_log.txt
2012-06-02 23:25 - 2012-06-02 23:26 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.25.57_log.txt
2012-06-02 22:33 - 2012-06-02 22:36 - 0005626 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_23.33.33_log.txt
2012-06-02 22:33 - 2011-01-01 00:14 - 0002254 ____A C:\Users\Wouter\Desktop\eula.txt
2012-06-02 22:16 - 2012-06-02 22:16 - 0002446 ____A C:\Users\Wouter\Desktop\mbam-log-2012-06-02 (22-30-15).txt
2012-06-02 14:43 - 2012-06-03 00:11 - 0000000 ____D C:\Users\All Users\AVG2012
2012-06-02 14:43 - 2012-06-03 00:11 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-06-02 14:43 - 2012-06-03 00:10 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-02 14:43 - 2012-06-02 14:43 - 0000000 ___HD C:\$AVG
2012-06-02 14:42 - 2012-06-02 14:42 - 0000000 ____D C:\Program Files (x86)\AVG
2012-06-01 01:55 - 2012-06-01 01:55 - 0000000 ____D C:\Users\Wouter\Application Data\Malwarebytes
2012-06-01 01:55 - 2012-06-01 01:55 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Malwarebytes
2012-06-01 01:54 - 2012-06-03 00:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 01:54 - 2012-06-01 01:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-01 01:54 - 2012-06-01 01:54 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-01 01:47 - 2012-06-01 01:47 - 0000012 ____A C:\Users\Wouter\Desktop\FSSC.dat
2012-06-01 01:46 - 2012-06-03 00:11 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-01 01:44 - 2012-06-01 01:52 - 0000000 ____D C:\Users\Wouter\Application Data\Ad-Aware Antivirus
2012-06-01 01:44 - 2012-06-01 01:52 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Ad-Aware Antivirus
2012-06-01 01:21 - 2012-06-03 00:09 - 0000000 ____D C:\Windows\System32\Macromed
2012-06-01 01:21 - 2012-06-01 01:21 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-31 20:10 - 2012-05-31 20:10 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw - Microsoft Word-document.docx
2012-05-31 10:51 - 2012-05-31 17:14 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-05-27 14:09 - 2012-06-03 20:23 - 0000099 ____A C:\Users\Public\LMDebug.log
2012-05-27 14:01 - 2009-07-12 04:16 - 0011576 ____A (Samsung Electronics) C:\Windows\System32\Drivers\SSPORT.SYS
2012-05-20 18:55 - 2012-05-20 18:55 - 0000945 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-20 18:55 - 2012-05-20 18:55 - 0000945 ____A C:\Users\All Users\Desktop\µTorrent.lnk
2012-05-15 14:03 - 2012-05-15 14:03 - 0022262 ____A C:\Users\Wouter\Desktop\afstuderen zomer bachelor (4).docx
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\Wouter\Documents\Telltale Games
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\All Users\RELOADED
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\All Users\Application Data\RELOADED
2012-05-14 16:23 - 2012-06-03 00:11 - 0000000 ____D C:\Program Files (x86)\The Walking Dead
2012-05-14 16:23 - 2012-05-14 16:23 - 0000876 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-05-14 16:23 - 2012-05-14 16:23 - 0000876 ____A C:\Users\All Users\Desktop\The Walking Dead.lnk
2012-05-14 09:38 - 2012-05-14 11:08 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-05-09 22:43 - 2012-05-09 22:43 - 5135033 ____A C:\Users\Wouter\Desktop\mar en mam.jpg
2012-05-09 22:43 - 2012-05-09 22:43 - 3782809 ____A C:\Users\Wouter\Desktop\verbouwing nijverdal.jpg
2012-05-09 19:00 - 2012-05-09 19:00 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw tekstdocument.txt
2012-05-09 16:44 - 2012-03-31 07:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 16:44 - 2012-03-31 05:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 16:44 - 2012-03-31 05:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 16:44 - 2012-03-31 04:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 16:44 - 2012-03-03 07:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 16:44 - 2012-03-03 06:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 16:43 - 2012-03-30 12:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 16:43 - 2012-03-17 08:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-03 21:36 - 2012-06-03 21:35 - 0000000 ____D C:\FRST
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:52 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-03 20:31 - 2011-06-21 12:15 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-03 20:30 - 2012-03-29 12:34 - 0030012 ____A C:\aaw7boot.log
2012-06-03 20:30 - 2012-03-27 22:29 - 0001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-03 20:30 - 2011-06-27 13:04 - 0000000 ____D C:\Program Files (x86)\Steam
2012-06-03 20:30 - 2011-06-21 11:03 - 523218944 __ASH C:\hiberfil.sys
2012-06-03 20:30 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-03 20:30 - 2009-07-14 05:51 - 0077386 ____A C:\Windows\setupact.log
2012-06-03 20:29 - 2009-07-14 05:45 - 0021504 ____A C:\Windows\System32\umstartup.etl
2012-06-03 20:25 - 2011-06-21 11:06 - 1660917 ____A C:\Windows\WindowsUpdate.log
2012-06-03 20:24 - 2011-06-27 13:11 - 0000000 ____D C:\Users\Wouter\Application Data\SoftGrid Client
2012-06-03 20:24 - 2011-06-27 13:11 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\SoftGrid Client
2012-06-03 20:23 - 2012-05-27 14:09 - 0000099 ____A C:\Users\Public\LMDebug.log
2012-06-03 20:22 - 2012-06-03 20:22 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw - Microsoft Word-document (2).docx
2012-06-03 20:19 - 2012-06-03 20:19 - 1395739 ____A C:\Users\Wouter\Desktop\FRST64.exe
2012-06-03 19:34 - 2012-03-27 22:29 - 0001056 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 15:54 - 2012-06-03 15:54 - 0000270 ____A C:\Users\Wouter\Desktop\ark.txt
2012-06-03 15:16 - 2012-06-03 15:16 - 0302592 ____A C:\Users\Wouter\Desktop\owcl16y0.exe
2012-06-03 15:16 - 2012-06-03 15:16 - 0000000 ____D C:\Users\Wouter\Desktop\dds log
2012-06-03 15:13 - 2012-06-03 15:13 - 0607260 ____R (Swearware) C:\Users\Wouter\Desktop\dds.scr
2012-06-03 15:12 - 2012-06-03 15:12 - 0000168 ____A C:\Users\Wouter\defogger_reenable
2012-06-03 15:12 - 2012-06-03 13:58 - 0000000 ____D C:\Users\Wouter\Desktop\virus gedoe
2012-06-03 15:12 - 2011-06-27 12:06 - 0000000 ____D C:\users\Wouter
2012-06-03 14:29 - 2009-07-14 05:45 - 0025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-03 14:29 - 2009-07-14 05:45 - 0025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-03 14:22 - 2012-04-18 15:05 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-03 14:22 - 2010-11-21 04:47 - 0025440 ____A C:\Windows\PFRO.log
2012-06-03 02:10 - 2012-06-03 00:32 - 0000361 ____A C:\rkill.log
2012-06-03 01:05 - 2012-06-03 01:05 - 0000000 ____D C:\Program Files (x86)\ESET
2012-06-03 01:04 - 2012-06-03 00:46 - 0000512 ____A C:\Users\Wouter\Desktop\MBR.dat
2012-06-03 00:54 - 2011-06-27 13:19 - 0000000 ____D C:\bewegende beelden
2012-06-03 00:21 - 2012-06-03 00:20 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.20.54_log.txt
2012-06-03 00:19 - 2012-06-03 00:18 - 0257386 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.18.54_log.txt
2012-06-03 00:18 - 2012-06-03 00:18 - 0002638 ____A C:\Users\Wouter\Desktop\mbam-log-2012-06-03 (01-18-29).txt
2012-06-03 00:14 - 2012-06-01 01:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-03 00:13 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-06-03 00:12 - 2012-04-05 02:03 - 0000000 ____D C:\S.W.A.T. 4
2012-06-03 00:12 - 2012-02-28 19:56 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-03 00:12 - 2012-02-28 19:56 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-03 00:12 - 2012-01-29 23:36 - 0000000 ____D C:\The Elder Scrolls V Skyrim
2012-06-03 00:12 - 2011-12-21 00:47 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-06-03 00:12 - 2011-12-21 00:47 - 0000000 ____D C:\Users\All Users\Application Data\Lavasoft
2012-06-03 00:12 - 2011-08-07 17:53 - 0000000 ____D C:\Total War Shogun 2
2012-06-03 00:12 - 2011-06-27 20:08 - 0000000 ____D C:\Users\Wouter\Application Data\vlc
2012-06-03 00:12 - 2011-06-27 20:08 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\vlc
2012-06-03 00:12 - 2011-06-27 19:37 - 0000000 ____D C:\Users\Wouter\Application Data\Winamp
2012-06-03 00:12 - 2011-06-27 19:37 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Winamp
2012-06-03 00:12 - 2011-06-27 12:39 - 0000000 ____D C:\Users\All Users\MFAData
2012-06-03 00:12 - 2011-06-27 12:39 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2012-06-03 00:12 - 2011-06-27 12:18 - 0000000 ____D C:\Users\Wouter\Application Data\uTorrent
2012-06-03 00:12 - 2011-06-27 12:18 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\uTorrent
2012-06-03 00:12 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\AppCompat
2012-06-03 00:11 - 2012-06-03 00:11 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_01.11.11_log.txt
2012-06-03 00:11 - 2012-06-02 14:43 - 0000000 ____D C:\Users\All Users\AVG2012
2012-06-03 00:11 - 2012-06-02 14:43 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-06-03 00:11 - 2012-06-01 01:46 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-03 00:11 - 2012-05-14 16:23 - 0000000 ____D C:\Program Files (x86)\The Walking Dead
2012-06-03 00:11 - 2012-04-05 02:12 - 0000000 ____D C:\Program Files (x86)\S.W.A.T. 4
2012-06-03 00:11 - 2012-04-04 12:32 - 0000000 ____D C:\Empire Total War
2012-06-03 00:11 - 2012-01-20 00:02 - 0000000 ____D C:\Call of Duty - World at War
2012-06-03 00:11 - 2011-11-10 21:27 - 0000000 ____D C:\Call of Duty- Modern Warfare 3
2012-06-03 00:11 - 2011-06-27 23:22 - 0000000 ____D C:\Program Files (x86)\Battlestations Pacific
2012-06-03 00:11 - 2011-06-27 12:13 - 0000000 ____D C:\Program Files (x86)\Opera
2012-06-03 00:11 - 2011-06-21 12:15 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-03 00:10 - 2012-06-02 14:43 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-03 00:10 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\registration
2012-06-03 00:09 - 2012-06-01 01:21 - 0000000 ____D C:\Windows\System32\Macromed
