Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with sirefef AB, AK, W, M, P. Please help


  • This topic is locked This topic is locked
20 replies to this topic

#1 trucane

trucane

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 08 June 2012 - 07:03 AM

So yesterday when I played a game I realized my performance was way worse than it should be. After restarting the game and the computer I noticed my MSE had a red icon and when I tried to access it I couldn't get it to start. At this point I was pretty much sure I had gotten some nasty virus and after redownloading MSE and getting it to run I would get notifications about different kinds of sirefef viruses every 4 minutes, MSE would quarantine it but since they came back every 4 minutes that was off little help.

I have tried to run MBAM, Spyhunter and Prevex and no one could even proberly detect all the problems. Hoping that you guys here can help me out with my problems, I would really appreciate it.

Using 64-bit so no GMER log.

Thanks in advance

DDS LOG:::

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Cane at 14:02:15 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8169.5861 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={8743987B-0A40-423D-BA0D-E6ECE34C4332}&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&lang=en&ds=gm011&pr=sa&d=2012-04-17 13:07:56&v=10.2.0.3&sap=hp
uInternet Settings,ProxyServer = 211.110.204.36:80
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 81.26.228.3 81.26.227.3
TCP: Interfaces\{AD19E26E-4FD4-457B-8362-1744C4E5AF1C} : DhcpNameServer = 81.26.228.3 81.26.227.3
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.info # misleading site
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cane\AppData\Roaming\Mozilla\Firefox\Profiles\s7il9wij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Babebe3fc-0e41-4ccb-9507-70d01278e3e2%7D&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&ds=gm011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-17%2013%3A07%3A56&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Cane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-28 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-5-20 30592]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-6-7 6746280]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-7 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-1-16 2348352]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 icsfldlu;icsfldlu;\??\C:\Windows\system32\drivers\icsfldlu.sys --> C:\Windows\system32\drivers\icsfldlu.sys [?]
S1 khmhlgzq;khmhlgzq;\??\C:\Windows\system32\drivers\khmhlgzq.sys --> C:\Windows\system32\drivers\khmhlgzq.sys [?]
S1 olvoolvr;olvoolvr;\??\C:\Windows\system32\drivers\olvoolvr.sys --> C:\Windows\system32\drivers\olvoolvr.sys [?]
S1 tnidjeuo;tnidjeuo;\??\C:\Windows\system32\drivers\tnidjeuo.sys --> C:\Windows\system32\drivers\tnidjeuo.sys [?]
S1 ygvupxqt;ygvupxqt;\??\C:\Windows\system32\drivers\ygvupxqt.sys --> C:\Windows\system32\drivers\ygvupxqt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown akxvtcau;akxvtcau; [x]
SUnknown euvqcipt;euvqcipt; [x]
SUnknown wbaetmhn;wbaetmhn; [x]
SUnknown wiiorrrj;wiiorrrj; [x]
.
=============== Created Last 30 ================
.
2012-06-08 12:01:14 50000 ----a-w- C:\Windows\System32\drivers\ygvupxqt.sys
2012-06-08 11:50:07 50000 ----a-w- C:\Windows\System32\drivers\tnidjeuo.sys
2012-06-08 11:19:07 50000 ----a-w- C:\Windows\System32\drivers\icsfldlu.sys
2012-06-08 11:15:53 50000 ----a-w- C:\Windows\System32\drivers\khmhlgzq.sys
2012-06-08 11:15:38 -------- d-----w- C:\Users\Cane\AppData\Local\{0DA73F0B-FEF6-4309-896B-46BAC344BEFF}
2012-06-08 11:15:30 -------- d-----w- C:\Users\Cane\AppData\Local\{4FE3CAD3-41AA-4246-B9AA-628F1854A378}
2012-06-08 11:15:24 50000 ----a-w- C:\Windows\System32\drivers\olvoolvr.sys
2012-06-08 11:14:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F223387-2706-4196-B592-285A3D2E2A23}\offreg.dll
2012-06-07 23:08:42 -------- d-----w- C:\Users\Cane\AppData\Roaming\Canneverbe Limited
2012-06-07 23:08:42 -------- d-----w- C:\ProgramData\Canneverbe Limited
2012-06-07 23:01:57 110080 ----a-r- C:\Users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-07 23:01:57 110080 ----a-r- C:\Users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-07 23:01:57 110080 ----a-r- C:\Users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-07 23:01:55 -------- d-----w- C:\sh4ldr
2012-06-07 23:01:55 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-07 23:01:08 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-07 22:55:42 -------- d-----w- C:\Users\Cane\AppData\Local\{7F99AC0B-BED7-4CEA-B0C1-01E1FF512EC0}
2012-06-07 22:55:24 -------- d-----w- C:\Users\Cane\AppData\Local\{8B76C08C-45EB-44CC-BB42-1E7F9253ABF6}
2012-06-07 22:42:00 150392 ----a-w- C:\Users\Cane\junction.exe
2012-06-07 22:00:21 50000 ----a-w- C:\Windows\System32\drivers\ynzbosnz.sys
2012-06-07 22:00:11 50000 ----a-w- C:\Windows\System32\drivers\ubgupnof.sys
2012-06-07 21:40:50 -------- d-----w- C:\Users\Cane\AppData\Roaming\Malwarebytes
2012-06-07 21:40:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-07 21:40:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-07 21:40:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:25:25 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-06-07 21:25:25 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2012-06-07 21:25:25 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-06-07 21:25:24 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2012-06-07 21:25:24 -------- d-----w- C:\Program Files\Prevx
2012-06-07 21:24:30 -------- d-----w- C:\ProgramData\PrevxCSI
2012-06-07 20:03:39 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84D30581-0329-4F01-A07B-B617C731EEB6}\gapaengine.dll
2012-06-07 20:03:36 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F223387-2706-4196-B592-285A3D2E2A23}\mpengine.dll
2012-06-07 20:03:08 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-07 20:03:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-07 19:50:22 -------- d-----w- C:\Windows\pss
2012-06-07 18:23:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-07 10:55:00 -------- d-----w- C:\Users\Cane\AppData\Local\{DC2F99DE-B236-47AC-BF4F-E69BAED84B30}
2012-06-07 10:54:41 -------- d-----w- C:\Users\Cane\AppData\Local\{C4925715-A11B-49E6-AA47-F72A8BB269EA}
2012-06-07 09:35:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 09:35:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 22:54:18 -------- d-----w- C:\Users\Cane\AppData\Local\{5083E246-71F3-478A-B4CB-42BD44A3A64E}
2012-06-06 10:53:51 -------- d-----w- C:\Users\Cane\AppData\Local\{E46C7B84-4D6C-4AA6-AF0D-C30366A01184}
2012-06-06 10:53:33 -------- d-----w- C:\Users\Cane\AppData\Local\{8229C705-FCB2-4E4B-ACF5-B097F346ADA4}
2012-06-05 22:53:11 -------- d-----w- C:\Users\Cane\AppData\Local\{206FB0E4-3FF9-427E-A364-75AE9202CAD8}
2012-06-05 10:52:43 -------- d-----w- C:\Users\Cane\AppData\Local\{42BF97C8-B476-4E90-A8C6-E8C215100DB5}
2012-06-05 10:52:25 -------- d-----w- C:\Users\Cane\AppData\Local\{3B257CE9-1C3C-4ADD-8ED9-8B0299DB790F}
2012-06-04 22:52:04 -------- d-----w- C:\Users\Cane\AppData\Local\{2B368F26-69B1-415C-8DFB-F36C764FC18C}
2012-06-04 10:51:37 -------- d-----w- C:\Users\Cane\AppData\Local\{A72333E6-6C8D-4A48-A130-9EF50F5DB83E}
2012-06-04 10:51:19 -------- d-----w- C:\Users\Cane\AppData\Local\{BD1F8E8D-E285-4225-8B0F-1E9B56E53DEE}
2012-06-03 22:50:54 -------- d-----w- C:\Users\Cane\AppData\Local\{858177BE-EF39-41CA-A08D-B2158F5524BA}
2012-06-03 18:19:56 -------- d-----w- C:\Users\Cane\AppData\Roaming\wargaming.net
2012-06-03 10:50:26 -------- d-----w- C:\Users\Cane\AppData\Local\{31F5988C-605F-4DAD-A0BC-8DB19A47CF3E}
2012-06-03 10:50:08 -------- d-----w- C:\Users\Cane\AppData\Local\{7DDC3341-0BD5-4B12-9459-C611127E9C0A}
2012-06-02 22:49:47 -------- d-----w- C:\Users\Cane\AppData\Local\{2AE5CA56-66C8-4CF8-8D6A-A0805A7BB773}
2012-06-02 17:42:49 -------- d-----w- C:\Users\Cane\AppData\Local\CrashRpt
2012-06-02 10:49:17 -------- d-----w- C:\Users\Cane\AppData\Local\{A8968740-FE93-40A0-9B75-3857C5D13D54}
2012-06-02 10:49:07 -------- d-----w- C:\Users\Cane\AppData\Local\{76247540-9F88-4A30-A169-F282A2CD627F}
2012-06-01 22:16:41 -------- d-----w- C:\Users\Cane\AppData\Local\{DCC031FE-26C6-4465-9485-D2F463EC95D5}
2012-06-01 10:16:14 -------- d-----w- C:\Users\Cane\AppData\Local\{B2968B64-924D-47DB-BD16-3BCFC7B0E566}
2012-06-01 10:15:56 -------- d-----w- C:\Users\Cane\AppData\Local\{38978A8B-D994-40A2-8CC3-0B283FC519E3}
2012-05-31 22:15:35 -------- d-----w- C:\Users\Cane\AppData\Local\{42E8F8CB-0C71-42F9-8A9B-32BA844C82B3}
2012-05-31 10:15:07 -------- d-----w- C:\Users\Cane\AppData\Local\{87B46CE7-8B06-44CF-9A5D-AA44F1E0251C}
2012-05-31 10:14:57 -------- d-----w- C:\Users\Cane\AppData\Local\{57943967-085B-410F-82C6-80E5F6AAA497}
2012-05-30 21:49:12 -------- d-----w- C:\Users\Cane\AppData\Local\{2E091C3C-8A27-4D8B-B1C3-BBE9696CDB48}
2012-05-30 09:48:45 -------- d-----w- C:\Users\Cane\AppData\Local\{4113F042-0F10-4891-8A71-DEF2AF1CBB37}
2012-05-30 09:48:27 -------- d-----w- C:\Users\Cane\AppData\Local\{A76CD64C-62A8-4FC5-9F73-8144F7BB83DA}
2012-05-29 21:48:06 -------- d-----w- C:\Users\Cane\AppData\Local\{32AEB51B-468F-4295-9938-2583B3932FDB}
2012-05-29 09:47:38 -------- d-----w- C:\Users\Cane\AppData\Local\{06BBAC50-5D2C-48DE-B5FA-6C1920EC7915}
2012-05-29 09:47:21 -------- d-----w- C:\Users\Cane\AppData\Local\{4B858875-DBB2-4914-8661-714940E5D80D}
2012-05-28 21:47:00 -------- d-----w- C:\Users\Cane\AppData\Local\{C8E79FFB-5FD3-4F97-A378-D6F9394B7DEE}
2012-05-28 15:09:37 -------- d-----w- C:\Program Files (x86)\Capsule
2012-05-28 09:46:32 -------- d-----w- C:\Users\Cane\AppData\Local\{7D806D56-EBD9-45ED-9B68-1E8B39D0299A}
2012-05-28 09:46:13 -------- d-----w- C:\Users\Cane\AppData\Local\{4E5DFADA-67B7-4771-8671-3D5F0B7F1851}
2012-05-27 21:45:49 -------- d-----w- C:\Users\Cane\AppData\Local\{09343DA1-646A-497B-BFC2-7FAA78B5C388}
2012-05-27 09:45:20 -------- d-----w- C:\Users\Cane\AppData\Local\{27C4490E-4B8F-4452-994F-1128AE428451}
2012-05-27 09:44:52 -------- d-----w- C:\Users\Cane\AppData\Local\{C91853E5-5B57-4889-BEB4-BA02D927EC2E}
2012-05-26 21:44:24 -------- d-----w- C:\Users\Cane\AppData\Local\{DF204CF4-597C-4A6A-A57B-F17DFCB8D1E2}
2012-05-26 09:43:55 -------- d-----w- C:\Users\Cane\AppData\Local\{18686D37-3A6B-4B78-9294-A2D781D2DF93}
2012-05-26 09:43:48 -------- d-----w- C:\Users\Cane\AppData\Local\{9DEE9F10-5B1E-490F-8F82-9A63B0429F2A}
2012-05-25 21:08:26 -------- d-----w- C:\Users\Cane\AppData\Local\{29CF2A80-FED4-4F1D-A34D-6D1A3CB3F685}
2012-05-25 09:07:58 -------- d-----w- C:\Users\Cane\AppData\Local\{049DA361-08D6-4655-9756-CA3FA9296443}
2012-05-25 09:07:51 -------- d-----w- C:\Users\Cane\AppData\Local\{811D6F9A-8882-4E82-BF8C-35E5CFF3DF32}
2012-05-24 15:03:24 -------- d-----w- C:\Users\Cane\AppData\Local\{3E5C633F-8C28-40E1-AF6E-DF0FBF716F37}
2012-05-24 15:03:05 -------- d-----w- C:\Users\Cane\AppData\Local\{4A606F2B-9013-41EE-8BB3-234927AF3B4D}
2012-05-23 18:45:13 -------- d-----w- C:\Users\Cane\AppData\Local\{5CF33ECC-86DF-4071-867E-6C4A96F3A369}
2012-05-23 06:44:45 -------- d-----w- C:\Users\Cane\AppData\Local\{85F259CB-8DF1-4E00-8234-5EDDADAA73C6}
2012-05-23 06:44:37 -------- d-----w- C:\Users\Cane\AppData\Local\{1EC64079-6A26-4D9E-812C-C4C5EF8C4525}
2012-05-22 18:27:26 -------- d-----w- C:\Users\Cane\AppData\Local\{171F0CC5-C298-4789-8E2E-115572B7E9A6}
2012-05-22 06:26:47 -------- d-----w- C:\Users\Cane\AppData\Local\{C937707E-C3F9-4946-877A-693A5FA551A8}
2012-05-22 06:26:37 -------- d-----w- C:\Users\Cane\AppData\Local\{92845162-104A-4590-9E7F-7663AEF51C57}
2012-05-21 12:39:02 -------- d-----w- C:\Users\Cane\AppData\Local\{CB7F0573-1C05-43FF-B153-4B0F26DB7D23}
2012-05-21 12:38:44 -------- d-----w- C:\Users\Cane\AppData\Local\{1CE29208-2A3A-4A5E-BC64-81EE2E31804D}
2012-05-21 00:38:22 -------- d-----w- C:\Users\Cane\AppData\Local\{136FCCDC-E9A9-4192-AAE9-0034B134633E}
2012-05-21 00:38:04 -------- d-----w- C:\Users\Cane\AppData\Local\{CA714966-27B3-4275-92C7-D3C529D93CE0}
2012-05-20 12:46:50 -------- d-----w- C:\Program Files\HWiNFO64
2012-05-20 12:37:42 -------- d-----w- C:\Users\Cane\AppData\Local\{46C67128-7679-46CF-8A29-49FE4793D1B2}
2012-05-20 12:37:24 -------- d-----w- C:\Users\Cane\AppData\Local\{D5CFBE3F-2D7F-4548-A09C-4B23C70690DD}
2012-05-20 12:32:52 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-05-20 00:36:46 -------- d-----w- C:\Users\Cane\AppData\Local\{D53D8E4E-E237-4EA4-A408-D01C3D764817}
2012-05-19 12:36:34 -------- d-----w- C:\Users\Cane\AppData\Local\{3FD8D4FC-47C8-4CB7-91EF-2BF1A6A7E869}
2012-05-19 00:24:24 -------- d-----w- C:\Users\Cane\AppData\Local\{C0CA6A19-1DFC-48DF-9B56-EEAD16EA2E1A}
2012-05-18 12:23:57 -------- d-----w- C:\Users\Cane\AppData\Local\{E3F84566-590A-4294-9CC8-296E5DA02E1E}
2012-05-18 12:23:39 -------- d-----w- C:\Users\Cane\AppData\Local\{C97D89B3-2880-4386-B324-77F632AD402B}
2012-05-18 00:23:18 -------- d-----w- C:\Users\Cane\AppData\Local\{B0E26E4F-6E4B-4565-93FD-FD6C88E2A764}
2012-05-17 12:22:51 -------- d-----w- C:\Users\Cane\AppData\Local\{704A56AF-20DC-4A27-9423-DD9AEF7DC8CD}
2012-05-17 12:22:33 -------- d-----w- C:\Users\Cane\AppData\Local\{911ACADC-5111-431A-B792-68F2C4E6378A}
2012-05-17 00:22:12 -------- d-----w- C:\Users\Cane\AppData\Local\{2D9BE71F-7781-4C60-9224-D58460F1C3DB}
2012-05-16 12:21:45 -------- d-----w- C:\Users\Cane\AppData\Local\{5136C457-BEBF-415E-974E-7C78005AD8EF}
2012-05-16 12:21:38 -------- d-----w- C:\Users\Cane\AppData\Local\{3CC113B3-F2A3-4C02-A59B-28DDBFC1BE4F}
2012-05-15 23:07:46 -------- d-----w- C:\Users\Cane\AppData\Local\{65A71687-50A7-4869-B269-62E2F569DCCF}
2012-05-15 21:55:59 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 11:07:18 -------- d-----w- C:\Users\Cane\AppData\Local\{E220DDF0-CF7B-4670-A6D0-8AFE11B14C47}
2012-05-15 11:07:00 -------- d-----w- C:\Users\Cane\AppData\Local\{392645D4-93D3-4302-A6BE-17DD00D0013E}
2012-05-14 23:06:39 -------- d-----w- C:\Users\Cane\AppData\Local\{EA3BD9C9-BDD2-4471-9669-42893F3F6D20}
2012-05-14 11:06:02 -------- d-----w- C:\Users\Cane\AppData\Local\{AA14F737-746F-4092-9CBD-E889E16D165B}
2012-05-14 11:05:52 -------- d-----w- C:\Users\Cane\AppData\Local\{4AA0F4F1-F361-4380-93BD-05A397BF0B1D}
2012-05-13 11:49:45 -------- d-----w- C:\Users\Cane\AppData\Local\{69CD9EF7-20DA-4E6F-BC80-2EC151709376}
2012-05-13 11:49:35 -------- d-----w- C:\Users\Cane\AppData\Local\{02A87680-3951-4A90-9371-BE0DE2864318}
2012-05-12 23:16:39 -------- d-----w- C:\Users\Cane\AppData\Local\{17F703A4-10FE-457C-A92E-9DB2E8F5301B}
2012-05-12 11:16:11 -------- d-----w- C:\Users\Cane\AppData\Local\{1367F639-0939-4F25-BDF2-63C92E0DD4BC}
2012-05-12 11:16:04 -------- d-----w- C:\Users\Cane\AppData\Local\{3888CE45-3114-4B4C-AA98-CBE50B6DC7EC}
2012-05-11 22:11:03 -------- d-----w- C:\Users\Cane\AppData\Local\{CC353AE7-6B65-461E-BFE2-81C87DB02933}
2012-05-11 10:10:36 -------- d-----w- C:\Users\Cane\AppData\Local\{998AE338-FDCD-406B-B1A0-A7F643A0AFED}
2012-05-11 10:10:18 -------- d-----w- C:\Users\Cane\AppData\Local\{546DD999-485B-427E-823A-A2836C99C90C}
2012-05-10 22:16:13 -------- d-----w- C:\Users\Cane\AppData\Roaming\Tropico 4
2012-05-10 22:15:13 -------- d-----w- C:\Users\Cane\AppData\Roaming\Kalypso Media
2012-05-10 22:09:56 -------- d-----w- C:\Users\Cane\AppData\Local\{E68F37E3-0C05-47BC-9C2B-EEB06A20ECD4}
2012-05-10 10:09:16 -------- d-----w- C:\Users\Cane\AppData\Local\{6A12D94D-F954-4FAF-82D6-BAA60E13EC0F}
2012-05-10 10:09:07 -------- d-----w- C:\Users\Cane\AppData\Local\{E235A797-10F5-4499-809C-136D17FD08E3}
2012-05-09 18:45:45 -------- d-----w- C:\Users\Cane\AppData\Local\{D5CA4244-9AA6-4D4C-900F-5026466C30CD}
2012-05-09 18:45:27 -------- d-----w- C:\Users\Cane\AppData\Local\{1AE29439-7F4F-47DD-9DC8-2A6B22ACC836}
.
==================== Find3M ====================
.
2012-06-02 17:47:37 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-02 17:47:37 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-02 17:42:59 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-04 18:10:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:10:17 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:10:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:06:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-09 20:34:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 00:18:57 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-03-22 00:18:56 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-03-22 00:18:56 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-03-22 00:18:56 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 14:02:25,91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 08 June 2012 - 08:21 PM

Hi,

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 05:56 AM

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 09-06-2012 12:50:25
Running from E:\
Windows 7 Home Premium (X64) OS Language: Swedish
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Cane\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Cane\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-09-09] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 81.26.228.3 81.26.227.3

==================== Services (Whitelisted) ======

2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2012-06-07] (Prevx)
2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-09] ()
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)

========================== Drivers (Whitelisted) =============

2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-09-09] (DT Soft Ltd)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
1 HWiNFO32; \??\C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
1 infclvgb; C:\Windows\System32\Drivers\infclvgb.sys [50000 2012-06-09] (Microsoft Corporation)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120408 2010-11-25] (JMicron Technology Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
1 mqoazmuo; C:\Windows\System32\Drivers\mqoazmuo.sys [50000 2012-06-09] (Microsoft Corporation)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [302120 2010-10-01] (Marvell Semiconductor, Inc.)
0 mvs91xx; C:\Windows\System32\Drivers\mvs91xx.sys [312624 2011-04-08] (Marvell Semiconductor, Inc.)
3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-06-07] (Prevx)
1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-06-07] (Prevx)
0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-06-07] (Prevx)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
0 speedfan; C:\Windows\SysWow64\speedfan.sys [29592 2011-03-18] (Almico Software)
1 sunaghxy; C:\Windows\System32\Drivers\sunaghxy.sys [50000 2012-06-09] (Microsoft Corporation)
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [40128 2011-06-07] (The OpenVPN Project)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
1 ueheqrnz; C:\Windows\System32\Drivers\ueheqrnz.sys [50000 2012-06-09] (Microsoft Corporation)
3 X6va005; \??\C:\Users\Cane\AppData\Local\Temp\0056C9D.tmp [x]

========================== Drivers MD5 =======================

C:\Windows\System32\Drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AcpiPmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AFD.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\Drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AmdK8.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AmdPPM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\Drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AppID.sys ==> MD5 is legit
C:\Windows\System32\Drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AsyncMac.sys ==> MD5 is legit
C:\Windows\System32\Drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\Drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\Drivers\bowser.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHMODEM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cdfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\Drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CNG.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\Drivers\Compbatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\cpuz135_x64.sys 262969A3FAB32B9E17E63E2D17A57744
C:\Windows\System32\Drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DfsC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 388039F99CE8769024EE0438352ACA99
C:\Windows\System32\Drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Disk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\Drivers\DXGKrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1c62x64.sys 426A0AE0B9F4F1CF4BA6FAF4EE28E5B0
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ErrDev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys DF96C3CD6AE15F6D0A6BCB70F9C1E88D
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FileInfo.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Filetrace.sys ==> MD5 is legit
C:\Windows\System32\Drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FltMgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\Drivers\fvevol.sys ==> MD5 is legit
C:\Windows\System32\Drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\Drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidBth.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidIr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidUsb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HTTP.sys ==> MD5 is legit
C:\Program Files\HWiNFO64\HWiNFO64A.SYS F78FF50C486D530504B7D2BB36B1ED22
C:\Windows\System32\Drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\System32\Drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\Drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\infclvgb.sys 37DE5C89D49D8842C29504A7377C8BDC
C:\Windows\System32\drivers\RTKVHD64.sys CB7DADEF3D83FE2C12655A0BDCBA99F2
C:\Windows\System32\Drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IPMIDRV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IPNAT.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IRENUM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\JRAID.sys 79A55E8907F34AB569029505418C35EF
C:\Windows\System32\Drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\KSecDD.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\KSecPkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\System32\Drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\lltdio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_FC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SCSI.sys ==> MD5 is legit
C:\Windows\System32\Drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys DBC08862A71459E74F7538B432C114CC
C:\Windows\System32\Drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\Drivers\Modem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\monitor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MpFilter.sys 94C66EDEDCDB6A126880472F9A704D8E
C:\Windows\System32\Drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mqoazmuo.sys 37DE5C89D49D8842C29504A7377C8BDC
C:\Windows\System32\Drivers\MRxDAV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\Drivers\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\Drivers\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\Drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Mup.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mv91xx.sys 4FAD606C7AEB336E5AA4A005DE09CA80
C:\Windows\System32\Drivers\mvs91xx.sys 2E6A752E8BB8FF39B5DFCCADD31F6C00
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDIS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NdisCap.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NdisTapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ndisuio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NdisWan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NetBIOS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NetBT.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 91B4E0273D2F6C24EF845F2B41311289
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nusb3hub.sys 9A33100AC62A0463C49E47EE8E77083A
C:\Windows\System32\Drivers\nusb3xhc.sys 87C321F7BEE646B7EC6EEDD6EB725741
C:\Windows\System32\drivers\nvhda64v.sys 8D4AAC74B571FC356560E5B308955E93
C:\Windows\System32\Drivers\nvlddmkm.sys 9C1996DD3C0469BC8933321F15709F5A
C:\Windows\System32\Drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\Drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\Drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Parport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\Drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PEAUTH.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pxkbf.sys BA5F7C107EACE67973B4B798832A74C7
C:\Windows\System32\Drivers\pxrts.sys 007E57428802F587D0D6737AE7A9D989
C:\Windows\System32\Drivers\pxscan.sys 66D4D00C8908888A68B749D91F1E6789
C:\Windows\System32\Drivers\ql2300.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\QWAVEdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasAcd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasPppoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasSstp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\rdbss.sys ==> MD5 is legit
C:\Windows\System32\Drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPENCDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPREFMP.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492
C:\Windows\System32\Drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\rspndr.sys ==> MD5 is legit
C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 2E887E52E45BBA3C47CCD0E75FC5266F
C:\Windows\System32\DRIVERS\Rtlh64.sys 8B94A28FF36E0586117AC6B7C59F806A
C:\Windows\System32\Drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serenum.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539
C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703
C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E
C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B
C:\Windows\System32\Drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SiSRaid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Smb.sys ==> MD5 is legit
C:\Windows\SysWow64\speedfan.sys 12583AF6CBE0050651EAF2723B3AD7B3
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\Drivers\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\Drivers\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\Drivers\ssudmdm.sys 78CD64791F8634CF7B582FD085E57C4B
C:\Windows\System32\Drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sunaghxy.sys 37DE5C89D49D8842C29504A7377C8BDC
C:\Windows\System32\Drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\Drivers\tap0901.sys E965FC7627862779BA31A4FCB7D0C1EF
C:\Windows\System32\Drivers\tapoas.sys 927D0CDB3F96EFC1E98FB1A2C9FB67AD
C:\Windows\System32\Drivers\Tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\Drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TDPIPE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TDTCP.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\Drivers\tdx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TermDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TsUsbFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\Drivers\tunnel.sys ==> MD5 is legit
C:\Windows\System32\Drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\Drivers\udfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ueheqrnz.sys 37DE5C89D49D8842C29504A7377C8BDC
C:\Windows\System32\Drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\UmPass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\Drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\Drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\Drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\Drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\Drivers\USBSTOR.sys FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\Drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WacomPen.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WANARP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Wd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WfpLwf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WIMMount.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\WIMMount.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\Drivers\WmiAcpi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 11:38 - 2012-06-09 11:38 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mqoazmuo.sys
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sunaghxy.sys
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\infclvgb.sys
2012-06-09 11:31 - 2012-06-09 11:31 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ueheqrnz.sys
2012-06-09 00:16 - 2012-06-09 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B313D6A-07CE-4C6F-809C-3FDA6800BA48}
2012-06-08 13:02 - 2012-06-08 13:02 - 00030218 ____A C:\Users\Cane\Desktop\DDS.txt
2012-06-08 12:50 - 2012-06-08 12:50 - 00007454 ____A C:\Users\Cane\Desktop\Attach.txt
2012-06-08 12:49 - 2012-06-08 12:49 - 00607260 ____R (Swearware) C:\Users\Cane\Desktop\dds.scr
2012-06-08 12:48 - 2012-06-08 12:48 - 00000470 ____A C:\Users\Cane\Desktop\defogger_disable.log
2012-06-08 12:48 - 2012-06-08 12:48 - 00000168 ____A C:\Users\Cane\defogger_reenable
2012-06-08 12:43 - 2012-06-08 12:43 - 00050477 ____A C:\Users\Cane\Desktop\Defogger.exe
2012-06-08 12:31 - 2012-06-08 12:31 - 00002562 ____A C:\Windows\diagwrn.xml
2012-06-08 12:31 - 2012-06-08 12:31 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-08 12:15 - 2012-06-09 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{4FE3CAD3-41AA-4246-B9AA-628F1854A378}
2012-06-08 12:15 - 2012-06-08 12:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{0DA73F0B-FEF6-4309-896B-46BAC344BEFF}
2012-06-08 00:08 - 2012-06-08 00:08 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Canneverbe Limited
2012-06-08 00:08 - 2012-06-08 00:08 - 00000000 ____D C:\Users\All Users\Canneverbe Limited
2012-06-08 00:06 - 2012-06-08 00:06 - 00001895 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
2012-06-08 00:06 - 2012-06-08 00:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2012-06-08 00:01 - 2012-06-08 00:02 - 00000000 ____D C:\sh4ldr
2012-06-08 00:01 - 2012-06-08 00:01 - 00002256 ____A C:\Users\Cane\Desktop\SpyHunter.lnk
2012-06-08 00:01 - 2012-06-08 00:01 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-08 00:01 - 2012-06-08 00:01 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{8B76C08C-45EB-44CC-BB42-1E7F9253ABF6}
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{7F99AC0B-BED7-4CEA-B0C1-01E1FF512EC0}
2012-06-07 23:42 - 2012-06-07 23:47 - 00105888 ____A C:\Users\Cane\junctions.txt
2012-06-07 23:42 - 2010-09-07 14:39 - 00150392 ____A (Sysinternals - www.sysinternals.com) C:\Users\Cane\junction.exe
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ynzbosnz.sys
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ubgupnof.sys
2012-06-07 22:50 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Cane\Desktop\gmer.exe
2012-06-07 22:40 - 2012-06-07 23:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 22:40 - 2012-06-07 22:40 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-07 22:40 - 2012-06-07 22:40 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Malwarebytes
2012-06-07 22:40 - 2012-06-07 22:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 22:40 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
2012-06-07 22:25 - 2012-06-07 22:25 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00000000 ____D C:\Program Files\Prevx
2012-06-07 22:24 - 2012-06-07 23:31 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-06-07 21:03 - 2012-06-07 23:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 21:03 - 2012-06-07 23:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-07 20:50 - 2012-06-07 23:31 - 00000000 ____D C:\Windows\pss
2012-06-07 19:23 - 2012-06-07 23:31 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 19:19 - 2012-06-07 19:19 - 00000539 ____A C:\Users\Public\Desktop\Ys Origin.lnk
2012-06-07 19:15 - 2012-06-01 14:03 - 00000000 ____D C:\Users\Cane\Desktop\Ys.Origin.Update.1-RELOADED
2012-06-07 13:37 - 2012-06-07 13:37 - 00251856 ____A C:\Users\Cane\Desktop\1339060042763.jpg
2012-06-07 11:55 - 2012-06-07 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{DC2F99DE-B236-47AC-BF4F-E69BAED84B30}
2012-06-07 11:54 - 2012-06-07 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{C4925715-A11B-49E6-AA47-F72A8BB269EA}
2012-06-06 23:54 - 2012-06-06 23:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{5083E246-71F3-478A-B4CB-42BD44A3A64E}
2012-06-06 11:53 - 2012-06-06 23:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{8229C705-FCB2-4E4B-ACF5-B097F346ADA4}
2012-06-06 11:53 - 2012-06-06 11:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{E46C7B84-4D6C-4AA6-AF0D-C30366A01184}
2012-06-06 10:50 - 2012-06-06 10:50 - 00446185 ____A C:\Users\Cane\Desktop\20120605_115325.jpg
2012-06-05 23:53 - 2012-06-05 23:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{206FB0E4-3FF9-427E-A364-75AE9202CAD8}
2012-06-05 11:52 - 2012-06-05 23:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B257CE9-1C3C-4ADD-8ED9-8B0299DB790F}
2012-06-05 11:52 - 2012-06-05 11:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{42BF97C8-B476-4E90-A8C6-E8C215100DB5}
2012-06-04 23:52 - 2012-06-04 23:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{2B368F26-69B1-415C-8DFB-F36C764FC18C}
2012-06-04 11:51 - 2012-06-04 23:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD1F8E8D-E285-4225-8B0F-1E9B56E53DEE}
2012-06-04 11:51 - 2012-06-04 11:51 - 00000000 ____D C:\Users\Cane\AppData\Local\{A72333E6-6C8D-4A48-A130-9EF50F5DB83E}
2012-06-04 08:56 - 2012-06-04 08:56 - 00001080 ____A C:\Users\Cane\Desktop\WOTLauncher.lnk
2012-06-03 23:50 - 2012-06-03 23:51 - 00000000 ____D C:\Users\Cane\AppData\Local\{858177BE-EF39-41CA-A08D-B2158F5524BA}
2012-06-03 19:19 - 2012-06-03 19:30 - 00000000 ____D C:\Users\Cane\AppData\Roaming\wargaming.net
2012-06-03 11:50 - 2012-06-03 23:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{7DDC3341-0BD5-4B12-9459-C611127E9C0A}
2012-06-03 11:50 - 2012-06-03 11:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{31F5988C-605F-4DAD-A0BC-8DB19A47CF3E}
2012-06-02 23:49 - 2012-06-02 23:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2AE5CA56-66C8-4CF8-8D6A-A0805A7BB773}
2012-06-02 18:42 - 2012-06-02 18:42 - 00000000 ____D C:\Users\Cane\AppData\Local\CrashRpt
2012-06-02 11:49 - 2012-06-02 23:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{76247540-9F88-4A30-A169-F282A2CD627F}
2012-06-02 11:49 - 2012-06-02 11:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{A8968740-FE93-40A0-9B75-3857C5D13D54}
2012-06-01 23:16 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{DCC031FE-26C6-4465-9485-D2F463EC95D5}
2012-06-01 11:16 - 2012-06-01 11:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{B2968B64-924D-47DB-BD16-3BCFC7B0E566}
2012-06-01 11:15 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{38978A8B-D994-40A2-8CC3-0B283FC519E3}
2012-05-31 23:15 - 2012-05-31 23:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{42E8F8CB-0C71-42F9-8A9B-32BA844C82B3}
2012-05-31 11:15 - 2012-05-31 11:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{87B46CE7-8B06-44CF-9A5D-AA44F1E0251C}
2012-05-31 11:14 - 2012-05-31 23:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{57943967-085B-410F-82C6-80E5F6AAA497}
2012-05-30 22:49 - 2012-05-30 22:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2E091C3C-8A27-4D8B-B1C3-BBE9696CDB48}
2012-05-30 10:48 - 2012-05-30 22:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{A76CD64C-62A8-4FC5-9F73-8144F7BB83DA}
2012-05-30 10:48 - 2012-05-30 10:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{4113F042-0F10-4891-8A71-DEF2AF1CBB37}
2012-05-29 22:48 - 2012-05-29 22:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{32AEB51B-468F-4295-9938-2583B3932FDB}
2012-05-29 10:47 - 2012-05-29 22:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{4B858875-DBB2-4914-8661-714940E5D80D}
2012-05-29 10:47 - 2012-05-29 10:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{06BBAC50-5D2C-48DE-B5FA-6C1920EC7915}
2012-05-28 22:47 - 2012-05-28 22:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{C8E79FFB-5FD3-4F97-A378-D6F9394B7DEE}
2012-05-28 16:09 - 2012-05-28 16:09 - 00000000 ____D C:\Program Files (x86)\Capsule
2012-05-28 10:46 - 2012-05-28 22:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{4E5DFADA-67B7-4771-8671-3D5F0B7F1851}
2012-05-28 10:46 - 2012-05-28 10:46 - 00000000 ____D C:\Users\Cane\AppData\Local\{7D806D56-EBD9-45ED-9B68-1E8B39D0299A}
2012-05-27 22:45 - 2012-05-27 22:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{09343DA1-646A-497B-BFC2-7FAA78B5C388}
2012-05-27 10:45 - 2012-05-27 10:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{27C4490E-4B8F-4452-994F-1128AE428451}
2012-05-27 10:44 - 2012-05-27 22:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{C91853E5-5B57-4889-BEB4-BA02D927EC2E}
2012-05-26 22:44 - 2012-05-26 22:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{DF204CF4-597C-4A6A-A57B-F17DFCB8D1E2}
2012-05-26 10:43 - 2012-05-26 22:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{9DEE9F10-5B1E-490F-8F82-9A63B0429F2A}
2012-05-26 10:43 - 2012-05-26 10:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{18686D37-3A6B-4B78-9294-A2D781D2DF93}
2012-05-25 22:08 - 2012-05-25 22:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{29CF2A80-FED4-4F1D-A34D-6D1A3CB3F685}
2012-05-25 15:45 - 2012-06-01 18:08 - 00000036 ____A C:\Users\Cane\Desktop\Vikt.txt
2012-05-25 10:07 - 2012-05-25 22:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{811D6F9A-8882-4E82-BF8C-35E5CFF3DF32}
2012-05-25 10:07 - 2012-05-25 10:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{049DA361-08D6-4655-9756-CA3FA9296443}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{4A606F2B-9013-41EE-8BB3-234927AF3B4D}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{3E5C633F-8C28-40E1-AF6E-DF0FBF716F37}
2012-05-23 19:45 - 2012-05-23 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{5CF33ECC-86DF-4071-867E-6C4A96F3A369}
2012-05-23 17:51 - 2012-05-23 22:07 - 00000220 ____A C:\Users\Cane\Desktop\Entropia costs.txt
2012-05-23 07:44 - 2012-05-23 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{1EC64079-6A26-4D9E-812C-C4C5EF8C4525}
2012-05-23 07:44 - 2012-05-23 07:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{85F259CB-8DF1-4E00-8234-5EDDADAA73C6}
2012-05-22 19:27 - 2012-05-22 19:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{171F0CC5-C298-4789-8E2E-115572B7E9A6}
2012-05-22 18:29 - 2012-05-22 18:29 - 00002238 ____A C:\Users\Public\Desktop\Evil Genius.lnk
2012-05-22 07:26 - 2012-05-22 19:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{92845162-104A-4590-9E7F-7663AEF51C57}
2012-05-22 07:26 - 2012-05-22 07:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{C937707E-C3F9-4946-877A-693A5FA551A8}
2012-05-22 00:33 - 2012-05-22 00:33 - 00000503 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-21 13:39 - 2012-05-21 13:39 - 00000000 ____D C:\Users\Cane\AppData\Local\{CB7F0573-1C05-43FF-B153-4B0F26DB7D23}
2012-05-21 13:38 - 2012-05-21 13:39 - 00000000 ____D C:\Users\Cane\AppData\Local\{1CE29208-2A3A-4A5E-BC64-81EE2E31804D}
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{CA714966-27B3-4275-92C7-D3C529D93CE0}
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{136FCCDC-E9A9-4192-AAE9-0034B134633E}
2012-05-20 14:42 - 2012-05-20 18:36 - 00003217 ____A C:\Users\Cane\Desktop\Intervju Smorft - Färdigställd.txt
2012-05-20 13:46 - 2012-05-20 13:46 - 00000000 ____D C:\Program Files\HWiNFO64
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{D5CFBE3F-2D7F-4548-A09C-4B23C70690DD}
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{46C67128-7679-46CF-8A29-49FE4793D1B2}
2012-05-20 13:32 - 2012-05-20 13:42 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-05-20 13:32 - 2012-05-20 13:32 - 00000971 ____A C:\Users\UpdatusUser\Desktop\SpeedFan.lnk
2012-05-20 13:32 - 2012-05-20 13:32 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-05-20 02:01 - 2012-05-20 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 02:01 - 2012-05-20 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 01:36 - 2012-05-20 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{D53D8E4E-E237-4EA4-A408-D01C3D764817}
2012-05-19 13:36 - 2012-05-20 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{3FD8D4FC-47C8-4CB7-91EF-2BF1A6A7E869}
2012-05-19 01:24 - 2012-05-19 01:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{C0CA6A19-1DFC-48DF-9B56-EEAD16EA2E1A}
2012-05-18 13:23 - 2012-05-19 01:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{C97D89B3-2880-4386-B324-77F632AD402B}
2012-05-18 13:23 - 2012-05-18 13:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{E3F84566-590A-4294-9CC8-296E5DA02E1E}
2012-05-18 01:23 - 2012-05-18 01:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{B0E26E4F-6E4B-4565-93FD-FD6C88E2A764}
2012-05-17 13:22 - 2012-05-18 01:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{911ACADC-5111-431A-B792-68F2C4E6378A}
2012-05-17 13:22 - 2012-05-17 13:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{704A56AF-20DC-4A27-9423-DD9AEF7DC8CD}
2012-05-17 01:22 - 2012-05-17 01:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{2D9BE71F-7781-4C60-9224-D58460F1C3DB}
2012-05-16 13:21 - 2012-05-17 01:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{3CC113B3-F2A3-4C02-A59B-28DDBFC1BE4F}
2012-05-16 13:21 - 2012-05-16 13:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{5136C457-BEBF-415E-974E-7C78005AD8EF}
2012-05-16 00:07 - 2012-05-16 00:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{65A71687-50A7-4869-B269-62E2F569DCCF}
2012-05-15 22:55 - 2012-06-02 11:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-05-15 22:55 - 2012-05-15 23:06 - 00001153 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 15:49 - 2012-05-15 17:04 - 00014729 ____A C:\Users\Cane\Desktop\Personligt Brev.docx
2012-05-15 15:22 - 2012-05-15 17:05 - 00014075 ____A C:\Users\Cane\Desktop\CV.docx
2012-05-15 12:07 - 2012-05-16 00:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{392645D4-93D3-4302-A6BE-17DD00D0013E}
2012-05-15 12:07 - 2012-05-15 12:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{E220DDF0-CF7B-4670-A6D0-8AFE11B14C47}
2012-05-15 00:06 - 2012-05-15 00:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{EA3BD9C9-BDD2-4471-9669-42893F3F6D20}
2012-05-14 12:06 - 2012-05-14 12:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{AA14F737-746F-4092-9CBD-E889E16D165B}
2012-05-14 12:05 - 2012-05-15 00:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{4AA0F4F1-F361-4380-93BD-05A397BF0B1D}
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{69CD9EF7-20DA-4E6F-BC80-2EC151709376}
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{02A87680-3951-4A90-9371-BE0DE2864318}
2012-05-13 00:16 - 2012-05-13 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{17F703A4-10FE-457C-A92E-9DB2E8F5301B}
2012-05-12 12:21 - 2012-03-31 07:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 12:21 - 2012-03-31 05:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 12:21 - 2012-03-31 05:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 12:21 - 2012-03-31 04:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 12:21 - 2012-03-30 12:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 12:21 - 2012-03-17 08:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 12:21 - 2012-03-03 07:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 12:21 - 2012-03-03 06:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 12:16 - 2012-05-13 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3888CE45-3114-4B4C-AA98-CBE50B6DC7EC}
2012-05-12 12:16 - 2012-05-12 12:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{1367F639-0939-4F25-BDF2-63C92E0DD4BC}
2012-05-11 23:11 - 2012-05-11 23:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{CC353AE7-6B65-461E-BFE2-81C87DB02933}
2012-05-11 11:10 - 2012-05-11 23:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{546DD999-485B-427E-823A-A2836C99C90C}
2012-05-11 11:10 - 2012-05-11 11:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{998AE338-FDCD-406B-B1A0-A7F643A0AFED}
2012-05-10 23:16 - 2012-05-13 13:18 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Tropico 4
2012-05-10 23:15 - 2012-05-10 23:15 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Kalypso Media
2012-05-10 23:09 - 2012-05-10 23:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{E68F37E3-0C05-47BC-9C2B-EEB06A20ECD4}
2012-05-10 11:09 - 2012-05-10 23:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{E235A797-10F5-4499-809C-136D17FD08E3}
2012-05-10 11:09 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{6A12D94D-F954-4FAF-82D6-BAA60E13EC0F}