2012-06-03 00:09 - 2011-07-04 18:01 - 0000000 ____D C:\Windows\SysWOW64\AGEIA
2012-06-03 00:09 - 2011-06-21 12:09 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\System32\winrm
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\System32\WCN
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\System32\slmgr
2012-06-03 00:09 - 2010-11-21 17:48 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-06-03 00:09 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-06-03 00:09 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-06-03 00:09 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-06-03 00:09 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\Performance
2012-06-03 00:09 - 2009-07-14 05:45 - 0000000 ____D C:\Windows\Setup
2012-06-03 00:09 - 2009-07-14 05:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 __RSD C:\Windows\Media
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Web
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Vss
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\spp
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\spool
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Speech
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\SMI
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\oobe
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\MUI
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\IME
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Dism
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\com
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Speech
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\servicing
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\security
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\schemas
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Resources
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\rescache
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\PLA
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\IME
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Help
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Globalization
2012-06-03 00:09 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Branding
2012-06-03 00:08 - 2012-03-21 18:14 - 0000000 ____D C:\Program Files\ComicRack
2012-06-03 00:08 - 2012-02-28 19:56 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-03 00:08 - 2012-02-28 19:47 - 0000000 ____D C:\Users\Wouter\Application Data\SUPERAntiSpyware.com
2012-06-03 00:08 - 2012-02-28 19:47 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\SUPERAntiSpyware.com
2012-06-03 00:08 - 2012-02-28 19:47 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-03 00:08 - 2012-01-20 00:14 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\Activision
2012-06-03 00:08 - 2012-01-20 00:14 - 0000000 ____D C:\Users\Wouter\Local Settings\Activision
2012-06-03 00:08 - 2012-01-20 00:14 - 0000000 ____D C:\Users\Wouter\AppData\Local\Activision
2012-06-03 00:08 - 2012-01-17 23:16 - 0000000 ____D C:\Users\Wouter\Documents\Rockstar Games
2012-06-03 00:08 - 2012-01-17 22:56 - 0000000 ____D C:\Users\All Users\Rockstar Games
2012-06-03 00:08 - 2012-01-17 22:56 - 0000000 ____D C:\Users\All Users\Application Data\Rockstar Games
2012-06-03 00:08 - 2011-11-16 21:55 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-06-03 00:08 - 2011-11-16 21:55 - 0000000 ____D C:\Users\All Users\Application Data\Electronic Arts
2012-06-03 00:08 - 2011-10-30 15:21 - 0000000 ____D C:\Program Files\Common Files\Deterministic Networks
2012-06-03 00:08 - 2011-10-09 22:27 - 0000000 ____D C:\Users\Wouter\Application Data\OpenOffice.org
2012-06-03 00:08 - 2011-10-09 22:27 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\OpenOffice.org
2012-06-03 00:08 - 2011-10-09 22:21 - 0000000 ____D C:\Users\Wouter\Desktop\OpenOffice.org 3.3 (nl) Installation Files
2012-06-03 00:08 - 2011-09-19 00:46 - 0000000 ____D C:\Users\Wouter\Application Data\Thunderbird
2012-06-03 00:08 - 2011-09-19 00:46 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Thunderbird
2012-06-03 00:08 - 2011-08-14 10:11 - 0000000 ____D C:\Users\Wouter\Application Data\Skype
2012-06-03 00:08 - 2011-08-14 10:11 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Skype
2012-06-03 00:08 - 2011-07-04 18:10 - 0000000 ____D C:\Users\Wouter\Documents\EA Games
2012-06-03 00:08 - 2011-06-27 22:17 - 0000000 ____D C:\Users\Wouter\Documents\My Games
2012-06-03 00:08 - 2011-06-27 20:07 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-03 00:08 - 2011-06-27 19:37 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-06-03 00:08 - 2011-06-27 18:40 - 0000000 ____D C:\Users\Wouter\Local Settings\PunkBuster
2012-06-03 00:08 - 2011-06-27 18:40 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\PunkBuster
2012-06-03 00:08 - 2011-06-27 18:40 - 0000000 ____D C:\Users\Wouter\AppData\Local\PunkBuster
2012-06-03 00:08 - 2011-06-27 16:00 - 0000000 ____D C:\Users\All Users\PCDr
2012-06-03 00:08 - 2011-06-27 16:00 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2012-06-03 00:08 - 2011-06-27 13:22 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-06-03 00:08 - 2011-06-27 13:09 - 0000000 ____D C:\Program Files\Microsoft Office
2012-06-03 00:08 - 2011-06-27 12:13 - 0000000 ____D C:\Users\Wouter\Local Settings\Opera
2012-06-03 00:08 - 2011-06-27 12:13 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\Opera
2012-06-03 00:08 - 2011-06-27 12:13 - 0000000 ____D C:\Users\Wouter\Application Data\Opera
2012-06-03 00:08 - 2011-06-27 12:13 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Opera
2012-06-03 00:08 - 2011-06-27 12:13 - 0000000 ____D C:\Users\Wouter\AppData\Local\Opera
2012-06-03 00:08 - 2011-06-27 12:10 - 0000000 ____D C:\Users\Wouter\Local Settings\Dell
2012-06-03 00:08 - 2011-06-27 12:10 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\Dell
2012-06-03 00:08 - 2011-06-27 12:10 - 0000000 ____D C:\Users\Wouter\Application Data\Adobe
2012-06-03 00:08 - 2011-06-27 12:10 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Adobe
2012-06-03 00:08 - 2011-06-27 12:10 - 0000000 ____D C:\Users\Wouter\AppData\Local\Dell
2012-06-03 00:08 - 2011-06-27 12:09 - 0000000 ____D C:\Users\Wouter\Local Settings\VirtualStore
2012-06-03 00:08 - 2011-06-27 12:09 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\VirtualStore
2012-06-03 00:08 - 2011-06-27 12:09 - 0000000 ____D C:\Users\Wouter\AppData\Local\VirtualStore
2012-06-03 00:08 - 2011-06-27 12:06 - 0000000 ____D C:\Users\Wouter\AppData\LocalLow
2012-06-03 00:08 - 2011-06-21 19:40 - 0000000 ____D C:\Program Files\Windows Journal
2012-06-03 00:08 - 2011-06-21 19:39 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-06-03 00:08 - 2011-06-21 12:38 - 0000000 ____D C:\Users\All Users\Uninstall
2012-06-03 00:08 - 2011-06-21 12:38 - 0000000 ____D C:\Users\All Users\Application Data\Uninstall
2012-06-03 00:08 - 2011-06-21 12:36 - 0000000 ____D C:\Program Files\Roxio
2012-06-03 00:08 - 2011-06-21 12:34 - 0000000 ____D C:\Users\All Users\Macrovision
2012-06-03 00:08 - 2011-06-21 12:34 - 0000000 ____D C:\Users\All Users\Application Data\Macrovision
2012-06-03 00:08 - 2011-06-21 12:32 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-06-03 00:08 - 2011-06-21 12:32 - 0000000 ____D C:\Users\All Users\Adobe
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Users\All Users\McAfee
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files\mcafee.com
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files\mcafee
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files\Dell Support Center
2012-06-03 00:08 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files\Common Files\mcafee
2012-06-03 00:08 - 2011-06-21 12:24 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-06-03 00:08 - 2011-06-21 12:23 - 0000000 ____D C:\Program Files\Windows Live
2012-06-03 00:08 - 2011-06-21 12:19 - 0000000 ____D C:\Users\All Users\Dell
2012-06-03 00:08 - 2011-06-21 12:19 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-06-03 00:08 - 2011-06-21 12:17 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-06-03 00:08 - 2011-06-21 12:16 - 0000000 ____D C:\Users\All Users\Skype
2012-06-03 00:08 - 2011-06-21 12:16 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-06-03 00:08 - 2011-06-21 12:14 - 0000000 ____D C:\Program Files\Java
2012-06-03 00:08 - 2011-06-21 12:14 - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-03 00:08 - 2011-06-21 12:14 - 0000000 ____D C:\Program Files\ATI
2012-06-03 00:08 - 2011-06-21 12:09 - 0000000 ____D C:\Program Files\Dell Inc
2012-06-03 00:08 - 2011-06-21 11:04 - 0000000 ____D C:\Program Files\CONEXANT
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\MSBuild
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-06-03 00:08 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 __RHD C:\users\Default
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Windows NT
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-03 00:08 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-06-03 00:07 - 2012-03-27 22:29 - 0000000 ____D C:\Program Files (x86)\Google
2012-06-03 00:07 - 2012-02-06 19:47 - 0000000 ____D C:\Users\Wouter\Desktop\bachelor scriptie
2012-06-03 00:07 - 2011-12-21 00:47 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-06-03 00:07 - 2011-11-16 22:54 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-06-03 00:07 - 2011-11-16 21:55 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-06-03 00:07 - 2011-11-16 21:55 - 0000000 ____D C:\Program Files (x86)\Origin
2012-06-03 00:07 - 2011-10-30 15:21 - 0000000 ____D C:\Program Files (x86)\Cisco Systems
2012-06-03 00:07 - 2011-10-09 22:26 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-06-03 00:07 - 2011-09-19 00:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-03 00:07 - 2011-09-11 17:02 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-06-03 00:07 - 2011-07-04 18:01 - 0000000 ____D C:\Program Files (x86)\AGEIA Technologies