============ 3 Months Modified Files and Folders =============

2012-06-09 12:50 - 2012-06-09 12:48 - 00000000 ____D C:\FRST
2012-06-09 11:40 - 2011-09-07 09:02 - 01191838 ____A C:\Windows\WindowsUpdate.log
2012-06-09 11:38 - 2012-06-09 11:38 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mqoazmuo.sys
2012-06-09 11:37 - 2009-07-14 05:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 11:37 - 2009-07-14 05:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 11:36 - 2010-11-21 12:38 - 00676702 ____A C:\Windows\System32\perfh01D.dat
2012-06-09 11:36 - 2010-11-21 12:38 - 00146936 ____A C:\Windows\System32\perfc01D.dat
2012-06-09 11:36 - 2009-07-14 06:13 - 01607838 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sunaghxy.sys
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\infclvgb.sys
2012-06-09 11:33 - 2011-09-09 16:18 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-09 11:33 - 2009-07-14 05:51 - 00001753 ____A C:\Windows\setupact.log
2012-06-09 11:31 - 2012-06-09 11:31 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ueheqrnz.sys
2012-06-09 11:30 - 2011-09-07 09:01 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-09 11:30 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 04:10 - 2012-04-04 14:19 - 00000868 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 03:37 - 2011-09-09 22:43 - 00000000 ____D C:\Users\Cane\AppData\Roaming\uTorrent
2012-06-09 01:24 - 2011-09-09 16:24 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Mumble
2012-06-09 00:16 - 2012-06-09 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B313D6A-07CE-4C6F-809C-3FDA6800BA48}
2012-06-09 00:16 - 2012-06-08 12:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{4FE3CAD3-41AA-4246-B9AA-628F1854A378}
2012-06-09 00:16 - 2011-09-09 17:09 - 00000000 ____D C:\Users\Cane\AppData\Local\Windows Live
2012-06-08 13:02 - 2012-06-08 13:02 - 00030218 ____A C:\Users\Cane\Desktop\DDS.txt
2012-06-08 12:50 - 2012-06-08 12:50 - 00007454 ____A C:\Users\Cane\Desktop\Attach.txt
2012-06-08 12:49 - 2012-06-08 12:49 - 00607260 ____R (Swearware) C:\Users\Cane\Desktop\dds.scr
2012-06-08 12:48 - 2012-06-08 12:48 - 00000470 ____A C:\Users\Cane\Desktop\defogger_disable.log
2012-06-08 12:48 - 2012-06-08 12:48 - 00000168 ____A C:\Users\Cane\defogger_reenable
2012-06-08 12:48 - 2011-09-09 16:09 - 00000000 ____D C:\users\Cane
2012-06-08 12:43 - 2012-06-08 12:43 - 00050477 ____A C:\Users\Cane\Desktop\Defogger.exe
2012-06-08 12:31 - 2012-06-08 12:31 - 00002562 ____A C:\Windows\diagwrn.xml
2012-06-08 12:31 - 2012-06-08 12:31 - 00001908 ____A C:\Windows\diagerr.xml
2012-06-08 12:31 - 2009-07-14 05:51 - 00000000 ____A C:\Windows\setuperr.log
2012-06-08 12:15 - 2012-06-08 12:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{0DA73F0B-FEF6-4309-896B-46BAC344BEFF}
2012-06-08 12:14 - 2010-11-21 04:47 - 00267798 ____A C:\Windows\PFRO.log
2012-06-08 00:08 - 2012-06-08 00:08 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Canneverbe Limited
2012-06-08 00:08 - 2012-06-08 00:08 - 00000000 ____D C:\Users\All Users\Canneverbe Limited
2012-06-08 00:06 - 2012-06-08 00:06 - 00001895 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
2012-06-08 00:06 - 2012-06-08 00:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2012-06-08 00:02 - 2012-06-08 00:01 - 00000000 ____D C:\sh4ldr
2012-06-08 00:01 - 2012-06-08 00:01 - 00002256 ____A C:\Users\Cane\Desktop\SpyHunter.lnk
2012-06-08 00:01 - 2012-06-08 00:01 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-08 00:01 - 2012-06-08 00:01 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-08 00:01 - 2011-09-09 16:59 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{8B76C08C-45EB-44CC-BB42-1E7F9253ABF6}
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{7F99AC0B-BED7-4CEA-B0C1-01E1FF512EC0}
2012-06-07 23:47 - 2012-06-07 23:42 - 00105888 ____A C:\Users\Cane\junctions.txt
2012-06-07 23:31 - 2012-06-07 22:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 23:31 - 2012-06-07 22:24 - 00000000 ____D C:\Users\All Users\PrevxCSI
2012-06-07 23:31 - 2012-06-07 21:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-07 23:31 - 2012-06-07 21:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-07 23:31 - 2012-06-07 20:50 - 00000000 ____D C:\Windows\pss
2012-06-07 23:31 - 2012-06-07 19:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-07 23:31 - 2012-02-28 21:36 - 00000000 ____D C:\users\UpdatusUser
2012-06-07 23:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ynzbosnz.sys
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ubgupnof.sys
2012-06-07 22:53 - 2011-09-11 00:17 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-06-07 22:40 - 2012-06-07 22:40 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-07 22:40 - 2012-06-07 22:40 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Malwarebytes
2012-06-07 22:40 - 2012-06-07 22:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-07 22:25 - 2012-06-07 22:25 - 00065736 ____A (Prevx) C:\Windows\System32\Drivers\pxrts.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00062976 ____A (Prevx) C:\Windows\SysWOW64\PxSecure.dll
2012-06-07 22:25 - 2012-06-07 22:25 - 00036384 ____A (Prevx) C:\Windows\System32\Drivers\pxscan.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00024024 ____A (Prevx) C:\Windows\System32\Drivers\pxkbf.sys
2012-06-07 22:25 - 2012-06-07 22:25 - 00000000 ____D C:\Program Files\Prevx
2012-06-07 21:03 - 2011-09-12 19:32 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-07 21:03 - 2011-09-01 14:06 - 01626986 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-07 20:42 - 2012-05-03 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-07 19:19 - 2012-06-07 19:19 - 00000539 ____A C:\Users\Public\Desktop\Ys Origin.lnk
2012-06-07 19:18 - 2011-09-10 22:18 - 00000000 ____D C:\Games
2012-06-07 13:37 - 2012-06-07 13:37 - 00251856 ____A C:\Users\Cane\Desktop\1339060042763.jpg
2012-06-07 11:55 - 2012-06-07 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{DC2F99DE-B236-47AC-BF4F-E69BAED84B30}
2012-06-07 11:55 - 2012-06-07 11:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{C4925715-A11B-49E6-AA47-F72A8BB269EA}
2012-06-07 10:35 - 2011-09-09 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-06 23:54 - 2012-06-06 23:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{5083E246-71F3-478A-B4CB-42BD44A3A64E}
2012-06-06 23:54 - 2012-06-06 11:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{8229C705-FCB2-4E4B-ACF5-B097F346ADA4}
2012-06-06 16:36 - 2011-09-09 23:29 - 00000000 ____D C:\Users\Cane\AppData\Local\CrashDumps
2012-06-06 11:53 - 2012-06-06 11:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{E46C7B84-4D6C-4AA6-AF0D-C30366A01184}
2012-06-06 10:50 - 2012-06-06 10:50 - 00446185 ____A C:\Users\Cane\Desktop\20120605_115325.jpg
2012-06-05 23:53 - 2012-06-05 23:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{206FB0E4-3FF9-427E-A364-75AE9202CAD8}
2012-06-05 23:53 - 2012-06-05 11:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B257CE9-1C3C-4ADD-8ED9-8B0299DB790F}
2012-06-05 11:52 - 2012-06-05 11:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{42BF97C8-B476-4E90-A8C6-E8C215100DB5}
2012-06-04 23:52 - 2012-06-04 23:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{2B368F26-69B1-415C-8DFB-F36C764FC18C}
2012-06-04 23:52 - 2012-06-04 11:51 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD1F8E8D-E285-4225-8B0F-1E9B56E53DEE}
2012-06-04 11:51 - 2012-06-04 11:51 - 00000000 ____D C:\Users\Cane\AppData\Local\{A72333E6-6C8D-4A48-A130-9EF50F5DB83E}
2012-06-04 08:56 - 2012-06-04 08:56 - 00001080 ____A C:\Users\Cane\Desktop\WOTLauncher.lnk
2012-06-03 23:51 - 2012-06-03 23:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{858177BE-EF39-41CA-A08D-B2158F5524BA}
2012-06-03 23:50 - 2012-06-03 11:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{7DDC3341-0BD5-4B12-9459-C611127E9C0A}
2012-06-03 19:30 - 2012-06-03 19:19 - 00000000 ____D C:\Users\Cane\AppData\Roaming\wargaming.net
2012-06-03 19:19 - 2011-09-17 23:20 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-06-03 19:19 - 2011-09-17 23:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-03 11:50 - 2012-06-03 11:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{31F5988C-605F-4DAD-A0BC-8DB19A47CF3E}
2012-06-02 23:49 - 2012-06-02 23:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2AE5CA56-66C8-4CF8-8D6A-A0805A7BB773}
2012-06-02 23:49 - 2012-06-02 11:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{76247540-9F88-4A30-A169-F282A2CD627F}
2012-06-02 18:47 - 2011-09-09 19:03 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-02 18:47 - 2011-09-09 18:48 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-02 18:42 - 2012-06-02 18:42 - 00000000 ____D C:\Users\Cane\AppData\Local\CrashRpt
2012-06-02 18:42 - 2011-09-09 18:48 - 00280856 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-02 11:53 - 2012-05-15 22:55 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-02 11:49 - 2012-06-02 11:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{A8968740-FE93-40A0-9B75-3857C5D13D54}
2012-06-01 23:16 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{DCC031FE-26C6-4465-9485-D2F463EC95D5}
2012-06-01 23:16 - 2012-06-01 11:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{38978A8B-D994-40A2-8CC3-0B283FC519E3}
2012-06-01 18:08 - 2012-05-25 15:45 - 00000036 ____A C:\Users\Cane\Desktop\Vikt.txt
2012-06-01 14:03 - 2012-06-07 19:15 - 00000000 ____D C:\Users\Cane\Desktop\Ys.Origin.Update.1-RELOADED
2012-06-01 11:16 - 2012-06-01 11:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{B2968B64-924D-47DB-BD16-3BCFC7B0E566}
2012-05-31 23:15 - 2012-05-31 23:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{42E8F8CB-0C71-42F9-8A9B-32BA844C82B3}
2012-05-31 23:15 - 2012-05-31 11:14 - 00000000 ____D C:\Users\Cane\AppData\Local\{57943967-085B-410F-82C6-80E5F6AAA497}
2012-05-31 11:15 - 2012-05-31 11:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{87B46CE7-8B06-44CF-9A5D-AA44F1E0251C}
2012-05-30 22:49 - 2012-05-30 22:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2E091C3C-8A27-4D8B-B1C3-BBE9696CDB48}
2012-05-30 22:49 - 2012-05-30 10:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{A76CD64C-62A8-4FC5-9F73-8144F7BB83DA}
2012-05-30 10:48 - 2012-05-30 10:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{4113F042-0F10-4891-8A71-DEF2AF1CBB37}
2012-05-29 22:48 - 2012-05-29 22:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{32AEB51B-468F-4295-9938-2583B3932FDB}
2012-05-29 22:48 - 2012-05-29 10:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{4B858875-DBB2-4914-8661-714940E5D80D}
2012-05-29 21:01 - 2012-03-03 17:47 - 00001417 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
2012-05-29 21:01 - 2011-09-01 13:59 - 00716593 ____A C:\Windows\DirectX.log
2012-05-29 20:58 - 2011-09-26 14:36 - 00000000 ____D C:\Program Files (x86)\Origin
2012-05-29 10:47 - 2012-05-29 10:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{06BBAC50-5D2C-48DE-B5FA-6C1920EC7915}
2012-05-28 22:47 - 2012-05-28 22:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{C8E79FFB-5FD3-4F97-A378-D6F9394B7DEE}
2012-05-28 22:47 - 2012-05-28 10:46 - 00000000 ____D C:\Users\Cane\AppData\Local\{4E5DFADA-67B7-4771-8671-3D5F0B7F1851}
2012-05-28 16:09 - 2012-05-28 16:09 - 00000000 ____D C:\Program Files (x86)\Capsule
2012-05-28 10:46 - 2012-05-28 10:46 - 00000000 ____D C:\Users\Cane\AppData\Local\{7D806D56-EBD9-45ED-9B68-1E8B39D0299A}
2012-05-27 22:45 - 2012-05-27 22:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{09343DA1-646A-497B-BFC2-7FAA78B5C388}
2012-05-27 22:45 - 2012-05-27 10:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{C91853E5-5B57-4889-BEB4-BA02D927EC2E}
2012-05-27 10:45 - 2012-05-27 10:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{27C4490E-4B8F-4452-994F-1128AE428451}
2012-05-26 22:44 - 2012-05-26 22:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{DF204CF4-597C-4A6A-A57B-F17DFCB8D1E2}
2012-05-26 22:44 - 2012-05-26 10:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{9DEE9F10-5B1E-490F-8F82-9A63B0429F2A}
2012-05-26 10:44 - 2012-05-26 10:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{18686D37-3A6B-4B78-9294-A2D781D2DF93}
2012-05-25 22:08 - 2012-05-25 22:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{29CF2A80-FED4-4F1D-A34D-6D1A3CB3F685}
2012-05-25 22:08 - 2012-05-25 10:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{811D6F9A-8882-4E82-BF8C-35E5CFF3DF32}
2012-05-25 10:08 - 2012-05-25 10:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{049DA361-08D6-4655-9756-CA3FA9296443}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{4A606F2B-9013-41EE-8BB3-234927AF3B4D}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{3E5C633F-8C28-40E1-AF6E-DF0FBF716F37}
2012-05-23 23:07 - 2011-11-22 13:57 - 00000000 ____D C:\Users\Public\entropia universe
2012-05-23 22:07 - 2012-05-23 17:51 - 00000220 ____A C:\Users\Cane\Desktop\Entropia costs.txt
2012-05-23 20:45 - 2011-10-12 17:46 - 00000000 ____D C:\Users\Cane\AppData\Local\PMB Files
2012-05-23 20:45 - 2011-10-12 17:46 - 00000000 ____D C:\Users\All Users\PMB Files
2012-05-23 19:45 - 2012-05-23 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{5CF33ECC-86DF-4071-867E-6C4A96F3A369}
2012-05-23 19:45 - 2012-05-23 07:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{1EC64079-6A26-4D9E-812C-C4C5EF8C4525}
2012-05-23 17:03 - 2011-11-23 16:57 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-23 07:44 - 2012-05-23 07:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{85F259CB-8DF1-4E00-8234-5EDDADAA73C6}
2012-05-22 19:27 - 2012-05-22 19:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{171F0CC5-C298-4789-8E2E-115572B7E9A6}
2012-05-22 19:27 - 2012-05-22 07:26 - 00000000 ____D C:\Users\Cane\AppData\Local\{92845162-104A-4590-9E7F-7663AEF51C57}
2012-05-22 18:32 - 2011-09-09 16:10 - 00000000 ____D C:\Users\Cane\AppData\Local\VirtualStore
2012-05-22 18:29 - 2012-05-22 18:29 - 00002238 ____A C:\Users\Public\Desktop\Evil Genius.lnk
2012-05-22 18:27 - 2012-01-15 01:59 - 00000000 ____D C:\Program Files (x86)\GOG.com
2012-05-22 07:27 - 2012-05-22 07:26 - 00000000 ____D C:\Users\Cane\AppData\Local\{C937707E-C3F9-4946-877A-693A5FA551A8}
2012-05-22 00:33 - 2012-05-22 00:33 - 00000503 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-22 00:32 - 2011-09-09 22:43 - 00880496 ____A (BitTorrent, Inc.) C:\Users\Cane\Desktop\utorrent.exe
2012-05-21 13:39 - 2012-05-21 13:39 - 00000000 ____D C:\Users\Cane\AppData\Local\{CB7F0573-1C05-43FF-B153-4B0F26DB7D23}
2012-05-21 13:39 - 2012-05-21 13:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{1CE29208-2A3A-4A5E-BC64-81EE2E31804D}
2012-05-21 08:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-21 02:07 - 2011-09-13 13:15 - 00000000 ____D C:\Users\Cane\AppData\Roaming\SoftGrid Client
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{CA714966-27B3-4275-92C7-D3C529D93CE0}
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{136FCCDC-E9A9-4192-AAE9-0034B134633E}