2012-06-03 00:07 - 2011-06-27 22:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-06-03 00:07 - 2011-06-27 13:53 - 0000000 ____D C:\Program Files (x86)\Empire Total War
2012-06-03 00:07 - 2011-06-27 13:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-06-03 00:07 - 2011-06-27 12:31 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-06-03 00:07 - 2011-06-27 12:13 - 0000000 ____D C:\Program Files (x86)\Dell Touch Software Suite
2012-06-03 00:07 - 2011-06-27 12:13 - 0000000 ____D C:\FIND_EULA_PATH
2012-06-03 00:07 - 2011-06-21 12:34 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-06-03 00:07 - 2011-06-21 12:32 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-06-03 00:07 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files (x86)\mcafee.com
2012-06-03 00:07 - 2011-06-21 12:27 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-06-03 00:07 - 2011-06-21 12:25 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-03 00:07 - 2011-06-21 12:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-03 00:07 - 2011-06-21 12:21 - 0000000 ____D C:\Program Files (x86)\Dell Stage
2012-06-03 00:07 - 2011-06-21 12:20 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-06-03 00:07 - 2011-06-21 12:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-03 00:07 - 2011-06-21 12:19 - 0000000 ____D C:\Program Files (x86)\Dell
2012-06-03 00:07 - 2011-06-21 12:14 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-03 00:07 - 2011-06-21 12:13 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-03 00:07 - 2011-02-15 15:50 - 0000000 ____D C:\dell
2012-06-03 00:07 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-06-03 00:07 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-06-03 00:06 - 2009-07-14 04:18 - 0000000 __SHD C:\$Recycle.Bin
2012-06-02 23:58 - 2011-06-21 12:35 - 0000000 ____D C:\Users\All Users\Sonic
2012-06-02 23:58 - 2011-06-21 12:35 - 0000000 ____D C:\Users\All Users\Application Data\Sonic
2012-06-02 23:49 - 2012-06-02 23:48 - 0130472 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.48.21_log.txt
2012-06-02 23:48 - 2012-06-02 23:45 - 0052444 ____A C:\Windows\ntbtlog.txt
2012-06-02 23:31 - 2012-06-02 23:30 - 0257386 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.30.35_log.txt
2012-06-02 23:26 - 2012-06-02 23:25 - 0130520 ____A C:\TDSSKiller.2.7.36.0_03.06.2012_00.25.57_log.txt
2012-06-02 23:14 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-06-02 22:36 - 2012-06-02 22:33 - 0005626 ____A C:\TDSSKiller.2.7.36.0_02.06.2012_23.33.33_log.txt
2012-06-02 22:16 - 2012-06-02 22:16 - 0002446 ____A C:\Users\Wouter\Desktop\mbam-log-2012-06-02 (22-30-15).txt
2012-06-02 14:43 - 2012-06-02 14:43 - 0000000 ___HD C:\$AVG
2012-06-02 14:42 - 2012-06-02 14:42 - 0000000 ____D C:\Program Files (x86)\AVG
2012-06-01 01:55 - 2012-06-01 01:55 - 0000000 ____D C:\Users\Wouter\Application Data\Malwarebytes
2012-06-01 01:55 - 2012-06-01 01:55 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Malwarebytes
2012-06-01 01:54 - 2012-06-01 01:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-06-01 01:54 - 2012-06-01 01:54 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-01 01:52 - 2012-06-01 01:44 - 0000000 ____D C:\Users\Wouter\Application Data\Ad-Aware Antivirus
2012-06-01 01:52 - 2012-06-01 01:44 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\Ad-Aware Antivirus
2012-06-01 01:47 - 2012-06-01 01:47 - 0000012 ____A C:\Users\Wouter\Desktop\FSSC.dat
2012-06-01 01:21 - 2012-06-01 01:21 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-01 01:21 - 2011-06-27 12:21 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-31 20:19 - 2011-08-06 00:21 - 0000000 ____D C:\niet bewegende beelden
2012-05-31 20:10 - 2012-05-31 20:10 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw - Microsoft Word-document.docx
2012-05-31 17:15 - 2009-07-14 06:08 - 0032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-31 17:14 - 2012-05-31 10:51 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-05-29 23:47 - 2011-12-21 00:48 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-05-29 23:47 - 2011-12-21 00:48 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-05-20 23:53 - 2011-06-27 18:40 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-20 23:53 - 2011-06-27 18:38 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-20 23:53 - 2011-06-27 18:38 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-20 18:55 - 2012-05-20 18:55 - 0000945 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-20 18:55 - 2012-05-20 18:55 - 0000945 ____A C:\Users\All Users\Desktop\µTorrent.lnk
2012-05-20 18:55 - 2011-06-27 12:20 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-15 14:03 - 2012-05-15 14:03 - 0022262 ____A C:\Users\Wouter\Desktop\afstuderen zomer bachelor (4).docx
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\Wouter\Documents\Telltale Games
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\All Users\RELOADED
2012-05-14 16:25 - 2012-05-14 16:25 - 0000000 ____D C:\Users\All Users\Application Data\RELOADED
2012-05-14 16:23 - 2012-05-14 16:23 - 0000876 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-05-14 16:23 - 2012-05-14 16:23 - 0000876 ____A C:\Users\All Users\Desktop\The Walking Dead.lnk
2012-05-14 13:45 - 2012-04-18 15:05 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-14 11:08 - 2012-05-14 09:38 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2012-05-10 11:34 - 2009-07-14 05:45 - 0348912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 02:01 - 2011-08-03 10:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 01:59 - 2010-11-21 17:48 - 0754448 ____A C:\Windows\System32\perfh013.dat
2012-05-10 01:59 - 2010-11-21 17:48 - 0157980 ____A C:\Windows\System32\perfc013.dat
2012-05-10 01:59 - 2009-07-14 06:13 - 1718038 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-09 22:43 - 2012-05-09 22:43 - 5135033 ____A C:\Users\Wouter\Desktop\mar en mam.jpg
2012-05-09 22:43 - 2012-05-09 22:43 - 3782809 ____A C:\Users\Wouter\Desktop\verbouwing nijverdal.jpg
2012-05-09 19:00 - 2012-05-09 19:00 - 0000000 ____A C:\Users\Wouter\Desktop\Nieuw tekstdocument.txt
2012-05-06 00:00 - 2011-06-27 12:14 - 0000000 ____D C:\Users\Wouter\Local Settings\ElevatedDiagnostics
2012-05-06 00:00 - 2011-06-27 12:14 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\ElevatedDiagnostics
2012-05-06 00:00 - 2011-06-27 12:14 - 0000000 ____D C:\Users\Wouter\AppData\Local\ElevatedDiagnostics
2012-05-01 19:20 - 2012-05-01 19:20 - 0391043 ____A C:\Users\Wouter\Desktop\ANP18909429medium.jpg
2012-04-27 02:38 - 2012-04-27 02:38 - 0099116 ____A C:\Users\Wouter\Desktop\Schakeltrajecten_2012-13_WO_met_IEL.pdf
2012-04-26 15:42 - 2012-04-26 15:34 - 18880375 ____A C:\Users\Wouter\Desktop\ANDERSON, Benedict (Imagined communities).pdf
2012-04-23 11:54 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-21 12:34 - 2012-04-21 12:34 - 0002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-21 12:34 - 2012-04-21 12:34 - 0002214 ____A C:\Users\All Users\Desktop\Google Earth.lnk
2012-04-19 15:15 - 2012-04-19 15:14 - 17113653 ____A C:\Users\Wouter\Desktop\hobsbawm.rar
2012-04-05 18:40 - 2012-04-05 18:40 - 0002239 ____A C:\Users\Wouter\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
2012-04-04 14:56 - 2012-06-03 00:14 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 12:20 - 2012-04-04 12:16 - 0000000 ____D C:\Users\Wouter\Desktop\Empire_Total_War_Special_Forces_Edition-Razor1911
2012-04-03 22:13 - 2012-04-03 14:11 - 0000000 ____D C:\Users\Wouter\Desktop\zweden 2012
2012-04-03 14:08 - 2012-04-03 14:05 - 162454708 ____A C:\Users\Wouter\Desktop\Zweden2012.zip
2012-04-03 02:05 - 2011-02-15 09:00 - 1673558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-31 07:05 - 2012-05-09 16:44 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:39 - 2012-05-09 16:44 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-09 16:44 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 04:10 - 2012-05-09 16:44 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 12:35 - 2012-05-09 16:43 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 22:30 - 2012-03-27 22:29 - 0000000 ____D C:\Users\Wouter\Local Settings\Google
2012-03-27 22:30 - 2012-03-27 22:29 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\Google
2012-03-27 22:30 - 2012-03-27 22:29 - 0000000 ____D C:\Users\Wouter\AppData\Local\Google
2012-03-22 23:17 - 2011-06-27 19:39 - 0000000 ____D C:\muziek
2012-03-22 18:48 - 2012-03-22 18:48 - 0274128 ____A C:\Windows\Minidump\032212-17425-01.dmp
2012-03-22 18:48 - 2011-07-04 03:17 - 529694543 ____A C:\Windows\MEMORY.DMP
2012-03-22 18:48 - 2011-07-04 03:17 - 0000000 ____D C:\Windows\Minidump
2012-03-21 18:15 - 2012-03-21 18:15 - 0000000 ____D C:\Users\Wouter\Local Settings\cYo
2012-03-21 18:15 - 2012-03-21 18:15 - 0000000 ____D C:\Users\Wouter\Local Settings\Application Data\cYo
2012-03-21 18:15 - 2012-03-21 18:15 - 0000000 ____D C:\Users\Wouter\Application Data\cYo
2012-03-21 18:15 - 2012-03-21 18:15 - 0000000 ____D C:\Users\Wouter\AppData\Roaming\cYo
2012-03-21 18:15 - 2012-03-21 18:15 - 0000000 ____D C:\Users\Wouter\AppData\Local\cYo
2012-03-21 18:14 - 2012-03-21 18:14 - 0000842 ____A C:\Users\Public\Desktop\ComicRack.lnk
2012-03-21 18:14 - 2012-03-21 18:14 - 0000842 ____A C:\Users\All Users\Desktop\ComicRack.lnk
2012-03-17 08:58 - 2012-05-09 16:43 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6126.64 MB
Available physical RAM: 5452.43 MB
Total Pagefile: 6124.84 MB
Available Pagefile: 5439.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:502.26 GB) NTFS
4 Drive f: (UDISK) (Removable) (Total:1.87 GB) (Free:1.17 GB) FAT
5 Drive g: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.39 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 0 B
Schf 1 Online 1912 MB 0 B
Schf 2 Geen medium 0 B 0 B