2012-05-20 21:33 - 2011-11-22 13:57 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
2012-05-20 19:01 - 2011-09-09 16:23 - 00000000 ____D C:\Users\Cane\Documents\Mina mottagna filer
2012-05-20 18:36 - 2012-05-20 14:42 - 00003217 ____A C:\Users\Cane\Desktop\Intervju Smorft - Färdigställd.txt
2012-05-20 13:46 - 2012-05-20 13:46 - 00000000 ____D C:\Program Files\HWiNFO64
2012-05-20 13:42 - 2012-05-20 13:32 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{D5CFBE3F-2D7F-4548-A09C-4B23C70690DD}
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{46C67128-7679-46CF-8A29-49FE4793D1B2}
2012-05-20 13:32 - 2012-05-20 13:32 - 00000971 ____A C:\Users\UpdatusUser\Desktop\SpeedFan.lnk
2012-05-20 13:32 - 2012-05-20 13:32 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-05-20 02:01 - 2012-05-20 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-20 02:01 - 2012-05-20 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-20 01:36 - 2012-05-20 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{D53D8E4E-E237-4EA4-A408-D01C3D764817}
2012-05-20 01:36 - 2012-05-19 13:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{3FD8D4FC-47C8-4CB7-91EF-2BF1A6A7E869}
2012-05-19 01:24 - 2012-05-19 01:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{C0CA6A19-1DFC-48DF-9B56-EEAD16EA2E1A}
2012-05-19 01:24 - 2012-05-18 13:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{C97D89B3-2880-4386-B324-77F632AD402B}
2012-05-18 13:24 - 2012-05-18 13:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{E3F84566-590A-4294-9CC8-296E5DA02E1E}
2012-05-18 01:23 - 2012-05-18 01:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{B0E26E4F-6E4B-4565-93FD-FD6C88E2A764}
2012-05-18 01:23 - 2012-05-17 13:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{911ACADC-5111-431A-B792-68F2C4E6378A}
2012-05-17 13:22 - 2012-05-17 13:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{704A56AF-20DC-4A27-9423-DD9AEF7DC8CD}
2012-05-17 01:22 - 2012-05-17 01:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{2D9BE71F-7781-4C60-9224-D58460F1C3DB}
2012-05-17 01:22 - 2012-05-16 13:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{3CC113B3-F2A3-4C02-A59B-28DDBFC1BE4F}
2012-05-16 13:21 - 2012-05-16 13:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{5136C457-BEBF-415E-974E-7C78005AD8EF}
2012-05-16 00:07 - 2012-05-16 00:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{65A71687-50A7-4869-B269-62E2F569DCCF}
2012-05-16 00:07 - 2012-05-15 12:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{392645D4-93D3-4302-A6BE-17DD00D0013E}
2012-05-15 23:06 - 2012-05-15 22:55 - 00001153 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-15 17:05 - 2012-05-15 15:22 - 00014075 ____A C:\Users\Cane\Desktop\CV.docx
2012-05-15 17:04 - 2012-05-15 15:49 - 00014729 ____A C:\Users\Cane\Desktop\Personligt Brev.docx
2012-05-15 12:07 - 2012-05-15 12:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{E220DDF0-CF7B-4670-A6D0-8AFE11B14C47}
2012-05-15 00:06 - 2012-05-15 00:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{EA3BD9C9-BDD2-4471-9669-42893F3F6D20}
2012-05-15 00:06 - 2012-05-14 12:05 - 00000000 ____D C:\Users\Cane\AppData\Local\{4AA0F4F1-F361-4380-93BD-05A397BF0B1D}
2012-05-14 12:06 - 2012-05-14 12:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{AA14F737-746F-4092-9CBD-E889E16D165B}
2012-05-13 13:18 - 2012-05-10 23:16 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Tropico 4
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{69CD9EF7-20DA-4E6F-BC80-2EC151709376}
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{02A87680-3951-4A90-9371-BE0DE2864318}
2012-05-13 12:46 - 2009-07-14 05:45 - 00266592 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 02:06 - 2011-09-12 19:30 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 02:00 - 2010-11-21 12:49 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-13 00:40 - 2011-09-09 19:01 - 00000000 ____D C:\Users\Cane\Documents\My Games
2012-05-13 00:16 - 2012-05-13 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{17F703A4-10FE-457C-A92E-9DB2E8F5301B}
2012-05-13 00:16 - 2012-05-12 12:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3888CE45-3114-4B4C-AA98-CBE50B6DC7EC}
2012-05-12 12:16 - 2012-05-12 12:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{1367F639-0939-4F25-BDF2-63C92E0DD4BC}
2012-05-11 23:11 - 2012-05-11 23:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{CC353AE7-6B65-461E-BFE2-81C87DB02933}
2012-05-11 23:11 - 2012-05-11 11:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{546DD999-485B-427E-823A-A2836C99C90C}
2012-05-11 11:10 - 2012-05-11 11:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{998AE338-FDCD-406B-B1A0-A7F643A0AFED}
2012-05-10 23:15 - 2012-05-10 23:15 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Kalypso Media
2012-05-10 23:10 - 2012-05-10 23:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{E68F37E3-0C05-47BC-9C2B-EEB06A20ECD4}
2012-05-10 23:09 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{E235A797-10F5-4499-809C-136D17FD08E3}
2012-05-10 11:09 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{6A12D94D-F954-4FAF-82D6-BAA60E13EC0F}
2012-05-09 19:45 - 2012-05-09 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{D5CA4244-9AA6-4D4C-900F-5026466C30CD}
2012-05-09 19:45 - 2012-05-09 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{1AE29439-7F4F-47DD-9DC8-2A6B22ACC836}
2012-05-09 07:45 - 2012-05-09 07:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{8D311DC5-53FD-4D02-9540-E6ADEFE122D7}
2012-05-09 07:45 - 2012-05-09 07:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{2687A429-A3A9-4785-B384-71F1375959CC}
2012-05-08 20:53 - 2012-05-08 20:53 - 00000673 ____A C:\Users\Public\Desktop\Warlock - Master of the Arcane.lnk
2012-05-08 19:44 - 2012-05-08 19:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{CF99D440-41D7-4CA5-9E7D-9763DF665997}
2012-05-08 19:44 - 2012-05-08 07:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{B0C01FF9-B4BA-4B22-AEBF-C4FEF7451DF9}
2012-05-08 07:44 - 2012-05-08 07:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{21189218-02CA-4613-A30D-CB2AD54A38E8}
2012-05-08 00:20 - 2011-10-12 23:58 - 00000000 ____D C:\Users\Cane\Documents\Might & Magic Heroes VI
2012-05-07 19:43 - 2012-05-07 19:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{ED5326D5-52B5-40A5-A3A0-FF904EE57355}
2012-05-07 19:43 - 2012-05-07 07:42 - 00000000 ____D C:\Users\Cane\AppData\Local\{93CA9601-DB78-441E-AE1E-473E9198338F}
2012-05-07 18:53 - 2012-05-07 18:53 - 00000793 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-05-07 18:53 - 2012-05-07 18:53 - 00000000 ____D C:\Users\Cane\AppData\Local\Funcom
2012-05-07 18:53 - 2012-05-07 18:53 - 00000000 ____D C:\Users\All Users\media center programs
2012-05-07 09:50 - 2011-12-01 22:02 - 00000043 ____A C:\Users\Cane\Desktop\Steg.txt
2012-05-07 07:42 - 2012-05-07 07:42 - 00000000 ____D C:\Users\Cane\AppData\Local\{9268F753-5E95-4AA3-9EFF-5173EC123F84}
2012-05-06 14:01 - 2012-05-06 14:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{F1B78DB6-D818-4AC3-A7A2-2A4DEC5F3D25}
2012-05-06 14:01 - 2012-05-06 14:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{B6DCA559-7677-4541-94E7-0C5EAF189484}
2012-05-06 02:01 - 2012-05-06 02:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{5493EF7F-50E3-4309-A188-D45FBE9E2B85}
2012-05-06 02:01 - 2012-05-05 14:00 - 00000000 ____D C:\Users\Cane\AppData\Local\{68420B32-E8C5-4C7E-81CF-3E8C3655D5DE}
2012-05-05 14:00 - 2012-05-05 14:00 - 00000000 ____D C:\Users\Cane\AppData\Local\{D553815E-91CC-41F5-902C-F8B674BB4B0A}
2012-05-04 23:57 - 2012-05-04 23:57 - 00000000 ____D C:\Users\Cane\AppData\Local\{D5E4605E-5496-41C9-9B1F-074847A49736}
2012-05-04 23:57 - 2012-05-04 11:56 - 00000000 ____D C:\Users\Cane\AppData\Local\{2316E9A6-719A-40A4-9976-CE5F7786AF3A}
2012-05-04 19:10 - 2012-04-26 10:10 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 19:10 - 2012-04-04 14:19 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 19:10 - 2011-09-07 10:05 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 11:56 - 2012-05-04 11:56 - 00000000 ____D C:\Users\Cane\AppData\Local\{C796208D-5FD1-4440-B2D1-CF4AE6017F29}
2012-05-04 07:35 - 2012-05-04 07:34 - 00000000 ____D C:\Users\Cane\Desktop\Warband - Swadia Saves
2012-05-03 23:56 - 2012-05-03 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{163C59C6-1966-44BB-922C-B23D552DE1CC}
2012-05-03 23:55 - 2012-05-03 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{E02A3E14-09A8-47A4-AFFA-DDCD2F5B28AE}
2012-05-03 11:56 - 2012-05-03 11:56 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-03 11:55 - 2012-05-03 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD180FA7-641A-4C5C-90AF-8A1B54F70CC0}
2012-05-02 12:35 - 2012-05-02 12:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD6169BF-DDD9-40D2-A15E-92F6085A7938}
2012-05-02 12:35 - 2012-05-02 12:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{008C769A-36DB-416B-9BF6-824F962913C6}
2012-05-02 00:53 - 2011-09-09 16:17 - 00057560 ____A C:\Users\Cane\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-02 00:34 - 2012-05-02 00:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{798906D8-9DFD-472A-A53F-15ACF1FC5465}
2012-05-02 00:34 - 2012-05-02 00:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{4E90E7B6-CD2D-42D6-9D8B-E31CFB6A0CB0}
2012-05-02 00:05 - 2012-05-02 00:05 - 00000000 ____D C:\Users\Cane\AppData\Local\Cadenza
2012-05-01 15:02 - 2012-05-01 15:02 - 00726720 ____A C:\Windows\Minidump\050112-15709-01.dmp
2012-05-01 15:02 - 2012-05-01 15:02 - 00000000 ____D C:\Windows\Minidump
2012-05-01 12:34 - 2012-05-01 12:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{25FCCC2C-BD6C-4324-8C70-60588B325E6B}
2012-05-01 12:33 - 2012-05-01 12:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{57E49D68-25F8-4FAB-BFE4-8BBC33D04775}
2012-05-01 00:33 - 2012-05-01 00:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{91F95DE7-0772-4FA4-8B39-71BAA9DE2D49}
2012-05-01 00:33 - 2012-04-30 12:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{09199DC7-1EDD-4EE1-AC92-F883B44F73CF}
2012-04-30 12:33 - 2012-04-30 12:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{82BBBB99-E0BE-4BAB-A103-CDE92D84DD5C}
2012-04-29 23:01 - 2012-04-29 23:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{0F9C03D8-F440-4F8D-A7A5-9E5034751EF6}
2012-04-29 23:01 - 2012-04-29 11:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{70456FD8-0590-48CB-9969-C68191D19F87}
2012-04-29 11:01 - 2012-04-29 11:01 - 00000000 ____D C:\Users\Cane\AppData\Local\{1532AC00-D477-4507-B1E2-23FD4B689D92}
2012-04-28 12:32 - 2012-04-28 12:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{BB966727-A196-458E-899F-81DCBC58D559}
2012-04-28 12:32 - 2012-04-28 12:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{5001E970-9033-4D1F-953A-E80C206DD36E}
2012-04-28 00:32 - 2012-04-28 00:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{696F5ABE-1E91-4360-B951-565CDE885FEF}
2012-04-28 00:32 - 2012-04-27 12:31 - 00000000 ____D C:\Users\Cane\AppData\Local\{3DA380BB-C4D5-427A-8E80-04819321857E}
2012-04-27 23:24 - 2012-04-24 02:04 - 00000000 ____D C:\Users\Cane\Documents\Mount&Blade Warband Savegames
2012-04-27 12:31 - 2012-04-27 12:31 - 00000000 ____D C:\Users\Cane\AppData\Local\{CD7197B5-A77C-43BE-8820-D087F43A16BA}
2012-04-27 00:31 - 2012-04-27 00:30 - 00000000 ____D C:\Users\Cane\AppData\Local\{E6947E9C-43E5-4A95-BDDF-AF386507AB28}
2012-04-27 00:30 - 2012-04-26 12:30 - 00000000 ____D C:\Users\Cane\AppData\Local\{3A1C7861-1519-4F83-93EC-9030EECB2E3B}
2012-04-26 22:22 - 2012-04-26 20:08 - 00000698 ____A C:\Users\Cane\Desktop\Nyhetsbrev.txt
2012-04-26 12:30 - 2012-04-26 12:30 - 00000000 ____D C:\Users\Cane\AppData\Local\{C568E0B2-81A5-4CCC-8332-213AF198A35D}
2012-04-26 09:45 - 2009-07-14 06:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-26 00:29 - 2012-04-26 00:29 - 00000000 ____D C:\Users\Cane\AppData\Local\{78A9D679-1E58-4202-823B-EB4781F3A2A8}
2012-04-26 00:29 - 2012-04-25 12:29 - 00000000 ____D C:\Users\Cane\AppData\Local\{283EB130-3D70-43B5-8DA9-BADAF734E2DF}
2012-04-25 20:15 - 2012-04-25 20:10 - 00000000 ____D C:\Users\Cane\Documents\Mount&Blade With Fire and Sword
2012-04-25 20:14 - 2012-04-25 20:10 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Mount&Blade With Fire and Sword
2012-04-25 20:01 - 2012-04-24 02:01 - 00000000 ____D C:\Users\Cane\AppData\Roaming\Mount&Blade Warband
2012-04-25 12:29 - 2012-04-25 12:29 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD17408C-D4A4-4DD8-89D3-B0FF5C16FA61}
2012-04-25 00:28 - 2012-04-25 00:28 - 00000000 ____D C:\Users\Cane\AppData\Local\{9FBC5320-EBBA-4FD1-A88E-84DF3BF82167}
2012-04-25 00:28 - 2012-04-24 12:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B45246E-F460-4D80-9522-3291C3D23C1A}
2012-04-24 23:49 - 2012-04-24 23:49 - 00000000 ____D C:\Users\Cane\Documents\Telltale Games
2012-04-24 23:49 - 2012-04-24 23:49 - 00000000 ____D C:\Users\All Users\RELOADED
2012-04-24 23:45 - 2012-04-24 23:45 - 00000625 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-04-24 12:28 - 2012-04-24 12:28 - 00000000 ____D C:\Users\Cane\AppData\Local\{3F616AE0-9826-481B-BC5F-11E15097BF9E}
2012-04-24 02:11 - 2012-04-24 02:01 - 00000000 ____D C:\Users\Cane\Documents\Mount&Blade Warband
2012-04-24 00:27 - 2012-04-24 00:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{A521CFB6-4602-4E54-A08A-8557EC5BBB88}
2012-04-24 00:27 - 2012-04-23 12:26 - 00000000 ____D C:\Users\Cane\AppData\Local\{953128FD-EA43-4CA6-8CA4-56E2E36341D7}
2012-04-23 12:27 - 2012-04-23 12:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{6EB1ECF4-22D2-4881-A770-4351F8B5EB0C}
2012-04-23 00:26 - 2012-04-23 00:26 - 00000000 ____D C:\Users\Cane\AppData\Local\{70AD7BE8-9F4A-4B3C-A357-E3E5CAF8312D}
2012-04-23 00:26 - 2012-04-22 12:25 - 00000000 ____D C:\Users\Cane\AppData\Local\{E4C74B71-7C56-44B7-B38D-0D3C143BBA9A}
2012-04-22 12:25 - 2012-04-22 12:25 - 00000000 ____D C:\Users\Cane\AppData\Local\{E745711E-218D-433D-8D8A-B4F398F92376}
2012-04-22 00:25 - 2012-04-22 00:25 - 00000000 ____D C:\Users\Cane\AppData\Local\{069645ED-578B-4301-9215-80D98F2C351F}
2012-04-22 00:25 - 2012-04-21 12:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{5CC70B62-F053-473F-94C9-DEB0B428AE6C}
2012-04-21 12:24 - 2012-04-21 12:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{FC780288-35F6-4002-9D6D-86A5A354D463}
2012-04-20 23:32 - 2012-04-20 23:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{4278A2ED-179F-40DD-BBC9-DB288153D0F0}
2012-04-20 23:32 - 2012-04-20 11:31 - 00000000 ____D C:\Users\Cane\AppData\Local\{8A6EB8C1-E331-4C3E-8EEC-C5C88A7B6907}
2012-04-20 16:58 - 2012-03-21 19:39 - 00000000 ____D C:\Users\Cane\riotsGamesLogs
2012-04-20 13:14 - 2012-04-20 13:14 - 00000000 ____D C:\Users\Cane\Documents\Diablo III
2012-04-20 11:41 - 2012-04-20 11:41 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-20 11:31 - 2012-04-20 11:31 - 00000000 ____D C:\Users\Cane\AppData\Local\{E04C4BA4-E959-4657-90B1-63CDC546A909}
2012-04-19 23:55 - 2012-04-13 23:18 - 00000023 ____A C:\Windows\.conf
2012-04-19 22:53 - 2012-04-19 22:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{C16750B3-F8D8-4A42-BE76-175E72A5CBAA}
2012-04-19 22:53 - 2012-04-19 10:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{23053718-8E10-484D-A8B5-5C0AF0A2DFBD}
2012-04-19 16:42 - 2012-04-19 16:42 - 00000000 ____D C:\Users\Cane\AppData\Local\Futuremark
2012-04-19 10:53 - 2012-04-19 10:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{8BCA8A6E-4751-45C4-B0F5-07710C95049B}
2012-04-18 19:53 - 2012-04-18 19:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{95CEBEA9-AB8B-4DA2-A8D2-667B93C55FB3}
2012-04-18 19:53 - 2012-04-18 07:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{5F84A87E-F706-4EAA-9A37-B4A9E99A00BB}
2012-04-18 08:02 - 2011-09-09 16:10 - 00000000 ____D C:\Users\Cane\AppData\LocalLow
2012-04-18 07:52 - 2012-04-18 07:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{8DE91CAF-0296-4242-A96A-46732D6479CC}
2012-04-17 19:23 - 2012-04-17 19:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{5029AC7A-3782-4976-BF97-4B6D937D7F1B}
2012-04-17 19:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{98444423-3A42-48EB-A554-11C088ACDBFC}
2012-04-17 12:08 - 2011-09-10 10:11 - 00001119 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-04-17 07:23 - 2012-04-17 07:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{27A281B0-30DF-48D7-9A38-5912B36948BD}
2012-04-16 13:39 - 2012-04-16 13:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{FE19C275-0646-4846-9069-A4694FC1D965}
2012-04-16 13:38 - 2012-04-16 13:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{B2EA9AEF-D2B9-4457-81FB-3B414266F50A}
2012-04-16 00:59 - 2012-04-16 00:59 - 00000000 ____D C:\Users\Cane\AppData\Local\{F6621399-9142-470A-ABF5-3B3C0DE7FA45}
2012-04-16 00:59 - 2012-04-15 12:57 - 00000000 ____D C:\Users\Cane\AppData\Local\{DAC811F6-37E7-4EF4-B78F-368B48DDA88E}
2012-04-15 21:38 - 2012-02-28 21:17 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-04-15 17:59 - 2012-04-15 17:59 - 00002157 ____A C:\Users\Public\Desktop\Stonekeep.lnk
2012-04-15 13:06 - 2012-04-15 13:06 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-15 13:06 - 2012-04-15 13:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-15 13:06 - 2012-04-15 13:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-15 13:06 - 2012-04-15 13:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-04-15 13:06 - 2011-09-01 14:03 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-15 12:58 - 2012-04-15 12:58 - 00000000 ____D C:\Users\Cane\AppData\Local\{93632FAA-7399-4D56-9CC3-E3C72CA53541}
2012-04-14 21:57 - 2012-04-14 21:57 - 00000000 ____D C:\Users\Cane\AppData\Local\{A7FE949C-2CC6-4166-90D0-06C55090D448}
2012-04-14 21:57 - 2012-04-14 21:57 - 00000000 ____D C:\Users\Cane\AppData\Local\{638AA57B-CF45-44E6-99AD-47C78197F247}
2012-04-14 21:56 - 2012-04-14 21:56 - 00000000 ____D C:\Windows\sv
2012-04-14 21:53 - 2011-09-01 14:00 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-14 21:52 - 2011-09-01 14:00 - 00000000 ____D C:\Program Files\Windows Live
2012-04-14 11:54 - 2012-04-14 11:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{CDDF0570-B3B1-4AFE-813E-20A24C4417D3}
2012-04-14 11:54 - 2012-04-14 11:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{966687C1-7AFC-4F2B-ACB9-B486ED9E07BE}
2012-04-14 00:08 - 2012-04-14 00:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{616FAA17-4F4B-4FCB-BE39-F0450BE7D4C9}
2012-04-13 23:23 - 2012-04-13 23:22 - 00000000 ____D C:\GamesMaster of Orion 2
2012-04-13 23:23 - 2012-04-13 23:01 - 00001819 ____A C:\Users\Public\Desktop\Master of Orion 2.lnk
2012-04-13 23:01 - 2012-04-13 23:01 - 00002371 ____A C:\Users\Public\Desktop\Master of Orion.lnk
2012-04-13 11:16 - 2012-04-13 11:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{80F03703-7C95-49A8-B390-1D1512D789AE}
2012-04-12 19:03 - 2012-04-12 19:03 - 00000000 ____D C:\Users\Cane\AppData\Local\SplitMediaLabs
2012-04-12 19:03 - 2012-02-07 23:11 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-04-12 10:49 - 2012-04-12 10:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD95DCEC-97F4-4621-B1F0-79CBEF9B200B}
2012-04-11 19:28 - 2012-04-11 19:28 - 00000000 ____D C:\Users\Cane\Documents\Almost Human
2012-04-11 11:28 - 2012-04-11 11:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{C0AEDACD-D66E-4C42-A12E-38E186D64F8F}
2012-04-10 23:27 - 2012-04-10 11:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{FCCF6AE7-4BF2-43D9-A0F6-CC5F69B9A764}
2012-04-09 23:26 - 2012-04-09 11:26 - 00000000 ____D C:\Users\Cane\AppData\Local\{755538DD-5EED-4822-B17D-8D2ABB72CA4E}
2012-04-09 21:34 - 2011-09-09 18:48 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-09 11:45 - 2012-04-08 13:06 - 00000212 ____A C:\Users\Cane\AppData\Roaming\Lucid_player_profiles_data.dat
2012-04-09 11:45 - 2012-04-08 13:06 - 00000008 ____A C:\Users\Cane\AppData\Roaming\Lucid_player_highscore.dat
2012-04-08 22:23 - 2012-04-08 10:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{522E0486-1844-4C8A-8736-0BC155924067}
2012-04-07 14:39 - 2012-04-07 14:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{75072A24-95C7-4485-85A8-5DF77FBF57BA}
2012-04-07 02:38 - 2012-04-07 02:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{862973F6-BDF9-4166-BA9D-0A58E2B57643}
2012-04-06 14:38 - 2012-04-06 14:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{A3994935-0751-4BAF-AE3E-57ADA50843DC}
2012-04-06 02:37 - 2012-04-06 02:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{A9B6A989-9614-4438-9ADE-CAA1A4CE58AF}
2012-04-05 14:37 - 2012-04-05 14:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{32E95AF5-48C0-4108-BBD8-334BAD0FE208}
2012-04-05 02:36 - 2012-04-04 14:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{B4B871E5-A464-4873-B8BC-063D1C5B1A1C}
2012-04-04 14:56 - 2012-06-07 22:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 02:35 - 2012-04-03 14:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{AEA5E50E-B6FC-4D8B-AC18-9090C753FD52}
2012-04-03 00:10 - 2012-04-02 12:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{FDBC7229-9DC4-4E57-9A9B-A7B5DE31AFA5}
2012-04-01 22:48 - 2012-03-31 10:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{591B1967-6902-4FCC-A0D0-FACCF37306BA}
2012-04-01 19:44 - 2012-04-01 19:18 - 00001043 ____A C:\Users\Cane\Desktop\Intervju Smorfty.txt
2012-04-01 19:44 - 2012-03-11 19:25 - 00000114 ____A C:\Users\Cane\Desktop\Intervju Formulär.txt
2012-03-31 20:07 - 2012-03-31 20:07 - 00000000 ____D C:\Users\Cane\Documents\Spartan
2012-03-31 10:45 - 2011-09-29 13:20 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-03-31 07:05 - 2012-05-12 12:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:39 - 2012-05-12 12:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-12 12:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 04:10 - 2012-05-12 12:21 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-31 03:21 - 2012-02-03 15:22 - 00000000 ____D C:\Users\Cane\Documents\Xenonauts
2012-03-30 22:46 - 2012-03-30 10:46 - 00000000 ____D C:\Users\Cane\AppData\Local\{A4A588EC-5DDF-414C-9241-60E6170CC9F5}
2012-03-30 12:35 - 2012-05-12 12:21 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 22:14 - 2012-03-29 10:13 - 00000000 ____D C:\Users\Cane\AppData\Local\{C4B5041E-9F67-4701-8158-EB443C6C32FD}
2012-03-28 22:08 - 2012-03-28 22:08 - 00000683 ____A C:\Users\Cane\Desktop\LoneSurvivor.lnk
2012-03-28 22:08 - 2012-03-28 22:08 - 00000000 ____D C:\Users\Cane\AppData\Roaming\LS
2012-03-28 19:34 - 2012-03-28 19:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{79E8955E-AA04-4A6A-9C34-F4C2A4B2A629}
2012-03-28 19:34 - 2012-03-28 07:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{35F31CB2-FBDC-49A6-9FCA-10C18BEDE0C1}
2012-03-28 07:34 - 2012-03-28 07:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{E79A3943-C95A-4AE8-A8C0-935737C3841D}
2012-03-27 19:33 - 2012-03-27 19:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{EA465984-7263-4188-8384-A8FDE4F05DBC}
2012-03-27 19:33 - 2012-03-27 07:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{723060A3-5AA5-40B3-AF32-2D06E9CE3BD1}
2012-03-27 07:33 - 2012-03-27 07:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{9A11D634-7B88-4948-8052-0B2F05C96A10}
2012-03-26 17:45 - 2012-03-26 17:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{26D8CC1C-B44C-4AFD-A5D7-3C084D2D1065}
2012-03-26 17:45 - 2012-03-26 17:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{967869E1-C51E-4DD5-9979-3C1C25F8EFF4}
2012-03-25 14:47 - 2012-03-25 14:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{F930942D-74C8-44FE-AE57-B1966A747E1B}
2012-03-25 14:47 - 2012-03-25 14:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{26BDA658-60E7-4FCA-AE85-B3ECE2FB69BA}
2012-03-25 02:44 - 2012-03-25 02:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{D84F8831-4824-45D9-A61D-9CAD0EAC7DF0}
2012-03-25 02:44 - 2012-03-24 14:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{BE9F0088-FFE9-47FC-90B1-D67791A747F8}
2012-03-24 14:44 - 2012-03-24 14:43 - 00000000 ____D C:\Users\Cane\AppData\Local\{CB5AB9B5-318E-422B-AC94-11B03C184524}
2012-03-24 01:37 - 2012-03-24 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{F0BC136B-BF0C-4F87-B957-5C35B947783D}
2012-03-24 01:36 - 2012-03-23 13:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{380A0EAE-A49A-4387-A6D8-F77C57EB2B62}
2012-03-23 13:36 - 2012-03-23 13:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{F999D643-1DC5-484F-AFFE-7447EEA043D4}
2012-03-23 01:35 - 2012-03-23 01:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{79A6E3D3-C216-4803-873D-D40558EDE562}
2012-03-23 01:35 - 2012-03-22 13:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{CAE35E36-41B1-4EDD-974E-70506D3FB03A}
2012-03-22 13:35 - 2012-03-22 13:35 - 00000000 ____D C:\Users\Cane\AppData\Local\{E3AFAE9B-3054-40D4-AEC9-092F67A92051}
2012-03-22 01:34 - 2012-03-22 01:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{A96BEFDD-E179-4A37-9B4A-C3EF095249A7}
2012-03-22 01:34 - 2012-03-21 13:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{AD6887CD-675E-4AAE-B3AA-8CF950287693}
2012-03-22 01:23 - 2012-03-22 01:21 - 00000000 ____D C:\Users\Cane\AppData\Local\BoH
2012-03-22 01:18 - 2011-10-30 02:04 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-03-22 01:18 - 2011-10-30 02:04 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-03-22 01:18 - 2011-10-30 02:04 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-03-22 01:18 - 2011-10-30 02:04 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-03-21 13:34 - 2012-03-21 13:34 - 00000000 ____D C:\Users\Cane\AppData\Local\{1F9F510B-A990-4A4C-9594-80FDEC14141B}
2012-03-21 01:33 - 2012-03-21 01:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{EB3E78C2-C69D-46E9-AAD4-34EC4625ECB3}
2012-03-21 01:33 - 2012-03-20 13:32 - 00000000 ____D C:\Users\Cane\AppData\Local\{A5E81FDF-45A2-441C-98C0-625FAF96E1C0}
2012-03-20 19:44 - 2012-03-20 19:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 13:33 - 2012-03-20 13:33 - 00000000 ____D C:\Users\Cane\AppData\Local\{006B1012-0535-4CE8-BEAC-B8464AFBF7A5}
2012-03-20 01:21 - 2012-03-20 01:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{009F7AE9-6969-4899-8749-6B2D3420830A}
2012-03-20 01:21 - 2012-03-19 13:20 - 00000000 ____D C:\Users\Cane\AppData\Local\{F2258D34-E9DE-433D-A320-96D0CE4556DD}
2012-03-19 13:21 - 2012-03-19 13:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{2BD71833-5B51-47B8-9AC0-6C931F2FCC03}
2012-03-19 01:20 - 2012-03-19 01:20 - 00000000 ____D C:\Users\Cane\AppData\Local\{D2646946-9885-4EEB-ADA8-FDFC0FDDD6F4}
2012-03-19 01:20 - 2012-03-18 13:19 - 00000000 ____D C:\Users\Cane\AppData\Local\{0875156A-83C4-40C6-B3F6-263AACC529C9}
2012-03-18 13:20 - 2012-03-18 13:19 - 00000000 ____D C:\Users\Cane\AppData\Local\{68CCE2FD-5CCC-49E6-B0E6-89D722BACF25}
2012-03-18 01:19 - 2012-03-18 01:19 - 00000000 ____D C:\Users\Cane\AppData\Local\{A7614956-F757-4B50-B30D-1816B6334063}
2012-03-18 01:19 - 2012-03-17 13:18 - 00000000 ____D C:\Users\Cane\AppData\Local\{128A0674-3564-405B-84CE-50C4D6BBBCC7}
2012-03-17 13:18 - 2012-03-17 13:18 - 00000000 ____D C:\Users\Cane\AppData\Local\{33DB3843-2474-4708-95EB-0E42D8120A55}
2012-03-17 08:58 - 2012-05-12 12:21 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 01:30 - 2011-09-09 19:08 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-03-17 01:18 - 2012-03-17 01:18 - 00000000 ____D C:\Users\Cane\AppData\Local\{46F70CE4-BCD3-4804-BFCD-EA054DD88A9D}
2012-03-17 01:18 - 2012-03-16 13:17 - 00000000 ____D C:\Users\Cane\AppData\Local\{335142D2-89DE-47B9-B7C4-A99100C4B24E}
2012-03-16 13:17 - 2012-03-16 13:17 - 00000000 ____D C:\Users\Cane\AppData\Local\{78DED249-CF8F-43C4-A25E-3A7F1BBD26D5}
2012-03-16 12:44 - 2012-03-16 12:44 - 00001558 ____A C:\Users\Public\Desktop\Anachronox.lnk
2012-03-16 01:17 - 2012-03-16 01:17 - 00000000 ____D C:\Users\Cane\AppData\Local\{B4F184C3-4FB0-41ED-B21B-26C735A9361F}
2012-03-16 01:17 - 2012-03-15 13:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{2FF24878-15C0-4350-876D-9D6EA4A33D07}
2012-03-15 13:16 - 2012-03-15 13:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{A3EDC9B7-D3F7-4584-95DF-E6260B428A47}
2012-03-15 01:16 - 2012-03-15 01:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{668103EF-7248-4D20-B1CD-ECB8A8A3607D}
2012-03-15 01:15 - 2012-03-14 13:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{215F7233-EF98-4537-BEDD-7973D3ABB622}
2012-03-14 18:17 - 2012-03-14 18:17 - 00000000 ____D C:\Users\Cane\AppData\Roaming\LolClient
2012-03-14 18:08 - 2012-03-14 18:08 - 00001771 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-03-14 18:06 - 2011-09-07 09:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-14 13:15 - 2012-03-14 13:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{FD434E4D-0437-4543-9F30-6F92E521C04F}
2012-03-14 01:14 - 2012-03-14 01:14 - 00000000 ____D C:\Users\Cane\AppData\Local\{37E11CD8-72EB-40DD-A642-CA228DB0263A}
2012-03-14 01:14 - 2012-03-13 13:14 - 00000000 ____D C:\Users\Cane\AppData\Local\{41759BEC-F6D7-4F1D-87A2-ED3EDE82B71A}
2012-03-13 13:14 - 2012-03-13 13:14 - 00000000 ____D C:\Users\Cane\AppData\Local\{777E72E1-E3BF-4B07-AE19-D34F6E15EF82}
2012-03-13 01:24 - 2012-03-13 01:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-13 01:13 - 2012-03-13 01:13 - 00000000 ____D C:\Users\Cane\AppData\Local\{B95DA018-E42A-4818-8F8A-26FED08643C8}
2012-03-13 01:13 - 2012-03-12 13:12 - 00000000 ____D C:\Users\Cane\AppData\Local\{D682F319-9D07-4039-925A-849A8C80607B}
2012-03-12 13:13 - 2012-03-12 13:13 - 00000000 ____D C:\Users\Cane\AppData\Local\{806DBD83-E32B-4BEE-A831-436ECFB5071D}
2012-03-12 01:12 - 2012-03-12 01:12 - 00000000 ____D C:\Users\Cane\AppData\Local\{E8C7CFA0-07C7-433F-A4CB-F1023E9DE1A2}
2012-03-12 01:12 - 2012-03-11 13:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{B59646E3-87B8-4975-B304-D4991FE45DB7}