DiskPart afsluiten...


==========================================================

Last Boot: 2012-05-29 12:01

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 03 June 2012 - 05:15 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
HKLM-x32\...\Run: [] [x]
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2012 - 07:52 PM

FRST64 functioned normally, here is the log. Now I will run combofix.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-04 02:45:47 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

==== End of Fixlog ====

#6 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2012 - 08:24 PM

here is the log for combofix, had to reboot to get opera to work and I uninstalled mcafee, because I couldn't change anything in the options.


ComboFix 12-06-03.05 - Wouter 04-06-2012 3:07.1.4 - x64
Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))))
.
.
2012-06-04 01:13 . 2012-06-04 01:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 20:35 . 2012-06-03 20:36 -------- d-----w- C:\FRST
2012-06-03 00:05 . 2012-06-03 00:05 -------- d-----w- c:\program files (x86)\ESET
2012-06-02 23:14 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- C:\$AVG
2012-06-02 13:43 . 2012-06-02 23:11 -------- d-----w- c:\programdata\AVG2012
2012-06-02 13:43 . 2012-06-02 23:10 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-02 13:42 . 2012-06-02 13:42 -------- d-----w- c:\program files (x86)\AVG
2012-06-01 00:55 . 2012-06-01 00:55 -------- d-----w- c:\users\Wouter\AppData\Roaming\Malwarebytes
2012-06-01 00:54 . 2012-06-01 00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 00:54 . 2012-06-02 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 00:46 . 2012-06-02 23:11 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-01 00:44 . 2012-06-01 00:52 -------- d-----w- c:\users\Wouter\AppData\Roaming\Ad-Aware Antivirus
2012-06-01 00:21 . 2012-06-01 00:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 00:21 . 2012-06-02 23:09 -------- d-----w- c:\windows\system32\Macromed
2012-05-27 13:03 . 2011-06-22 08:43 36864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sst2cpc.dll
2012-05-27 13:01 . 2009-07-12 03:16 11576 ----a-w- c:\windows\system32\drivers\SSPORT.SYS
2012-05-14 15:25 . 2012-05-14 15:25 -------- d-----w- c:\programdata\RELOADED
2012-05-14 15:23 . 2012-06-02 23:11 -------- d-----w- c:\program files (x86)\The Walking Dead
2012-05-09 15:44 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 15:44 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 15:44 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 15:44 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 15:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 15:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 15:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 15:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 15:43 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 15:43 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 00:21 . 2011-06-27 11:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 22:53 . 2011-06-27 17:40 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-20 22:53 . 2011-06-27 17:38 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-20 22:53 . 2011-06-27 17:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/21 12:20;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-22 2152720]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-20 17152]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 10:52]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 21:29]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 21:29]
.
2012-05-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.87.106.106 192.87.36.36
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-04 03:18:31 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-04 01:18
.
Pre-Run: 538.943.479.808 bytes beschikbaar
Post-Run: 539.324.399.616 bytes beschikbaar
.
- - End Of File - - 6D0EEF771EE42E71E195D662467A3451

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 03 June 2012 - 08:57 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2012 - 10:45 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.06.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wouter :: WOUTER-PC [administrator]

4-6-2012 4:05:10
mbam-log-2012-06-04 (04-05-10).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 206872
Verstreken tijd: 1 minuut/minuten, 7 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)



ESET

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000064.@ Win64/Sirefef.AE trojan

Edited by wouterdekabouter, 03 June 2012 - 10:46 PM.


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 03 June 2012 - 10:48 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic455748.html/page__pid__2719650#entry2719650

Collect::
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000000.@ 
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000064.@ 

Folder::
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 04 June 2012 - 06:44 AM

sorry for the late reply, had to sleep.



ComboFix 12-06-03.05 - Wouter 04-06-2012 13:27:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6127.4076 [GMT 2:00]
Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Wouter\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\@
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\L\00000004.@
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\L\201d3dde
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\00000004.@
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\000000cb.@
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000000.@
c:\windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000064.@
X:\Autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))))
.
.
2012-06-04 11:33 . 2012-06-04 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 20:35 . 2012-06-03 20:36 -------- d-----w- C:\FRST
2012-06-03 00:05 . 2012-06-03 00:05 -------- d-----w- c:\program files (x86)\ESET
2012-06-02 23:14 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- C:\$AVG
2012-06-02 13:43 . 2012-06-02 23:11 -------- d-----w- c:\programdata\AVG2012
2012-06-02 13:43 . 2012-06-02 23:10 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-02 13:42 . 2012-06-02 13:42 -------- d-----w- c:\program files (x86)\AVG
2012-06-01 00:55 . 2012-06-01 00:55 -------- d-----w- c:\users\Wouter\AppData\Roaming\Malwarebytes
2012-06-01 00:54 . 2012-06-01 00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 00:54 . 2012-06-02 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 00:46 . 2012-06-02 23:11 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-01 00:44 . 2012-06-01 00:52 -------- d-----w- c:\users\Wouter\AppData\Roaming\Ad-Aware Antivirus
2012-06-01 00:21 . 2012-06-01 00:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 00:21 . 2012-06-02 23:09 -------- d-----w- c:\windows\system32\Macromed
2012-05-27 13:03 . 2011-06-22 08:43 36864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sst2cpc.dll
2012-05-27 13:01 . 2009-07-12 03:16 11576 ----a-w- c:\windows\system32\drivers\SSPORT.SYS
2012-05-14 15:25 . 2012-05-14 15:25 -------- d-----w- c:\programdata\RELOADED
2012-05-14 15:23 . 2012-06-02 23:11 -------- d-----w- c:\program files (x86)\The Walking Dead
2012-05-09 15:44 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 15:44 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 15:44 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 15:44 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 15:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 15:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 15:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 15:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 15:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 15:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 15:43 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 15:43 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 00:21 . 2011-06-27 11:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 22:53 . 2011-06-27 17:40 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-20 22:53 . 2011-06-27 17:38 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-20 22:53 . 2011-06-27 17:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_01.15.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-04 11:33 . 2012-06-04 11:33 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-04 01:13 . 2012-06-04 01:13 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-04 01:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-04 11:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-04 01:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 11:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 11:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-04 01:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-04 11:21 27298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-04 11:21 24770 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-28 09:41 . 2012-06-04 11:21 17934 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-819651530-3361869633-881799453-1000_UserData.bin
- 2012-06-04 01:14 . 2012-06-04 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 11:33 . 2012-06-04 11:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 11:33 . 2012-06-04 11:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-04 01:14 . 2012-06-04 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-21 16:48 . 2012-06-04 01:26 754448 c:\windows\system32\perfh013.dat
- 2010-11-21 16:48 . 2012-05-10 00:59 754448 c:\windows\system32\perfh013.dat
- 2009-07-14 02:36 . 2012-05-10 00:59 661956 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-04 01:26 661956 c:\windows\system32\perfh009.dat
- 2010-11-21 16:48 . 2012-05-10 00:59 157980 c:\windows\system32\perfc013.dat
+ 2010-11-21 16:48 . 2012-06-04 01:26 157980 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2012-06-04 01:26 125784 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-10 00:59 125784 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-04 01:13 315960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-04 11:33 315960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-21 11:41 . 2012-06-04 01:03 1271128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-21 11:41 . 2012-06-04 11:33 1271128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-28 08:52 . 2012-06-04 11:33 5265380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-819651530-3361869633-881799453-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/21 12:20;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-22 2152720]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-20 17152]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 10:52]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 21:29]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 21:29]
.
2012-05-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.87.106.106 192.87.36.36
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-06-04 13:37:57 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-04 11:37
ComboFix2.txt 2012-06-04 01:18
.
Pre-Run: 537.846.861.824 bytes beschikbaar
Post-Run: 537.421.115.392 bytes beschikbaar
.
- - End Of File - - F27FE43A2E452493FEB1FEBDE047ABB4
Upload was successvol