ZeroAccess:
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\@
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\L
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\L\00000004.@
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\00000004.@
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\00000008.@
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\000000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8168.96 MB
Available physical RAM: 7340.07 MB
Total Pagefile: 8167.11 MB
Available Pagefile: 7337.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:95.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCHPXFRER_SV_DVD) (CDROM) (Total:2.9 GB) (Free:0 GB) UDF
3 Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:1.46 GB) FAT32
4 Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:10.79 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk nr Status Storlek Ledigt Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk nr 0 Online 931 G B 0 B
Disk nr 1 Online 3826 M B 0 B
Disk nr 2 Online 465 G B 1024 K B

DiskPart avslutas...


==========================================================

Last Boot: 2012-05-29 08:08

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 07:44 AM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-06-09 11:38 - 2012-06-09 11:38 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mqoazmuo.sys
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sunaghxy.sys
2012-06-09 11:34 - 2012-06-09 11:34 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\infclvgb.sys
2012-06-09 11:31 - 2012-06-09 11:31 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ueheqrnz.sys
2012-06-09 00:16 - 2012-06-09 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B313D6A-07CE-4C6F-809C-3FDA6800BA48}
2012-06-08 12:15 - 2012-06-09 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{4FE3CAD3-41AA-4246-B9AA-628F1854A378}
2012-06-08 12:15 - 2012-06-08 12:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{0DA73F0B-FEF6-4309-896B-46BAC344BEFF}
2012-06-08 00:01 - 2012-06-08 00:01 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{8B76C08C-45EB-44CC-BB42-1E7F9253ABF6}
2012-06-07 23:55 - 2012-06-07 23:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{7F99AC0B-BED7-4CEA-B0C1-01E1FF512EC0}
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ubgupnof.sys
2012-06-07 23:00 - 2012-06-07 23:00 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ynzbosnz.sys
2012-06-07 11:55 - 2012-06-07 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{DC2F99DE-B236-47AC-BF4F-E69BAED84B30}
2012-06-07 11:54 - 2012-06-07 11:55 - 00000000 ____D C:\Users\Cane\AppData\Local\{C4925715-A11B-49E6-AA47-F72A8BB269EA}
2012-06-06 23:54 - 2012-06-06 23:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{5083E246-71F3-478A-B4CB-42BD44A3A64E}
2012-06-06 11:53 - 2012-06-06 23:54 - 00000000 ____D C:\Users\Cane\AppData\Local\{8229C705-FCB2-4E4B-ACF5-B097F346ADA4}
2012-06-06 11:53 - 2012-06-06 11:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{E46C7B84-4D6C-4AA6-AF0D-C30366A01184}
2012-06-05 23:53 - 2012-06-05 23:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{206FB0E4-3FF9-427E-A364-75AE9202CAD8}
2012-06-05 11:52 - 2012-06-05 23:53 - 00000000 ____D C:\Users\Cane\AppData\Local\{3B257CE9-1C3C-4ADD-8ED9-8B0299DB790F}
2012-06-05 11:52 - 2012-06-05 11:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{42BF97C8-B476-4E90-A8C6-E8C215100DB5}
2012-06-04 23:52 - 2012-06-04 23:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{2B368F26-69B1-415C-8DFB-F36C764FC18C}
2012-06-04 11:51 - 2012-06-04 23:52 - 00000000 ____D C:\Users\Cane\AppData\Local\{BD1F8E8D-E285-4225-8B0F-1E9B56E53DEE}
2012-06-04 11:51 - 2012-06-04 11:51 - 00000000 ____D C:\Users\Cane\AppData\Local\{A72333E6-6C8D-4A48-A130-9EF50F5DB83E}
2012-06-03 11:50 - 2012-06-03 23:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{7DDC3341-0BD5-4B12-9459-C611127E9C0A}
2012-06-03 11:50 - 2012-06-03 11:50 - 00000000 ____D C:\Users\Cane\AppData\Local\{31F5988C-605F-4DAD-A0BC-8DB19A47CF3E}
2012-06-02 23:49 - 2012-06-02 23:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2AE5CA56-66C8-4CF8-8D6A-A0805A7BB773}
2012-06-02 11:49 - 2012-06-02 23:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{76247540-9F88-4A30-A169-F282A2CD627F}
2012-06-02 11:49 - 2012-06-02 11:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{A8968740-FE93-40A0-9B75-3857C5D13D54}
2012-06-01 23:16 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{DCC031FE-26C6-4465-9485-D2F463EC95D5}
2012-06-01 11:16 - 2012-06-01 11:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{B2968B64-924D-47DB-BD16-3BCFC7B0E566}
2012-06-01 11:15 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{38978A8B-D994-40A2-8CC3-0B283FC519E3}
2012-05-31 23:15 - 2012-05-31 23:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{42E8F8CB-0C71-42F9-8A9B-32BA844C82B3}
2012-05-31 11:15 - 2012-05-31 11:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{87B46CE7-8B06-44CF-9A5D-AA44F1E0251C}
2012-05-31 11:14 - 2012-05-31 23:15 - 00000000 ____D C:\Users\Cane\AppData\Local\{57943967-085B-410F-82C6-80E5F6AAA497}
2012-05-30 22:49 - 2012-05-30 22:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{2E091C3C-8A27-4D8B-B1C3-BBE9696CDB48}
2012-05-30 10:48 - 2012-05-30 22:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{A76CD64C-62A8-4FC5-9F73-8144F7BB83DA}
2012-05-30 10:48 - 2012-05-30 10:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{4113F042-0F10-4891-8A71-DEF2AF1CBB37}
2012-05-29 22:48 - 2012-05-29 22:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{32AEB51B-468F-4295-9938-2583B3932FDB}
2012-05-29 10:47 - 2012-05-29 22:48 - 00000000 ____D C:\Users\Cane\AppData\Local\{4B858875-DBB2-4914-8661-714940E5D80D}
2012-05-29 10:47 - 2012-05-29 10:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{06BBAC50-5D2C-48DE-B5FA-6C1920EC7915}
2012-05-28 22:47 - 2012-05-28 22:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{C8E79FFB-5FD3-4F97-A378-D6F9394B7DEE}
2012-05-28 10:46 - 2012-05-28 22:47 - 00000000 ____D C:\Users\Cane\AppData\Local\{4E5DFADA-67B7-4771-8671-3D5F0B7F1851}
2012-05-28 10:46 - 2012-05-28 10:46 - 00000000 ____D C:\Users\Cane\AppData\Local\{7D806D56-EBD9-45ED-9B68-1E8B39D0299A}
2012-05-27 22:45 - 2012-05-27 22:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{09343DA1-646A-497B-BFC2-7FAA78B5C388}
2012-05-27 10:45 - 2012-05-27 10:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{27C4490E-4B8F-4452-994F-1128AE428451}
2012-05-27 10:44 - 2012-05-27 22:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{C91853E5-5B57-4889-BEB4-BA02D927EC2E}
2012-05-26 22:44 - 2012-05-26 22:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{DF204CF4-597C-4A6A-A57B-F17DFCB8D1E2}
2012-05-26 10:43 - 2012-05-26 22:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{9DEE9F10-5B1E-490F-8F82-9A63B0429F2A}
2012-05-26 10:43 - 2012-05-26 10:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{18686D37-3A6B-4B78-9294-A2D781D2DF93}
2012-05-25 22:08 - 2012-05-25 22:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{29CF2A80-FED4-4F1D-A34D-6D1A3CB3F685}
2012-05-25 10:07 - 2012-05-25 22:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{811D6F9A-8882-4E82-BF8C-35E5CFF3DF32}
2012-05-25 10:07 - 2012-05-25 10:08 - 00000000 ____D C:\Users\Cane\AppData\Local\{049DA361-08D6-4655-9756-CA3FA9296443}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{4A606F2B-9013-41EE-8BB3-234927AF3B4D}
2012-05-24 16:03 - 2012-05-24 16:03 - 00000000 ____D C:\Users\Cane\AppData\Local\{3E5C633F-8C28-40E1-AF6E-DF0FBF716F37}
2012-05-23 19:45 - 2012-05-23 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{5CF33ECC-86DF-4071-867E-6C4A96F3A369}
2012-05-23 07:44 - 2012-05-23 19:45 - 00000000 ____D C:\Users\Cane\AppData\Local\{1EC64079-6A26-4D9E-812C-C4C5EF8C4525}
2012-05-23 07:44 - 2012-05-23 07:44 - 00000000 ____D C:\Users\Cane\AppData\Local\{85F259CB-8DF1-4E00-8234-5EDDADAA73C6}
2012-05-22 19:27 - 2012-05-22 19:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{171F0CC5-C298-4789-8E2E-115572B7E9A6}
2012-05-22 07:26 - 2012-05-22 19:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{92845162-104A-4590-9E7F-7663AEF51C57}
2012-05-22 07:26 - 2012-05-22 07:27 - 00000000 ____D C:\Users\Cane\AppData\Local\{C937707E-C3F9-4946-877A-693A5FA551A8}
2012-05-21 13:39 - 2012-05-21 13:39 - 00000000 ____D C:\Users\Cane\AppData\Local\{CB7F0573-1C05-43FF-B153-4B0F26DB7D23}
2012-05-21 13:38 - 2012-05-21 13:39 - 00000000 ____D C:\Users\Cane\AppData\Local\{1CE29208-2A3A-4A5E-BC64-81EE2E31804D}
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{CA714966-27B3-4275-92C7-D3C529D93CE0}
2012-05-21 01:38 - 2012-05-21 01:38 - 00000000 ____D C:\Users\Cane\AppData\Local\{136FCCDC-E9A9-4192-AAE9-0034B134633E}
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{D5CFBE3F-2D7F-4548-A09C-4B23C70690DD}
2012-05-20 13:37 - 2012-05-20 13:37 - 00000000 ____D C:\Users\Cane\AppData\Local\{46C67128-7679-46CF-8A29-49FE4793D1B2}
2012-05-20 01:36 - 2012-05-20 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{D53D8E4E-E237-4EA4-A408-D01C3D764817}
2012-05-19 13:36 - 2012-05-20 01:36 - 00000000 ____D C:\Users\Cane\AppData\Local\{3FD8D4FC-47C8-4CB7-91EF-2BF1A6A7E869}
2012-05-19 01:24 - 2012-05-19 01:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{C0CA6A19-1DFC-48DF-9B56-EEAD16EA2E1A}
2012-05-18 13:23 - 2012-05-19 01:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{C97D89B3-2880-4386-B324-77F632AD402B}
2012-05-18 13:23 - 2012-05-18 13:24 - 00000000 ____D C:\Users\Cane\AppData\Local\{E3F84566-590A-4294-9CC8-296E5DA02E1E}
2012-05-18 01:23 - 2012-05-18 01:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{B0E26E4F-6E4B-4565-93FD-FD6C88E2A764}
2012-05-17 13:22 - 2012-05-18 01:23 - 00000000 ____D C:\Users\Cane\AppData\Local\{911ACADC-5111-431A-B792-68F2C4E6378A}
2012-05-17 13:22 - 2012-05-17 13:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{704A56AF-20DC-4A27-9423-DD9AEF7DC8CD}
2012-05-17 01:22 - 2012-05-17 01:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{2D9BE71F-7781-4C60-9224-D58460F1C3DB}
2012-05-16 13:21 - 2012-05-17 01:22 - 00000000 ____D C:\Users\Cane\AppData\Local\{3CC113B3-F2A3-4C02-A59B-28DDBFC1BE4F}
2012-05-16 13:21 - 2012-05-16 13:21 - 00000000 ____D C:\Users\Cane\AppData\Local\{5136C457-BEBF-415E-974E-7C78005AD8EF}
2012-05-16 00:07 - 2012-05-16 00:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{65A71687-50A7-4869-B269-62E2F569DCCF}
2012-05-15 12:07 - 2012-05-16 00:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{392645D4-93D3-4302-A6BE-17DD00D0013E}
2012-05-15 12:07 - 2012-05-15 12:07 - 00000000 ____D C:\Users\Cane\AppData\Local\{E220DDF0-CF7B-4670-A6D0-8AFE11B14C47}
2012-05-15 00:06 - 2012-05-15 00:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{EA3BD9C9-BDD2-4471-9669-42893F3F6D20}
2012-05-14 12:06 - 2012-05-14 12:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{AA14F737-746F-4092-9CBD-E889E16D165B}
2012-05-14 12:05 - 2012-05-15 00:06 - 00000000 ____D C:\Users\Cane\AppData\Local\{4AA0F4F1-F361-4380-93BD-05A397BF0B1D}
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{69CD9EF7-20DA-4E6F-BC80-2EC151709376}
2012-05-13 12:49 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Cane\AppData\Local\{02A87680-3951-4A90-9371-BE0DE2864318}
2012-05-13 00:16 - 2012-05-13 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{17F703A4-10FE-457C-A92E-9DB2E8F5301B}
2012-05-12 12:16 - 2012-05-13 00:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{3888CE45-3114-4B4C-AA98-CBE50B6DC7EC}
2012-05-12 12:16 - 2012-05-12 12:16 - 00000000 ____D C:\Users\Cane\AppData\Local\{1367F639-0939-4F25-BDF2-63C92E0DD4BC}
2012-05-11 23:11 - 2012-05-11 23:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{CC353AE7-6B65-461E-BFE2-81C87DB02933}
2012-05-11 11:10 - 2012-05-11 23:11 - 00000000 ____D C:\Users\Cane\AppData\Local\{546DD999-485B-427E-823A-A2836C99C90C}
2012-05-11 11:10 - 2012-05-11 11:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{998AE338-FDCD-406B-B1A0-A7F643A0AFED}
2012-05-10 23:09 - 2012-05-10 23:10 - 00000000 ____D C:\Users\Cane\AppData\Local\{E68F37E3-0C05-47BC-9C2B-EEB06A20ECD4}
2012-05-10 11:09 - 2012-05-10 23:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{E235A797-10F5-4499-809C-136D17FD08E3}
2012-05-10 11:09 - 2012-05-10 11:09 - 00000000 ____D C:\Users\Cane\AppData\Local\{6A12D94D-F954-4FAF-82D6-BAA60E13EC0F}
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}
1 infclvgb; C:\Windows\System32\Drivers\infclvgb.sys [50000 2012-06-09] (Microsoft Corporation)
1 mqoazmuo; C:\Windows\System32\Drivers\mqoazmuo.sys [50000 2012-06-09] (Microsoft Corporation)
1 sunaghxy; C:\Windows\System32\Drivers\sunaghxy.sys [50000 2012-06-09] (Microsoft Corporation)
1 ueheqrnz; C:\Windows\System32\Drivers\ueheqrnz.sys [50000 2012-06-09] (Microsoft Corporation)
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 09:05 AM

Alright I've done the first part now with the fixlist and here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012
Ran by SYSTEM at 2012-06-09 15:58:48 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\Drivers\mqoazmuo.sys not found.
C:\Windows\System32\Drivers\sunaghxy.sys not found.
C:\Windows\System32\Drivers\infclvgb.sys not found.
C:\Windows\System32\Drivers\ueheqrnz.sys not found.
C:\Users\Cane\AppData\Local\{3B313D6A-07CE-4C6F-809C-3FDA6800BA48} moved successfully.
C:\Users\Cane\AppData\Local\{4FE3CAD3-41AA-4246-B9AA-628F1854A378} moved successfully.
C:\Users\Cane\AppData\Local\{0DA73F0B-FEF6-4309-896B-46BAC344BEFF} moved successfully.
C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP moved successfully.
C:\Users\Cane\AppData\Local\{8B76C08C-45EB-44CC-BB42-1E7F9253ABF6} moved successfully.
C:\Users\Cane\AppData\Local\{7F99AC0B-BED7-4CEA-B0C1-01E1FF512EC0} moved successfully.
C:\Windows\System32\Drivers\ubgupnof.sys moved successfully.
C:\Windows\System32\Drivers\ynzbosnz.sys moved successfully.
C:\Users\Cane\AppData\Local\{DC2F99DE-B236-47AC-BF4F-E69BAED84B30} moved successfully.
C:\Users\Cane\AppData\Local\{C4925715-A11B-49E6-AA47-F72A8BB269EA} moved successfully.
C:\Users\Cane\AppData\Local\{5083E246-71F3-478A-B4CB-42BD44A3A64E} moved successfully.
C:\Users\Cane\AppData\Local\{8229C705-FCB2-4E4B-ACF5-B097F346ADA4} moved successfully.
C:\Users\Cane\AppData\Local\{E46C7B84-4D6C-4AA6-AF0D-C30366A01184} moved successfully.
C:\Users\Cane\AppData\Local\{206FB0E4-3FF9-427E-A364-75AE9202CAD8} moved successfully.
C:\Users\Cane\AppData\Local\{3B257CE9-1C3C-4ADD-8ED9-8B0299DB790F} moved successfully.
C:\Users\Cane\AppData\Local\{42BF97C8-B476-4E90-A8C6-E8C215100DB5} moved successfully.
C:\Users\Cane\AppData\Local\{2B368F26-69B1-415C-8DFB-F36C764FC18C} moved successfully.
C:\Users\Cane\AppData\Local\{BD1F8E8D-E285-4225-8B0F-1E9B56E53DEE} moved successfully.
C:\Users\Cane\AppData\Local\{A72333E6-6C8D-4A48-A130-9EF50F5DB83E} moved successfully.
C:\Users\Cane\AppData\Local\{7DDC3341-0BD5-4B12-9459-C611127E9C0A} moved successfully.
C:\Users\Cane\AppData\Local\{31F5988C-605F-4DAD-A0BC-8DB19A47CF3E} moved successfully.
C:\Users\Cane\AppData\Local\{2AE5CA56-66C8-4CF8-8D6A-A0805A7BB773} moved successfully.
C:\Users\Cane\AppData\Local\{76247540-9F88-4A30-A169-F282A2CD627F} moved successfully.
C:\Users\Cane\AppData\Local\{A8968740-FE93-40A0-9B75-3857C5D13D54} moved successfully.
C:\Users\Cane\AppData\Local\{DCC031FE-26C6-4465-9485-D2F463EC95D5} moved successfully.
C:\Users\Cane\AppData\Local\{B2968B64-924D-47DB-BD16-3BCFC7B0E566} moved successfully.
C:\Users\Cane\AppData\Local\{38978A8B-D994-40A2-8CC3-0B283FC519E3} moved successfully.
C:\Users\Cane\AppData\Local\{42E8F8CB-0C71-42F9-8A9B-32BA844C82B3} moved successfully.
C:\Users\Cane\AppData\Local\{87B46CE7-8B06-44CF-9A5D-AA44F1E0251C} moved successfully.
C:\Users\Cane\AppData\Local\{57943967-085B-410F-82C6-80E5F6AAA497} moved successfully.
C:\Users\Cane\AppData\Local\{2E091C3C-8A27-4D8B-B1C3-BBE9696CDB48} moved successfully.
C:\Users\Cane\AppData\Local\{A76CD64C-62A8-4FC5-9F73-8144F7BB83DA} moved successfully.
C:\Users\Cane\AppData\Local\{4113F042-0F10-4891-8A71-DEF2AF1CBB37} moved successfully.
C:\Users\Cane\AppData\Local\{32AEB51B-468F-4295-9938-2583B3932FDB} moved successfully.
C:\Users\Cane\AppData\Local\{4B858875-DBB2-4914-8661-714940E5D80D} moved successfully.
C:\Users\Cane\AppData\Local\{06BBAC50-5D2C-48DE-B5FA-6C1920EC7915} moved successfully.
C:\Users\Cane\AppData\Local\{C8E79FFB-5FD3-4F97-A378-D6F9394B7DEE} moved successfully.
C:\Users\Cane\AppData\Local\{4E5DFADA-67B7-4771-8671-3D5F0B7F1851} moved successfully.
C:\Users\Cane\AppData\Local\{7D806D56-EBD9-45ED-9B68-1E8B39D0299A} moved successfully.
C:\Users\Cane\AppData\Local\{09343DA1-646A-497B-BFC2-7FAA78B5C388} moved successfully.
C:\Users\Cane\AppData\Local\{27C4490E-4B8F-4452-994F-1128AE428451} moved successfully.
C:\Users\Cane\AppData\Local\{C91853E5-5B57-4889-BEB4-BA02D927EC2E} moved successfully.
C:\Users\Cane\AppData\Local\{DF204CF4-597C-4A6A-A57B-F17DFCB8D1E2} moved successfully.
C:\Users\Cane\AppData\Local\{9DEE9F10-5B1E-490F-8F82-9A63B0429F2A} moved successfully.
C:\Users\Cane\AppData\Local\{18686D37-3A6B-4B78-9294-A2D781D2DF93} moved successfully.
C:\Users\Cane\AppData\Local\{29CF2A80-FED4-4F1D-A34D-6D1A3CB3F685} moved successfully.
C:\Users\Cane\AppData\Local\{811D6F9A-8882-4E82-BF8C-35E5CFF3DF32} moved successfully.
C:\Users\Cane\AppData\Local\{049DA361-08D6-4655-9756-CA3FA9296443} moved successfully.
C:\Users\Cane\AppData\Local\{4A606F2B-9013-41EE-8BB3-234927AF3B4D} moved successfully.
C:\Users\Cane\AppData\Local\{3E5C633F-8C28-40E1-AF6E-DF0FBF716F37} moved successfully.
C:\Users\Cane\AppData\Local\{5CF33ECC-86DF-4071-867E-6C4A96F3A369} moved successfully.
C:\Users\Cane\AppData\Local\{1EC64079-6A26-4D9E-812C-C4C5EF8C4525} moved successfully.
C:\Users\Cane\AppData\Local\{85F259CB-8DF1-4E00-8234-5EDDADAA73C6} moved successfully.
C:\Users\Cane\AppData\Local\{171F0CC5-C298-4789-8E2E-115572B7E9A6} moved successfully.
C:\Users\Cane\AppData\Local\{92845162-104A-4590-9E7F-7663AEF51C57} moved successfully.
C:\Users\Cane\AppData\Local\{C937707E-C3F9-4946-877A-693A5FA551A8} moved successfully.
C:\Users\Cane\AppData\Local\{CB7F0573-1C05-43FF-B153-4B0F26DB7D23} moved successfully.
C:\Users\Cane\AppData\Local\{1CE29208-2A3A-4A5E-BC64-81EE2E31804D} moved successfully.
C:\Users\Cane\AppData\Local\{CA714966-27B3-4275-92C7-D3C529D93CE0} moved successfully.
C:\Users\Cane\AppData\Local\{136FCCDC-E9A9-4192-AAE9-0034B134633E} moved successfully.
C:\Users\Cane\AppData\Local\{D5CFBE3F-2D7F-4548-A09C-4B23C70690DD} moved successfully.
C:\Users\Cane\AppData\Local\{46C67128-7679-46CF-8A29-49FE4793D1B2} moved successfully.
C:\Users\Cane\AppData\Local\{D53D8E4E-E237-4EA4-A408-D01C3D764817} moved successfully.
C:\Users\Cane\AppData\Local\{3FD8D4FC-47C8-4CB7-91EF-2BF1A6A7E869} moved successfully.
C:\Users\Cane\AppData\Local\{C0CA6A19-1DFC-48DF-9B56-EEAD16EA2E1A} moved successfully.
C:\Users\Cane\AppData\Local\{C97D89B3-2880-4386-B324-77F632AD402B} moved successfully.
C:\Users\Cane\AppData\Local\{E3F84566-590A-4294-9CC8-296E5DA02E1E} moved successfully.
C:\Users\Cane\AppData\Local\{B0E26E4F-6E4B-4565-93FD-FD6C88E2A764} moved successfully.
C:\Users\Cane\AppData\Local\{911ACADC-5111-431A-B792-68F2C4E6378A} moved successfully.
C:\Users\Cane\AppData\Local\{704A56AF-20DC-4A27-9423-DD9AEF7DC8CD} moved successfully.
C:\Users\Cane\AppData\Local\{2D9BE71F-7781-4C60-9224-D58460F1C3DB} moved successfully.
C:\Users\Cane\AppData\Local\{3CC113B3-F2A3-4C02-A59B-28DDBFC1BE4F} moved successfully.
C:\Users\Cane\AppData\Local\{5136C457-BEBF-415E-974E-7C78005AD8EF} moved successfully.
C:\Users\Cane\AppData\Local\{65A71687-50A7-4869-B269-62E2F569DCCF} moved successfully.
C:\Users\Cane\AppData\Local\{392645D4-93D3-4302-A6BE-17DD00D0013E} moved successfully.
C:\Users\Cane\AppData\Local\{E220DDF0-CF7B-4670-A6D0-8AFE11B14C47} moved successfully.
C:\Users\Cane\AppData\Local\{EA3BD9C9-BDD2-4471-9669-42893F3F6D20} moved successfully.
C:\Users\Cane\AppData\Local\{AA14F737-746F-4092-9CBD-E889E16D165B} moved successfully.
C:\Users\Cane\AppData\Local\{4AA0F4F1-F361-4380-93BD-05A397BF0B1D} moved successfully.
C:\Users\Cane\AppData\Local\{69CD9EF7-20DA-4E6F-BC80-2EC151709376} moved successfully.
C:\Users\Cane\AppData\Local\{02A87680-3951-4A90-9371-BE0DE2864318} moved successfully.
C:\Users\Cane\AppData\Local\{17F703A4-10FE-457C-A92E-9DB2E8F5301B} moved successfully.
C:\Users\Cane\AppData\Local\{3888CE45-3114-4B4C-AA98-CBE50B6DC7EC} moved successfully.
C:\Users\Cane\AppData\Local\{1367F639-0939-4F25-BDF2-63C92E0DD4BC} moved successfully.
C:\Users\Cane\AppData\Local\{CC353AE7-6B65-461E-BFE2-81C87DB02933} moved successfully.
C:\Users\Cane\AppData\Local\{546DD999-485B-427E-823A-A2836C99C90C} moved successfully.
C:\Users\Cane\AppData\Local\{998AE338-FDCD-406B-B1A0-A7F643A0AFED} moved successfully.
C:\Users\Cane\AppData\Local\{E68F37E3-0C05-47BC-9C2B-EEB06A20ECD4} moved successfully.
C:\Users\Cane\AppData\Local\{E235A797-10F5-4499-809C-136D17FD08E3} moved successfully.
C:\Users\Cane\AppData\Local\{6A12D94D-F954-4FAF-82D6-BAA60E13EC0F} moved successfully.
C:\Windows\Installer\{66a7571f-a123-1d16-4ae6-4da21bcb0c50} moved successfully.
infclvgb service not found.
mqoazmuo service not found.
sunaghxy service not found.
ueheqrnz service not found.

==== End of Fixlog ====

I guess the whole procedure went well but MSE still complains about the virus. Should I proceed onto the combofix part?
EDIT: It seems that getting into windows after a reboot queues the "Has detected a threat" from MSE but after removing the threat the virus won't come back however I tried rebooting twice and as soon as I get into windows it comes back. So it seems that it comes back after a reboot but while in windows and removing it, it won't come back again after 4 minutes like it did earlier
EDIT2: Seems like I was wrong but it seems like it's only the AB and P types of the virus that is left

Edited by trucane, 09 June 2012 - 09:19 AM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 09:37 AM

yes, we have more work to do, it generally takes more than one round of fixes to remove everything, so stay with me,

please move on to ComboFix

Edited by CatByte, 09 June 2012 - 09:37 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 10:24 AM

ComboFix 12-06-09.01 - Cane 2012-06-09 17:05:42.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8169.6500 [GMT 2:00]
Körs från: c:\users\Cane\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
(((((((((((((((((((((((( Filer skapade från 2012-05-09 till 2012-06-09 ))))))))))))))))))))))))))))))
.
.
2012-06-09 15:12 . 2012-06-09 15:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-09 15:12 . 2012-06-09 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 11:48 . 2012-06-09 11:50 -------- d-----w- C:\FRST
2012-06-07 23:08 . 2012-06-07 23:08 -------- d-----w- c:\users\Cane\AppData\Roaming\Canneverbe Limited
2012-06-07 23:08 . 2012-06-07 23:08 -------- d-----w- c:\programdata\Canneverbe Limited
2012-06-07 23:06 . 2012-06-07 23:06 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-06-07 23:01 . 2012-06-07 23:01 110080 ----a-r- c:\users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-07 23:01 . 2012-06-07 23:01 110080 ----a-r- c:\users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-07 23:01 . 2012-06-07 23:01 110080 ----a-r- c:\users\Cane\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-07 23:01 . 2012-06-07 23:02 -------- d-----w- C:\sh4ldr
2012-06-07 23:01 . 2012-06-07 23:01 -------- d-----w- c:\program files\Enigma Software Group
2012-06-07 22:42 . 2010-09-07 13:39 150392 ----a-w- c:\users\Cane\junction.exe
2012-06-07 21:40 . 2012-06-07 21:40 -------- d-----w- c:\users\Cane\AppData\Roaming\Malwarebytes
2012-06-07 21:40 . 2012-06-07 21:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 21:40 . 2012-06-07 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 21:25 . 2012-06-07 21:25 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-07 21:25 . 2012-06-07 21:25 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-06-07 21:25 . 2012-06-07 21:25 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-06-07 21:25 . 2012-06-07 21:25 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-06-07 21:25 . 2012-06-07 21:25 -------- d-----w- c:\program files\Prevx
2012-06-07 21:24 . 2012-06-07 22:31 -------- d-----w- c:\programdata\PrevxCSI
2012-06-07 18:23 . 2012-06-07 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-07 09:35 . 2012-06-07 09:35 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 09:35 . 2012-06-07 09:35 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-03 18:19 . 2012-06-03 18:30 -------- d-----w- c:\users\Cane\AppData\Roaming\wargaming.net
2012-06-02 17:42 . 2012-06-02 17:42 -------- d-----w- c:\users\Cane\AppData\Local\CrashRpt
2012-05-28 15:09 . 2012-05-28 15:09 -------- d-----w- c:\program files (x86)\Capsule
2012-05-20 12:46 . 2012-05-20 12:46 -------- d-----w- c:\program files\HWiNFO64
2012-05-20 12:32 . 2012-05-20 12:42 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-20 01:01 . 2012-05-20 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-20 01:01 . 2012-05-20 01:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 21:55 . 2012-06-02 10:53 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-10 22:16 . 2012-05-13 12:18 -------- d-----w- c:\users\Cane\AppData\Roaming\Tropico 4
2012-05-10 22:15 . 2012-05-10 22:15 -------- d-----w- c:\users\Cane\AppData\Roaming\Kalypso Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 17:47 . 2011-09-09 18:03 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-02 17:47 . 2011-09-09 17:48 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 17:42 . 2011-09-09 17:48 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-04 18:10 . 2012-04-04 13:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:10 . 2011-09-07 09:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:10 . 2012-04-26 09:10 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:06 . 2011-09-01 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-09 20:34 . 2011-09-09 17:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-22 00:18 . 2011-10-30 01:04 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-22 00:18 . 2011-10-30 01:04 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-22 00:18 . 2011-10-30 01:04 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-22 00:18 . 2011-10-30 01:04 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 bbgrcpsu;bbgrcpsu;c:\windows\system32\drivers\bbgrcpsu.sys [x]
R1 eacgwkgm;eacgwkgm;c:\windows\system32\drivers\eacgwkgm.sys [x]
R1 eadlwonp;eadlwonp;c:\windows\system32\drivers\eadlwonp.sys [x]
R1 krpqdfco;krpqdfco;c:\windows\system32\drivers\krpqdfco.sys [x]
R1 lsbfgrgx;lsbfgrgx;c:\windows\system32\drivers\lsbfgrgx.sys [x]
R1 ptefnzur;ptefnzur;c:\windows\system32\drivers\ptefnzur.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-06-07 6746280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Cane\AppData\Local\Temp\0056C9D.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={8743987B-0A40-423D-BA0D-E6ECE34C4332}&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&lang=en&ds=gm011&pr=sa&d=2012-04-17 13:07&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 211.110.204.36:80
LSP: mswsock.dll
TCP: DhcpNameServer = 81.26.228.3 81.26.227.3
FF - ProfilePath - c:\users\Cane\AppData\Roaming\Mozilla\Firefox\Profiles\s7il9wij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Babebe3fc-0e41-4ccb-9507-70d01278e3e2%7D&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&ds=gm011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-17%2013%3A07%3A56&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9050
FF - prefs.js: network.proxy.type - 0
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Floris Mod Pack_is1 - c:\program files (x86)\Steam\steamapps\common\mountblade warband\Modules\Modules\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Cane\AppData\Local\Temp\0056C9D.tmp"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Sluttid: 2012-06-09 17:18:51 - datorn startades om.
ComboFix-quarantined-files.txt 2012-06-09 15:18
.
Före genomsökningen: 101 636 751 360 byte ledigt
Efter genomsökningen: 104 123 207 680 byte ledigt
.
- - End Of File - - FBDC6442908385E84A8CAA36323D7EA9