Edited by wouterdekabouter, 04 June 2012 - 06:45 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 04 June 2012 - 07:16 AM

Delete the version of TDSSKiller from your desktop and download a fresh copy:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 04 June 2012 - 07:46 AM

14:44:48.0942 1840 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:44:49.0032 1840 ============================================================
14:44:49.0032 1840 Current date / time: 2012/06/04 14:44:49.0032
14:44:49.0032 1840 SystemInfo:
14:44:49.0032 1840
14:44:49.0032 1840 OS Version: 6.1.7601 ServicePack: 1.0
14:44:49.0032 1840 Product type: Workstation
14:44:49.0032 1840 ComputerName: WOUTER-PC
14:44:49.0035 1840 UserName: Wouter
14:44:49.0035 1840 Windows directory: C:\Windows
14:44:49.0035 1840 System windows directory: C:\Windows
14:44:49.0035 1840 Running under WOW64
14:44:49.0035 1840 Processor architecture: Intel x64
14:44:49.0035 1840 Number of processors: 4
14:44:49.0035 1840 Page size: 0x1000
14:44:49.0035 1840 Boot type: Normal boot
14:44:49.0035 1840 ============================================================
14:44:49.0977 1840 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:44:49.0982 1840 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:44:49.0990 1840 ============================================================
14:44:49.0990 1840 \Device\Harddisk0\DR0:
14:44:49.0990 1840 MBR partitions:
14:44:49.0990 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
14:44:49.0990 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
14:44:49.0990 1840 \Device\Harddisk1\DR1:
14:44:49.0990 1840 MBR partitions:
14:44:49.0990 1840 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
14:44:49.0990 1840 ============================================================
14:44:50.0005 1840 C: <-> \Device\Harddisk0\DR0\Partition1
14:44:50.0007 1840 ============================================================
14:44:50.0007 1840 Initialize success
14:44:50.0007 1840 ============================================================
14:45:03.0872 3692 ============================================================
14:45:03.0872 3692 Scan started
14:45:03.0872 3692 Mode: Manual; TDLFS;
14:45:03.0872 3692 ============================================================
14:45:04.0507 3692 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:45:04.0510 3692 !SASCORE - ok
14:45:04.0597 3692 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:45:04.0597 3692 1394ohci - ok
14:45:04.0615 3692 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:45:04.0617 3692 ACPI - ok
14:45:04.0627 3692 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:45:04.0627 3692 AcpiPmi - ok
14:45:04.0732 3692 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:45:04.0732 3692 AdobeARMservice - ok
14:45:04.0757 3692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:45:04.0765 3692 adp94xx - ok
14:45:04.0787 3692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:45:04.0792 3692 adpahci - ok
14:45:04.0810 3692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:45:04.0812 3692 adpu320 - ok
14:45:04.0837 3692 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:45:04.0840 3692 AeLookupSvc - ok
14:45:04.0892 3692 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:45:04.0897 3692 AFD - ok
14:45:04.0915 3692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:45:04.0915 3692 agp440 - ok
14:45:04.0930 3692 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:45:04.0932 3692 ALG - ok
14:45:04.0940 3692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:45:04.0940 3692 aliide - ok
14:45:04.0982 3692 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
14:45:04.0982 3692 AMD External Events Utility - ok
14:45:04.0992 3692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:45:04.0992 3692 amdide - ok
14:45:05.0010 3692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:45:05.0010 3692 AmdK8 - ok
14:45:05.0230 3692 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:45:05.0345 3692 amdkmdag - ok
14:45:05.0405 3692 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
14:45:05.0407 3692 amdkmdap - ok
14:45:05.0435 3692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:45:05.0435 3692 AmdPPM - ok
14:45:05.0490 3692 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:45:05.0492 3692 amdsata - ok
14:45:05.0522 3692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:45:05.0525 3692 amdsbs - ok
14:45:05.0542 3692 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:45:05.0542 3692 amdxata - ok
14:45:05.0557 3692 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:45:05.0557 3692 AppID - ok
14:45:05.0562 3692 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:45:05.0562 3692 AppIDSvc - ok
14:45:05.0595 3692 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:45:05.0597 3692 Appinfo - ok
14:45:05.0632 3692 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:45:05.0635 3692 arc - ok
14:45:05.0645 3692 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:45:05.0647 3692 arcsas - ok
14:45:05.0727 3692 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:45:05.0730 3692 aspnet_state - ok
14:45:05.0742 3692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:05.0742 3692 AsyncMac - ok
14:45:05.0770 3692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:45:05.0770 3692 atapi - ok
14:45:05.0785 3692 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
14:45:05.0787 3692 AtiHDAudioService - ok
14:45:05.0812 3692 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:45:05.0820 3692 AudioEndpointBuilder - ok
14:45:05.0822 3692 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:45:05.0827 3692 AudioSrv - ok
14:45:05.0840 3692 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:45:05.0842 3692 AxInstSV - ok
14:45:05.0865 3692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:45:05.0870 3692 b06bdrv - ok
14:45:05.0900 3692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:45:05.0902 3692 b57nd60a - ok
14:45:06.0045 3692 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
14:45:06.0045 3692 BBSvc - ok
14:45:06.0060 3692 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
14:45:06.0062 3692 BBUpdate - ok
14:45:06.0075 3692 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:45:06.0077 3692 BDESVC - ok
14:45:06.0085 3692 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:45:06.0087 3692 Beep - ok
14:45:06.0152 3692 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:45:06.0160 3692 BFE - ok
14:45:06.0217 3692 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:45:06.0227 3692 BITS - ok
14:45:06.0255 3692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:06.0257 3692 blbdrive - ok
14:45:06.0295 3692 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:45:06.0295 3692 bowser - ok
14:45:06.0307 3692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:45:06.0307 3692 BrFiltLo - ok
14:45:06.0322 3692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:45:06.0322 3692 BrFiltUp - ok
14:45:06.0342 3692 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:45:06.0345 3692 BridgeMP - ok
14:45:06.0362 3692 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:45:06.0365 3692 Browser - ok
14:45:06.0387 3692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:45:06.0392 3692 Brserid - ok
14:45:06.0407 3692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:06.0410 3692 BrSerWdm - ok
14:45:06.0420 3692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:06.0420 3692 BrUsbMdm - ok
14:45:06.0430 3692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:06.0430 3692 BrUsbSer - ok
14:45:06.0442 3692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:45:06.0445 3692 BTHMODEM - ok
14:45:06.0462 3692 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:45:06.0462 3692 bthserv - ok
14:45:06.0465 3692 catchme - ok
14:45:06.0482 3692 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:45:06.0482 3692 cdfs - ok
14:45:06.0517 3692 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:45:06.0520 3692 cdrom - ok
14:45:06.0535 3692 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:45:06.0537 3692 CertPropSvc - ok
14:45:06.0552 3692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:45:06.0555 3692 circlass - ok
14:45:06.0577 3692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:45:06.0580 3692 CLFS - ok
14:45:06.0710 3692 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
14:45:06.0710 3692 CLKMSVC10_9EC60124 - ok
14:45:06.0775 3692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:06.0775 3692 clr_optimization_v2.0.50727_32 - ok
14:45:06.0845 3692 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:45:06.0847 3692 clr_optimization_v2.0.50727_64 - ok
14:45:06.0892 3692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:45:06.0892 3692 clr_optimization_v4.0.30319_32 - ok
14:45:06.0935 3692 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:45:06.0935 3692 clr_optimization_v4.0.30319_64 - ok
14:45:06.0985 3692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:45:06.0985 3692 CmBatt - ok
14:45:06.0995 3692 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:45:06.0995 3692 cmdide - ok
14:45:07.0037 3692 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:45:07.0042 3692 CNG - ok
14:45:07.0095 3692 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
14:45:07.0105 3692 CnxtHdAudService - ok
14:45:07.0170 3692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:45:07.0172 3692 Compbatt - ok
14:45:07.0190 3692 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:45:07.0192 3692 CompositeBus - ok
14:45:07.0195 3692 COMSysApp - ok
14:45:07.0215 3692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:45:07.0215 3692 crcdisk - ok
14:45:07.0242 3692 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:45:07.0245 3692 CryptSvc - ok
14:45:07.0357 3692 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:45:07.0362 3692 cvhsvc - ok
14:45:07.0407 3692 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
14:45:07.0410 3692 CVirtA - ok
14:45:07.0497 3692 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
14:45:07.0502 3692 CVPND - ok
14:45:07.0580 3692 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
14:45:07.0582 3692 CVPNDRVA - ok
14:45:07.0615 3692 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:45:07.0620 3692 DcomLaunch - ok
14:45:07.0645 3692 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:45:07.0647 3692 defragsvc - ok
14:45:07.0690 3692 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:45:07.0690 3692 DfsC - ok
14:45:07.0742 3692 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:45:07.0747 3692 Dhcp - ok
14:45:07.0760 3692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:45:07.0760 3692 discache - ok
14:45:07.0792 3692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:45:07.0795 3692 Disk - ok
14:45:07.0835 3692 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
14:45:07.0835 3692 DNE - ok
14:45:07.0875 3692 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:45:07.0877 3692 Dnscache - ok
14:45:07.0890 3692 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:45:07.0895 3692 dot3svc - ok
14:45:07.0905 3692 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:45:07.0907 3692 DPS - ok
14:45:07.0945 3692 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:45:07.0945 3692 drmkaud - ok
14:45:07.0992 3692 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:45:07.0995 3692 dtsoftbus01 - ok
14:45:08.0242 3692 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:45:08.0250 3692 DXGKrnl - ok
14:45:08.0275 3692 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:45:08.0277 3692 EapHost - ok
14:45:08.0362 3692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:45:08.0417 3692 ebdrv - ok
14:45:08.0492 3692 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:45:08.0492 3692 EFS - ok
14:45:08.0552 3692 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:45:08.0560 3692 ehRecvr - ok
14:45:08.0570 3692 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:45:08.0572 3692 ehSched - ok
14:45:08.0627 3692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:45:08.0635 3692 elxstor - ok
14:45:08.0647 3692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:45:08.0650 3692 ErrDev - ok
14:45:08.0710 3692 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:45:08.0712 3692 EventSystem - ok
14:45:08.0760 3692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:45:08.0762 3692 exfat - ok
14:45:08.0780 3692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:45:08.0782 3692 fastfat - ok
14:45:08.0810 3692 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:45:08.0817 3692 Fax - ok
14:45:08.0835 3692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:45:08.0835 3692 fdc - ok
14:45:08.0850 3692 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:45:08.0850 3692 fdPHost - ok
14:45:08.0855 3692 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:45:08.0857 3692 FDResPub - ok
14:45:08.0867 3692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:45:08.0870 3692 FileInfo - ok
14:45:08.0877 3692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:45:08.0877 3692 Filetrace - ok
14:45:08.0892 3692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:45:08.0892 3692 flpydisk - ok
14:45:08.0912 3692 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:45:08.0915 3692 FltMgr - ok
14:45:08.0962 3692 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:45:08.0985 3692 FontCache - ok
14:45:09.0042 3692 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:45:09.0045 3692 FontCache3.0.0.0 - ok
14:45:09.0062 3692 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:45:09.0062 3692 FsDepends - ok
14:45:09.0100 3692 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:45:09.0100 3692 Fs_Rec - ok
14:45:09.0125 3692 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:45:09.0127 3692 fvevol - ok
14:45:09.0162 3692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:45:09.0165 3692 gagp30kx - ok
14:45:09.0195 3692 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:45:09.0205 3692 gpsvc - ok
14:45:09.0285 3692 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:09.0287 3692 gupdate - ok
14:45:09.0305 3692 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:09.0307 3692 gupdatem - ok
14:45:09.0332 3692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:45:09.0332 3692 hcw85cir - ok
14:45:09.0375 3692 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:45:09.0375 3692 HDAudBus - ok
14:45:09.0387 3692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:45:09.0387 3692 HidBatt - ok
14:45:09.0402 3692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:45:09.0405 3692 HidBth - ok
14:45:09.0417 3692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:45:09.0417 3692 HidIr - ok
14:45:09.0432 3692 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:45:09.0435 3692 hidserv - ok
14:45:09.0480 3692 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:45:09.0482 3692 HidUsb - ok
14:45:09.0492 3692 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:45:09.0495 3692 hkmsvc - ok
14:45:09.0510 3692 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:45:09.0512 3692 HomeGroupListener - ok
14:45:09.0555 3692 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:45:09.0557 3692 HomeGroupProvider - ok
14:45:09.0567 3692 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:45:09.0570 3692 HpSAMD - ok
14:45:09.0597 3692 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:45:09.0605 3692 HTTP - ok
14:45:09.0607 3692 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:45:09.0607 3692 hwpolicy - ok
14:45:09.0620 3692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:45:09.0620 3692 i8042prt - ok
14:45:09.0665 3692 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:45:09.0670 3692 iaStorV - ok
14:45:09.0745 3692 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:45:09.0752 3692 idsvc - ok
14:45:09.0762 3692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:45:09.0765 3692 iirsp - ok
14:45:09.0827 3692 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:45:09.0835 3692 IKEEXT - ok
14:45:09.0845 3692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:45:09.0847 3692 intelide - ok
14:45:09.0877 3692 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:45:09.0877 3692 intelppm - ok
14:45:09.0885 3692 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:45:09.0887 3692 IPBusEnum - ok
14:45:09.0902 3692 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:45:09.0905 3692 IpFilterDriver - ok
14:45:09.0957 3692 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:45:09.0965 3692 iphlpsvc - ok
14:45:09.0972 3692 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:45:09.0975 3692 IPMIDRV - ok
14:45:09.0982 3692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:45:09.0985 3692 IPNAT - ok
14:45:09.0992 3692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:45:09.0992 3692 IRENUM - ok
14:45:10.0017 3692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:45:10.0017 3692 isapnp - ok
14:45:10.0040 3692 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:45:10.0045 3692 iScsiPrt - ok
14:45:10.0055 3692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:45:10.0055 3692 kbdclass - ok
14:45:10.0065 3692 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:45:10.0065 3692 kbdhid - ok
14:45:10.0100 3692 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:45:10.0100 3692 KeyIso - ok
14:45:10.0115 3692 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:45:10.0117 3692 KSecDD - ok
14:45:10.0130 3692 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:45:10.0132 3692 KSecPkg - ok
14:45:10.0140 3692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:45:10.0142 3692 ksthunk - ok
14:45:10.0202 3692 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:45:10.0207 3692 KtmRm - ok
14:45:10.0255 3692 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:45:10.0260 3692 LanmanServer - ok
14:45:10.0277 3692 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:45:10.0282 3692 LanmanWorkstation - ok
14:45:10.0440 3692 Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
14:45:10.0450 3692 Lavasoft Ad-Aware Service - ok
14:45:10.0530 3692 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
14:45:10.0532 3692 Lavasoft Kernexplorer - ok
14:45:10.0620 3692 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:45:10.0620 3692 Lbd - ok
14:45:10.0660 3692 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:45:10.0660 3692 lltdio - ok
14:45:10.0682 3692 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:45:10.0685 3692 lltdsvc - ok
14:45:10.0702 3692 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:45:10.0702 3692 lmhosts - ok
14:45:10.0740 3692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:45:10.0742 3692 LSI_FC - ok
14:45:10.0780 3692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:45:10.0782 3692 LSI_SAS - ok
14:45:10.0787 3692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:45:10.0787 3692 LSI_SAS2 - ok
14:45:10.0795 3692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:45:10.0795 3692 LSI_SCSI - ok
14:45:10.0827 3692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:45:10.0827 3692 luafv - ok
14:45:10.0895 3692 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:45:10.0897 3692 Mcx2Svc - ok
14:45:10.0902 3692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:45:10.0902 3692 megasas - ok
14:45:10.0922 3692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:45:10.0925 3692 MegaSR - ok
14:45:10.0960 3692 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:45:10.0960 3692 MEIx64 - ok
14:45:11.0017 3692 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:45:11.0020 3692 MMCSS - ok
14:45:11.0035 3692 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:45:11.0035 3692 Modem - ok
14:45:11.0067 3692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:45:11.0067 3692 monitor - ok
14:45:11.0102 3692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:45:11.0102 3692 mouclass - ok
14:45:11.0115 3692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:45:11.0115 3692 mouhid - ok
14:45:11.0152 3692 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:45:11.0155 3692 mountmgr - ok
14:45:11.0170 3692 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:45:11.0172 3692 mpio - ok
14:45:11.0182 3692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:45:11.0185 3692 mpsdrv - ok
14:45:11.0250 3692 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:45:11.0262 3692 MpsSvc - ok
14:45:11.0277 3692 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:45:11.0280 3692 MRxDAV - ok
14:45:11.0305 3692 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:45:11.0305 3692 mrxsmb - ok
14:45:11.0352 3692 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:45:11.0355 3692 mrxsmb10 - ok
14:45:11.0365 3692 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:45:11.0365 3692 mrxsmb20 - ok
14:45:11.0377 3692 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:45:11.0380 3692 msahci - ok
14:45:11.0395 3692 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:45:11.0397 3692 msdsm - ok
14:45:11.0412 3692 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:45:11.0417 3692 MSDTC - ok
14:45:11.0430 3692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:45:11.0430 3692 Msfs - ok
14:45:11.0440 3692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:45:11.0442 3692 mshidkmdf - ok
14:45:11.0447 3692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:45:11.0447 3692 msisadrv - ok
14:45:11.0465 3692 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:45:11.0467 3692 MSiSCSI - ok
14:45:11.0470 3692 msiserver - ok
14:45:11.0505 3692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:45:11.0505 3692 MSKSSRV - ok
14:45:11.0527 3692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:45:11.0530 3692 MSPCLOCK - ok
14:45:11.0542 3692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:45:11.0545 3692 MSPQM - ok
14:45:11.0562 3692 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:45:11.0567 3692 MsRPC - ok
14:45:11.0607 3692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:45:11.0607 3692 mssmbios - ok
14:45:11.0617 3692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:45:11.0617 3692 MSTEE - ok
14:45:11.0625 3692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:45:11.0625 3692 MTConfig - ok
14:45:11.0642 3692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:45:11.0642 3692 Mup - ok
14:45:11.0670 3692 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:45:11.0677 3692 napagent - ok
14:45:11.0717 3692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:45:11.0722 3692 NativeWifiP - ok
14:45:11.0780 3692 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:45:11.0787 3692 NDIS - ok
14:45:11.0812 3692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:45:11.0815 3692 NdisCap - ok
14:45:11.0827 3692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:45:11.0830 3692 NdisTapi - ok
14:45:11.0847 3692 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:45:11.0847 3692 Ndisuio - ok
14:45:11.0865 3692 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:45:11.0867 3692 NdisWan - ok
14:45:11.0902 3692 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:45:11.0902 3692 NDProxy - ok
14:45:11.0907 3692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:45:11.0910 3692 NetBIOS - ok
14:45:11.0922 3692 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:45:11.0925 3692 NetBT - ok
14:45:11.0962 3692 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:45:11.0965 3692 Netlogon - ok
14:45:12.0010 3692 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:45:12.0015 3692 Netman - ok
14:45:12.0090 3692 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:12.0092 3692 NetMsmqActivator - ok
14:45:12.0140 3692 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:12.0140 3692 NetPipeActivator - ok
14:45:12.0207 3692 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:45:12.0212 3692 netprofm - ok
14:45:12.0215 3692 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:12.0217 3692 NetTcpActivator - ok
14:45:12.0220 3692 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:12.0222 3692 NetTcpPortSharing - ok
14:45:12.0275 3692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:45:12.0277 3692 nfrd960 - ok
14:45:12.0320 3692 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:45:12.0325 3692 NlaSvc - ok
14:45:12.0442 3692 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
14:45:12.0455 3692 NOBU - ok
14:45:12.0510 3692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:45:12.0510 3692 Npfs - ok
14:45:12.0520 3692 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:45:12.0522 3692 nsi - ok
14:45:12.0532 3692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:45:12.0535 3692 nsiproxy - ok
14:45:12.0617 3692 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:45:12.0647 3692 Ntfs - ok
14:45:12.0687 3692 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:45:12.0690 3692 Null - ok
14:45:12.0755 3692 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:45:12.0757 3692 nvraid - ok
14:45:12.0812 3692 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:45:12.0815 3692 nvstor - ok
14:45:12.0850 3692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:45:12.0850 3692 nv_agp - ok
14:45:12.0862 3692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:45:12.0865 3692 ohci1394 - ok
14:45:12.0930 3692 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:45:12.0932 3692 ose - ok
14:45:13.0070 3692 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:45:13.0145 3692 osppsvc - ok
14:45:13.0220 3692 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:45:13.0222 3692 p2pimsvc - ok
14:45:13.0415 3692 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:45:13.0422 3692 p2psvc - ok
14:45:13.0432 3692 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:45:13.0435 3692 Parport - ok
14:45:13.0472 3692 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:45:13.0475 3692 partmgr - ok
14:45:13.0492 3692 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:45:13.0495 3692 PcaSvc - ok
14:45:13.0590 3692 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
14:45:13.0590 3692 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
14:45:13.0610 3692 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:45:13.0610 3692 pci - ok
14:45:13.0635 3692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:45:13.0635 3692 pciide - ok
14:45:13.0647 3692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:45:13.0650 3692 pcmcia - ok
14:45:13.0662 3692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:45:13.0665 3692 pcw - ok
14:45:13.0687 3692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:45:13.0692 3692 PEAUTH - ok
14:45:13.0740 3692 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:45:13.0742 3692 PerfHost - ok
14:45:13.0795 3692 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:45:13.0822 3692 pla - ok
14:45:13.0855 3692 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:45:13.0862 3692 PlugPlay - ok
14:45:13.0882 3692 PnkBstrA - ok
14:45:13.0905 3692 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:45:13.0907 3692 PNRPAutoReg - ok
14:45:13.0927 3692 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:45:13.0930 3692 PNRPsvc - ok
14:45:13.0955 3692 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:45:13.0962 3692 PolicyAgent - ok
14:45:13.0987 3692 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:45:13.0990 3692 Power - ok
14:45:14.0040 3692 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:45:14.0042 3692 PptpMiniport - ok
14:45:14.0065 3692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:45:14.0067 3692 Processor - ok
14:45:14.0082 3692 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:45:14.0085 3692 ProfSvc - ok
14:45:14.0117 3692 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:45:14.0120 3692 ProtectedStorage - ok
14:45:14.0152 3692 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:45:14.0152 3692 Psched - ok
14:45:14.0195 3692 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:45:14.0197 3692 PxHlpa64 - ok
14:45:14.0265 3692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:45:14.0285 3692 ql2300 - ok
14:45:14.0350 3692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:45:14.0352 3692 ql40xx - ok
14:45:14.0380 3692 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:45:14.0385 3692 QWAVE - ok
14:45:14.0395 3692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:45:14.0395 3692 QWAVEdrv - ok
14:45:14.0397 3692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:45:14.0400 3692 RasAcd - ok
14:45:14.0415 3692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:45:14.0417 3692 RasAgileVpn - ok
14:45:14.0430 3692 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:45:14.0432 3692 RasAuto - ok
14:45:14.0442 3692 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:45:14.0445 3692 Rasl2tp - ok
14:45:14.0460 3692 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:45:14.0465 3692 RasMan - ok
14:45:14.0472 3692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:45:14.0475 3692 RasPppoe - ok
14:45:14.0490 3692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:45:14.0490 3692 RasSstp - ok
14:45:14.0505 3692 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:45:14.0507 3692 rdbss - ok
14:45:14.0522 3692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:45:14.0522 3692 rdpbus - ok
14:45:14.0537 3692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:45:14.0537 3692 RDPCDD - ok
14:45:14.0565 3692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:45:14.0565 3692 RDPENCDD - ok
14:45:14.0570 3692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:45:14.0570 3692 RDPREFMP - ok
14:45:14.0615 3692 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:45:14.0617 3692 RDPWD - ok
14:45:14.0655 3692 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:45:14.0657 3692 rdyboost - ok
14:45:14.0720 3692 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:45:14.0722 3692 RemoteAccess - ok
14:45:14.0732 3692 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:45:14.0737 3692 RemoteRegistry - ok
14:45:14.0830 3692 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:45:14.0847 3692 RoxMediaDB12OEM - ok
14:45:14.0890 3692 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:45:14.0895 3692 RoxWatch12 - ok
14:45:14.0940 3692 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:45:14.0942 3692 RpcEptMapper - ok
14:45:14.0965 3692 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:45:14.0967 3692 RpcLocator - ok
14:45:14.0992 3692 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:45:14.0995 3692 RpcSs - ok
14:45:15.0047 3692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:45:15.0050 3692 rspndr - ok
14:45:15.0092 3692 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:45:15.0095 3692 RTL8167 - ok
14:45:15.0125 3692 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:45:15.0127 3692 SamSs - ok
14:45:15.0227 3692 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:45:15.0227 3692 SASDIFSV - ok
14:45:15.0262 3692 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:45:15.0262 3692 SASKUTIL - ok
14:45:15.0275 3692 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:45:15.0275 3692 sbp2port - ok
14:45:15.0297 3692 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:45:15.0302 3692 SCardSvr - ok
14:45:15.0315 3692 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:45:15.0317 3692 scfilter - ok
14:45:15.0357 3692 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:45:15.0367 3692 Schedule - ok
14:45:15.0385 3692 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:45:15.0385 3692 SCPolicySvc - ok
14:45:15.0400 3692 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:45:15.0402 3692 SDRSVC - ok
14:45:15.0437 3692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:45:15.0440 3692 secdrv - ok
14:45:15.0455 3692 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:45:15.0455 3692 seclogon - ok
14:45:15.0460 3692 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:45:15.0462 3692 SENS - ok
14:45:15.0495 3692 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:45:15.0497 3692 SensrSvc - ok
14:45:15.0507 3692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:45:15.0507 3692 Serenum - ok
14:45:15.0540 3692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:45:15.0542 3692 Serial - ok
14:45:15.0560 3692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:45:15.0562 3692 sermouse - ok
14:45:15.0587 3692 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:45:15.0590 3692 SessionEnv - ok
14:45:15.0592 3692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:45:15.0595 3692 sffdisk - ok
14:45:15.0607 3692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:45:15.0607 3692 sffp_mmc - ok
14:45:15.0620 3692 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:45:15.0622 3692 sffp_sd - ok
14:45:15.0630 3692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:45:15.0630 3692 sfloppy - ok
14:45:15.0687 3692 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:45:15.0695 3692 Sftfs - ok
14:45:15.0785 3692 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:45:15.0787 3692 sftlist - ok
14:45:15.0850 3692 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:45:15.0852 3692 Sftplay - ok
14:45:15.0865 3692 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:45:15.0865 3692 Sftredir - ok
14:45:15.0972 3692 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:45:15.0985 3692 SftService - ok
14:45:16.0037 3692 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:45:16.0037 3692 Sftvol - ok
14:45:16.0050 3692 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:45:16.0050 3692 sftvsa - ok
14:45:16.0132 3692 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:45:16.0137 3692 SharedAccess - ok
14:45:16.0177 3692 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:45:16.0182 3692 ShellHWDetection - ok
14:45:16.0252 3692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:45:16.0255 3692 SiSRaid2 - ok
14:45:16.0272 3692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:45:16.0272 3692 SiSRaid4 - ok
14:45:16.0290 3692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:45:16.0290 3692 Smb - ok
14:45:16.0310 3692 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:45:16.0312 3692 SNMPTRAP - ok
14:45:16.0315 3692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:45:16.0315 3692 spldr - ok
14:45:16.0345 3692 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:45:16.0347 3692 Spooler - ok
14:45:16.0435 3692 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:45:16.0492 3692 sppsvc - ok
14:45:16.0527 3692 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:45:16.0530 3692 sppuinotify - ok
14:45:16.0557 3692 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:45:16.0562 3692 srv - ok
14:45:16.0582 3692 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:45:16.0587 3692 srv2 - ok
14:45:16.0602 3692 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:45:16.0602 3692 srvnet - ok
14:45:16.0637 3692 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:45:16.0640 3692 SSDPSRV - ok
14:45:16.0745 3692 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
14:45:16.0745 3692 SSPORT - ok
14:45:16.0757 3692 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:45:16.0760 3692 SstpSvc - ok
14:45:16.0770 3692 Steam Client Service - ok
14:45:16.0792 3692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:45:16.0792 3692 stexstor - ok
14:45:16.0862 3692 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:45:16.0870 3692 stisvc - ok
14:45:16.0895 3692 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:45:16.0895 3692 stllssvr - ok
14:45:16.0897 3692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:45:16.0897 3692 swenum - ok
14:45:16.0917 3692 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:45:16.0922 3692 swprv - ok
14:45:16.0970 3692 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:45:17.0000 3692 SysMain - ok
14:45:17.0037 3692 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:45:17.0040 3692 TabletInputService - ok
14:45:17.0057 3692 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:45:17.0062 3692 TapiSrv - ok
14:45:17.0070 3692 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:45:17.0072 3692 TBS - ok
14:45:17.0162 3692 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:45:17.0192 3692 Tcpip - ok
14:45:17.0287 3692 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:45:17.0295 3692 TCPIP6 - ok
14:45:17.0347 3692 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:45:17.0347 3692 tcpipreg - ok
14:45:17.0360 3692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:45:17.0360 3692 TDPIPE - ok
14:45:17.0402 3692 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:45:17.0405 3692 TDTCP - ok
14:45:17.0422 3692 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:45:17.0425 3692 tdx - ok
14:45:17.0430 3692 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:45:17.0432 3692 TermDD - ok
14:45:17.0460 3692 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:45:17.0467 3692 TermService - ok
14:45:17.0480 3692 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:45:17.0482 3692 Themes - ok
14:45:17.0507 3692 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:45:17.0507 3692 THREADORDER - ok
14:45:17.0525 3692 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:45:17.0527 3692 TrkWks - ok
14:45:17.0557 3692 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:45:17.0560 3692 TrustedInstaller - ok
14:45:17.0572 3692 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:45:17.0572 3692 tssecsrv - ok
14:45:17.0590 3692 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:45:17.0590 3692 TsUsbFlt - ok
14:45:17.0605 3692 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:45:17.0607 3692 TsUsbGD - ok
14:45:17.0637 3692 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:45:17.0640 3692 tunnel - ok
14:45:17.0660 3692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:45:17.0662 3692 uagp35 - ok
14:45:17.0680 3692 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:45:17.0685 3692 udfs - ok
14:45:17.0702 3692 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:45:17.0702 3692 UI0Detect - ok
14:45:17.0722 3692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:45:17.0722 3692 uliagpkx - ok
14:45:17.0730 3692 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:45:17.0730 3692 umbus - ok
14:45:17.0732 3692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:45:17.0735 3692 UmPass - ok
14:45:17.0760 3692 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:45:17.0767 3692 upnphost - ok
14:45:17.0865 3692 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:45:17.0867 3692 usbaudio - ok
14:45:17.0912 3692 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
14:45:17.0915 3692 usbccgp - ok
14:45:17.0922 3692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:45:17.0925 3692 usbcir - ok
14:45:17.0937 3692 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:45:17.0937 3692 usbehci - ok
14:45:17.0985 3692 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
14:45:17.0990 3692 usbhub - ok
14:45:18.0025 3692 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:45:18.0025 3692 usbohci - ok
14:45:18.0060 3692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:45:18.0060 3692 usbprint - ok
14:45:18.0105 3692 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:45:18.0105 3692 usbscan - ok
14:45:18.0117 3692 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:45:18.0117 3692 USBSTOR - ok
14:45:18.0132 3692 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:45:18.0135 3692 usbuhci - ok
14:45:18.0190 3692 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:45:18.0192 3692 usbvideo - ok
14:45:18.0207 3692 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:45:18.0210 3692 UxSms - ok
14:45:18.0247 3692 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:45:18.0250 3692 VaultSvc - ok
14:45:18.0260 3692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:45:18.0260 3692 vdrvroot - ok
14:45:18.0292 3692 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:45:18.0300 3692 vds - ok
14:45:18.0322 3692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:45:18.0322 3692 vga - ok
14:45:18.0335 3692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:45:18.0337 3692 VgaSave - ok
14:45:18.0352 3692 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:45:18.0355 3692 vhdmp - ok
14:45:18.0360 3692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:45:18.0362 3692 viaide - ok
14:45:18.0395 3692 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:45:18.0395 3692 volmgr - ok
14:45:18.0415 3692 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:45:18.0417 3692 volmgrx - ok
14:45:18.0430 3692 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:45:18.0432 3692 volsnap - ok
14:45:18.0467 3692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:45:18.0470 3692 vsmraid - ok
14:45:18.0515 3692 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:45:18.0540 3692 VSS - ok
14:45:18.0592 3692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:45:18.0592 3692 vwifibus - ok
14:45:18.0632 3692 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:45:18.0637 3692 W32Time - ok
14:45:18.0657 3692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:45:18.0657 3692 WacomPen - ok
14:45:18.0700 3692 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:18.0700 3692 WANARP - ok
14:45:18.0705 3692 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:45:18.0705 3692 Wanarpv6 - ok
14:45:18.0810 3692 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:45:18.0830 3692 WatAdminSvc - ok
14:45:18.0882 3692 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:45:18.0905 3692 wbengine - ok
14:45:18.0955 3692 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:45:18.0957 3692 WbioSrvc - ok
14:45:18.0975 3692 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:45:18.0982 3692 wcncsvc - ok
14:45:18.0995 3692 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:45:18.0997 3692 WcsPlugInService - ok
14:45:19.0012 3692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:45:19.0012 3692 Wd - ok
14:45:19.0032 3692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:45:19.0037 3692 Wdf01000 - ok
14:45:19.0047 3692 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:19.0047 3692 WdiServiceHost - ok
14:45:19.0050 3692 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:45:19.0052 3692 WdiSystemHost - ok
14:45:19.0067 3692 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:45:19.0072 3692 WebClient - ok
14:45:19.0090 3692 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:45:19.0092 3692 Wecsvc - ok
14:45:19.0107 3692 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:45:19.0107 3692 wercplsupport - ok
14:45:19.0140 3692 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:45:19.0142 3692 WerSvc - ok
14:45:19.0177 3692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:19.0177 3692 WfpLwf - ok
14:45:19.0230 3692 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:45:19.0232 3692 WimFltr - ok
14:45:19.0242 3692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:45:19.0245 3692 WIMMount - ok
14:45:19.0272 3692 WinDefend - ok
14:45:19.0277 3692 WinHttpAutoProxySvc - ok
14:45:19.0330 3692 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:45:19.0332 3692 Winmgmt - ok
14:45:19.0385 3692 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:45:19.0422 3692 WinRM - ok
14:45:19.0542 3692 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:45:19.0555 3692 Wlansvc - ok
14:45:19.0597 3692 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:45:19.0597 3692 wlcrasvc - ok
14:45:19.0682 3692 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:45:19.0690 3692 wlidsvc - ok
14:45:19.0727 3692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:45:19.0730 3692 WmiAcpi - ok
14:45:19.0765 3692 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:19.0767 3692 wmiApSrv - ok
14:45:19.0772 3692 WMPNetworkSvc - ok
14:45:19.0777 3692 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:45:19.0780 3692 WPCSvc - ok
14:45:19.0795 3692 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:45:19.0797 3692 WPDBusEnum - ok
14:45:19.0807 3692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:19.0807 3692 ws2ifsl - ok
14:45:19.0822 3692 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:45:19.0825 3692 wscsvc - ok
14:45:19.0827 3692 WSearch - ok
14:45:19.0890 3692 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:45:19.0922 3692 wuauserv - ok
14:45:19.0977 3692 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:45:19.0980 3692 WudfPf - ok
14:45:20.0002 3692 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:20.0007 3692 WUDFRd - ok
14:45:20.0015 3692 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:45:20.0017 3692 wudfsvc - ok
14:45:20.0040 3692 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:45:20.0042 3692 WwanSvc - ok
14:45:20.0055 3692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:45:20.0387 3692 \Device\Harddisk0\DR0 - ok
14:45:20.0392 3692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:45:22.0280 3692 \Device\Harddisk1\DR1 - ok
14:45:22.0295 3692 Boot (0x1200) (08512158313613e3df39a08349e8b6dc) \Device\Harddisk0\DR0\Partition0
14:45:22.0298 3692 \Device\Harddisk0\DR0\Partition0 - ok
14:45:22.0308 3692 Boot (0x1200) (ff855fd68568cc580e6572a32fc3fbb6) \Device\Harddisk0\DR0\Partition1
14:45:22.0310 3692 \Device\Harddisk0\DR0\Partition1 - ok
14:45:22.0313 3692 Boot (0x1200) (8feb86f6c32c0d96e588b66f373a6034) \Device\Harddisk1\DR1\Partition0
14:45:22.0313 3692 \Device\Harddisk1\DR1\Partition0 - ok
14:45:22.0315 3692 ============================================================
14:45:22.0315 3692 Scan finished
14:45:22.0315 3692 ============================================================
14:45:22.0325 0216 Detected object count: 0
14:45:22.0325 0216 Actual detected object count: 0

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 04 June 2012 - 10:00 AM

how is the computer running now?

Are there any outstanding issues?

your Java is out of date, please do the following:

Go to Start > Control panel > add/remove programs > scroll down to your Java entries and remove them, then download the latest Java version 7 update 4 from the following link and install it:


http://java.com/en/download/index.jsp

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 04 June 2012 - 11:46 AM

yup the computer is running good now. updated java. can i now install programs?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:43 PM

Posted 04 June 2012 - 12:10 PM

Hi

Just some housekeeping to do now, you can install any program you wish now.

Please do the following:


You can delete the DDS, TDSSKiller and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users