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 10:45 AM

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

Driver::
bbgrcpsu
eacgwkgm
eadlwonp
krpqdfco
lsbfgrgx
ptefnzur

FireFox::
FF - ProfilePath - c:\users\Cane\AppData\Roaming\Mozilla\Firefox\Profiles\s7il9wij.default\
FF - prefs.js: network.proxy.http_port - 9050

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 10:51 AM

After doing the combofix part from the reply before your last one my MSE no longer complains about any sirefef viruses, should I still proceed to do what you wrote in your last reply?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 10:59 AM

yes, please do, we need to make certain there are no left overs, absence of symptoms doesn't guarantee you are clean, so stay with me till the end

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 11:22 AM

ComboFix 12-06-09.01 - Cane 2012-06-09 18:08:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8169.6492 [GMT 2:00]
Körs från: c:\users\Cane\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Cane\Desktop\CFscript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bbgrcpsu
-------\Service_eacgwkgm
-------\Service_eadlwonp
-------\Service_krpqdfco
-------\Service_lsbfgrgx
-------\Service_ptefnzur
.
.
(((((((((((((((((((((((( Filer skapade från 2012-05-09 till 2012-06-09 ))))))))))))))))))))))))))))))
.
.
2012-06-09 16:13 . 2012-06-09 16:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-09 11:48 . 2012-06-09 11:50 -------- d-----w- C:\FRST
2012-06-07 23:08 . 2012-06-07 23:08 -------- d-----w- c:\users\Cane\AppData\Roaming\Canneverbe Limited
2012-06-07 23:08 . 2012-06-07 23:08 -------- d-----w- c:\programdata\Canneverbe Limited
2012-06-07 23:06 . 2012-06-07 23:06 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-06-07 23:01 . 2012-06-09 15:49 -------- d-----w- C:\sh4ldr
2012-06-07 23:01 . 2012-06-07 23:01 -------- d-----w- c:\program files\Enigma Software Group
2012-06-07 22:42 . 2010-09-07 13:39 150392 ----a-w- c:\users\Cane\junction.exe
2012-06-07 21:40 . 2012-06-07 21:40 -------- d-----w- c:\users\Cane\AppData\Roaming\Malwarebytes
2012-06-07 21:40 . 2012-06-07 21:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 21:40 . 2012-06-07 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 21:25 . 2012-06-07 21:25 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-07 21:25 . 2012-06-07 21:25 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-06-07 21:25 . 2012-06-07 21:25 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-06-07 21:25 . 2012-06-07 21:25 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-06-07 21:25 . 2012-06-07 21:25 -------- d-----w- c:\program files\Prevx
2012-06-07 21:24 . 2012-06-07 22:31 -------- d-----w- c:\programdata\PrevxCSI
2012-06-07 18:23 . 2012-06-07 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-07 09:35 . 2012-06-07 09:35 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 09:35 . 2012-06-07 09:35 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-03 18:19 . 2012-06-03 18:30 -------- d-----w- c:\users\Cane\AppData\Roaming\wargaming.net
2012-06-02 17:42 . 2012-06-02 17:42 -------- d-----w- c:\users\Cane\AppData\Local\CrashRpt
2012-05-28 15:09 . 2012-05-28 15:09 -------- d-----w- c:\program files (x86)\Capsule
2012-05-20 12:46 . 2012-05-20 12:46 -------- d-----w- c:\program files\HWiNFO64
2012-05-20 12:32 . 2012-05-20 12:42 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-20 01:01 . 2012-05-20 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-20 01:01 . 2012-05-20 01:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 21:55 . 2012-06-02 10:53 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-10 22:16 . 2012-05-13 12:18 -------- d-----w- c:\users\Cane\AppData\Roaming\Tropico 4
2012-05-10 22:15 . 2012-05-10 22:15 -------- d-----w- c:\users\Cane\AppData\Roaming\Kalypso Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 17:47 . 2011-09-09 18:03 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-02 17:47 . 2011-09-09 17:48 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 17:42 . 2011-09-09 17:48 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-04 18:10 . 2012-04-04 13:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:10 . 2011-09-07 09:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:10 . 2012-04-26 09:10 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:06 . 2011-09-01 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-09 20:34 . 2011-09-09 17:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-22 00:18 . 2011-10-30 01:04 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-22 00:18 . 2011-10-30 01:04 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-22 00:18 . 2011-10-30 01:04 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-22 00:18 . 2011-10-30 01:04 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_15.15.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-09 15:22 45678 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-09 15:22 38882 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-09 15:11 . 2012-06-09 15:22 10186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1471886629-3543694947-2446725536-1001_UserData.bin
+ 2012-06-09 15:49 . 2012-06-09 15:49 66956 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCall.dll
- 2012-06-09 15:14 . 2012-06-09 15:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 16:15 . 2012-06-09 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-11-21 11:38 . 2012-06-09 15:04 674574 c:\windows\system32\perfh01D.dat
+ 2010-11-21 11:38 . 2012-06-09 16:04 674574 c:\windows\system32\perfh01D.dat
- 2009-07-14 02:36 . 2012-06-09 15:04 656854 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-09 16:04 656854 c:\windows\system32\perfh009.dat
+ 2010-11-21 11:38 . 2012-06-09 16:04 145908 c:\windows\system32\perfc01D.dat
- 2010-11-21 11:38 . 2012-06-09 15:04 145908 c:\windows\system32\perfc01D.dat
+ 2009-07-14 02:36 . 2012-06-09 16:04 125336 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-09 15:04 125336 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-09 16:13 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-09 15:13 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-01 01:01 . 2012-06-07 20:03 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-01 01:01 . 2012-06-09 15:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-05-01 01:01 . 2012-06-07 20:03 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 01:01 . 2012-06-09 15:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 01:01 . 2012-06-09 15:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-01 01:01 . 2012-06-07 20:03 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 01:01 . 2012-06-09 15:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-05-01 01:01 . 2012-06-07 20:03 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-06-09 15:49 . 2012-06-09 15:49 189872 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.exe
+ 2012-06-09 15:49 . 2012-06-09 15:49 175992 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla34.dll
+ 2012-06-09 15:49 . 2012-06-09 15:49 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla33.dll
+ 2012-06-09 15:49 . 2012-06-09 15:49 176545 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla32.dll
+ 2012-06-09 15:49 . 2012-06-09 15:49 184966 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla31.exe
+ 2012-06-09 15:49 . 2012-06-09 15:49 189776 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla21.dll
+ 2012-06-09 15:49 . 2012-06-09 15:49 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla2.dll
+ 2012-06-09 15:49 . 2012-06-09 15:49 179526 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla.dll
+ 2011-09-10 00:58 . 2012-06-09 16:13 5352076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471886629-3543694947-2446725536-1001-12288.dat
- 2011-09-10 00:58 . 2012-06-09 15:13 5352076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471886629-3543694947-2446725536-1001-12288.dat
+ 2011-09-10 00:58 . 2012-06-09 16:13 51918036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471886629-3543694947-2446725536-1001-8192.dat
- 2011-09-10 00:58 . 2012-06-09 15:13 51918036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471886629-3543694947-2446725536-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-07 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Cane\AppData\Local\Temp\0056C9D.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-06-07 6746280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"combofix"="c:\combofix\CF5884.3XE" [2010-11-21 345088]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={8743987B-0A40-423D-BA0D-E6ECE34C4332}&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&lang=en&ds=gm011&pr=sa&d=2012-04-17 13:07&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 211.110.204.36:80
TCP: DhcpNameServer = 81.26.228.3 81.26.227.3
FF - ProfilePath - c:\users\Cane\AppData\Roaming\Mozilla\Firefox\Profiles\s7il9wij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Babebe3fc-0e41-4ccb-9507-70d01278e3e2%7D&mid=d6a07b38be8447d0918d25244254f204-3291ee2e80474b29eb200b697aca9ec7592cbcaf&ds=gm011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-17%2013%3A07%3A56&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Cane\AppData\Local\Temp\0056C9D.tmp"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Sluttid: 2012-06-09 18:18:29 - datorn startades om.
ComboFix-quarantined-files.txt 2012-06-09 16:18
ComboFix2.txt 2012-06-09 15:18
.
Före genomsökningen: 103 904 190 464 byte ledigt
Efter genomsökningen: 103 303 778 304 byte ledigt
.
- - End Of File - - 05C6DF42A6DB6AE3D2C44262960F587B





TDS LOG:

18:22:38.0183 4480 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:22:38.0343 4480 ============================================================
18:22:38.0343 4480 Current date / time: 2012/06/09 18:22:38.0343
18:22:38.0343 4480 SystemInfo:
18:22:38.0343 4480
18:22:38.0343 4480 OS Version: 6.1.7601 ServicePack: 1.0
18:22:38.0343 4480 Product type: Workstation
18:22:38.0343 4480 ComputerName: CANE-DATOR
18:22:38.0343 4480 UserName: Cane
18:22:38.0343 4480 Windows directory: C:\Windows
18:22:38.0343 4480 System windows directory: C:\Windows
18:22:38.0343 4480 Running under WOW64
18:22:38.0343 4480 Processor architecture: Intel x64
18:22:38.0343 4480 Number of processors: 8
18:22:38.0343 4480 Page size: 0x1000
18:22:38.0343 4480 Boot type: Normal boot
18:22:38.0343 4480 ============================================================
18:22:39.0983 4480 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:39.0983 4480 Drive \Device\Harddisk1\DR1 - Size: 0xEF200000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:39.0993 4480 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:39.0993 4480 ============================================================
18:22:39.0993 4480 \Device\Harddisk0\DR0:
18:22:39.0993 4480 MBR partitions:
18:22:39.0993 4480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:22:39.0993 4480 \Device\Harddisk1\DR1:
18:22:39.0993 4480 MBR partitions:
18:22:39.0993 4480 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x777080
18:22:39.0993 4480 \Device\Harddisk2\DR2:
18:22:39.0993 4480 MBR partitions:
18:22:39.0993 4480 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:22:39.0993 4480 ============================================================
18:22:40.0003 4480 C: <-> \Device\Harddisk0\DR0\Partition0
18:22:40.0433 4480 E: <-> \Device\Harddisk2\DR2\Partition0
18:22:40.0433 4480 ============================================================
18:22:40.0433 4480 Initialize success
18:22:40.0433 4480 ============================================================
18:22:51.0973 4324 ============================================================
18:22:51.0973 4324 Scan started
18:22:51.0973 4324 Mode: Manual; TDLFS;
18:22:51.0973 4324 ============================================================
18:22:53.0713 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:22:53.0713 4324 1394ohci - ok
18:22:53.0753 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:53.0753 4324 ACPI - ok
18:22:53.0793 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:53.0793 4324 AcpiPmi - ok
18:22:53.0873 4324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:22:53.0873 4324 AdobeARMservice - ok
18:22:53.0993 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:22:53.0993 4324 AdobeFlashPlayerUpdateSvc - ok
18:22:54.0043 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:22:54.0053 4324 adp94xx - ok
18:22:54.0073 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:22:54.0073 4324 adpahci - ok
18:22:54.0093 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:22:54.0103 4324 adpu320 - ok
18:22:54.0123 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:22:54.0123 4324 AeLookupSvc - ok
18:22:54.0183 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:22:54.0183 4324 AFD - ok
18:22:54.0193 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:54.0193 4324 agp440 - ok
18:22:54.0213 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:22:54.0213 4324 ALG - ok
18:22:54.0223 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:54.0223 4324 aliide - ok
18:22:54.0233 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:54.0233 4324 amdide - ok
18:22:54.0243 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:22:54.0243 4324 AmdK8 - ok
18:22:54.0253 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:22:54.0253 4324 AmdPPM - ok
18:22:54.0283 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:54.0283 4324 amdsata - ok
18:22:54.0323 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:22:54.0323 4324 amdsbs - ok
18:22:54.0333 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:54.0333 4324 amdxata - ok
18:22:54.0353 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:54.0353 4324 AppID - ok
18:22:54.0383 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:22:54.0383 4324 AppIDSvc - ok
18:22:54.0393 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:22:54.0393 4324 Appinfo - ok
18:22:54.0433 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:22:54.0433 4324 arc - ok
18:22:54.0443 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:22:54.0443 4324 arcsas - ok
18:22:54.0523 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:22:54.0543 4324 aspnet_state - ok
18:22:54.0583 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:54.0583 4324 AsyncMac - ok
18:22:54.0613 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:54.0613 4324 atapi - ok
18:22:54.0633 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:22:54.0643 4324 AudioEndpointBuilder - ok
18:22:54.0653 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:22:54.0653 4324 AudioSrv - ok
18:22:54.0663 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:22:54.0673 4324 AxInstSV - ok
18:22:54.0683 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:22:54.0683 4324 b06bdrv - ok
18:22:54.0723 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:54.0723 4324 b57nd60a - ok
18:22:54.0763 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:22:54.0763 4324 BDESVC - ok
18:22:54.0773 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:54.0773 4324 Beep - ok
18:22:54.0803 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:22:54.0813 4324 BFE - ok
18:22:54.0843 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:22:54.0853 4324 BITS - ok
18:22:54.0873 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:54.0873 4324 blbdrive - ok
18:22:54.0883 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:54.0883 4324 bowser - ok
18:22:54.0893 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:22:54.0893 4324 BrFiltLo - ok
18:22:54.0903 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:22:54.0903 4324 BrFiltUp - ok
18:22:54.0923 4324 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:22:54.0923 4324 BridgeMP - ok
18:22:54.0933 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:22:54.0933 4324 Browser - ok
18:22:54.0953 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:54.0953 4324 Brserid - ok
18:22:54.0953 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:54.0953 4324 BrSerWdm - ok
18:22:54.0953 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:54.0963 4324 BrUsbMdm - ok
18:22:54.0973 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:54.0973 4324 BrUsbSer - ok
18:22:54.0973 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:22:54.0973 4324 BTHMODEM - ok
18:22:54.0993 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:22:54.0993 4324 bthserv - ok
18:22:54.0993 4324 catchme - ok
18:22:55.0003 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:55.0023 4324 cdfs - ok
18:22:55.0043 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:55.0043 4324 cdrom - ok
18:22:55.0083 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:22:55.0083 4324 CertPropSvc - ok
18:22:55.0093 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:22:55.0103 4324 circlass - ok
18:22:55.0113 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:55.0123 4324 CLFS - ok
18:22:55.0153 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:55.0153 4324 clr_optimization_v2.0.50727_32 - ok
18:22:55.0183 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:22:55.0193 4324 clr_optimization_v2.0.50727_64 - ok
18:22:55.0263 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:22:55.0353 4324 clr_optimization_v4.0.30319_32 - ok
18:22:55.0403 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:22:55.0413 4324 clr_optimization_v4.0.30319_64 - ok
18:22:55.0423 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:22:55.0423 4324 CmBatt - ok
18:22:55.0443 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:55.0443 4324 cmdide - ok
18:22:55.0483 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:22:55.0483 4324 CNG - ok
18:22:55.0483 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:22:55.0493 4324 Compbatt - ok
18:22:55.0523 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:22:55.0523 4324 CompositeBus - ok
18:22:55.0523 4324 COMSysApp - ok
18:22:55.0573 4324 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
18:22:55.0573 4324 cpuz135 - ok
18:22:55.0583 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:22:55.0583 4324 crcdisk - ok
18:22:55.0613 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:22:55.0613 4324 CryptSvc - ok
18:22:55.0853 4324 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe
18:22:55.0873 4324 CSIScanner - ok
18:22:55.0993 4324 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:22:55.0993 4324 cvhsvc - ok
18:22:56.0053 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:22:56.0063 4324 DcomLaunch - ok
18:22:56.0083 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:22:56.0083 4324 defragsvc - ok
18:22:56.0113 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:56.0123 4324 DfsC - ok
18:22:56.0153 4324 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
18:22:56.0163 4324 dg_ssudbus - ok
18:22:56.0193 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:22:56.0203 4324 Dhcp - ok
18:22:56.0203 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:56.0203 4324 discache - ok
18:22:56.0253 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:22:56.0253 4324 Disk - ok
18:22:56.0263 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:22:56.0273 4324 Dnscache - ok
18:22:56.0283 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:22:56.0283 4324 dot3svc - ok
18:22:56.0303 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:22:56.0303 4324 DPS - ok
18:22:56.0333 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:56.0333 4324 drmkaud - ok
18:22:56.0373 4324 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:22:56.0373 4324 dtsoftbus01 - ok
18:22:56.0413 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:56.0413 4324 DXGKrnl - ok
18:22:56.0453 4324 e1cexpress (426a0ae0b9f4f1cf4ba6faf4ee28e5b0) C:\Windows\system32\DRIVERS\e1c62x64.sys
18:22:56.0463 4324 e1cexpress - ok
18:22:56.0473 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:22:56.0473 4324 EapHost - ok
18:22:56.0543 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:22:56.0553 4324 ebdrv - ok
18:22:56.0593 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:22:56.0593 4324 EFS - ok
18:22:56.0633 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:22:56.0643 4324 ehRecvr - ok
18:22:56.0643 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:22:56.0643 4324 ehSched - ok
18:22:56.0693 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:22:56.0693 4324 elxstor - ok
18:22:56.0703 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:56.0703 4324 ErrDev - ok
18:22:56.0753 4324 esgiguard - ok
18:22:56.0783 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:22:56.0793 4324 EventSystem - ok
18:22:56.0813 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:56.0813 4324 exfat - ok
18:22:56.0833 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:56.0833 4324 fastfat - ok
18:22:56.0893 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:22:56.0903 4324 Fax - ok
18:22:56.0933 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:22:56.0933 4324 fdc - ok
18:22:56.0933 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:22:56.0943 4324 fdPHost - ok
18:22:56.0943 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:22:56.0943 4324 FDResPub - ok
18:22:56.0953 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:56.0963 4324 FileInfo - ok
18:22:56.0973 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:56.0973 4324 Filetrace - ok
18:22:57.0003 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:22:57.0003 4324 flpydisk - ok
18:22:57.0023 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:57.0023 4324 FltMgr - ok
18:22:57.0053 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:22:57.0053 4324 FontCache - ok
18:22:57.0093 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:22:57.0093 4324 FontCache3.0.0.0 - ok
18:22:57.0113 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:57.0113 4324 FsDepends - ok
18:22:57.0143 4324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:57.0143 4324 Fs_Rec - ok
18:22:57.0183 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:57.0183 4324 fvevol - ok
18:22:57.0223 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:22:57.0223 4324 gagp30kx - ok
18:22:57.0243 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:22:57.0243 4324 gpsvc - ok
18:22:57.0263 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:57.0263 4324 hcw85cir - ok
18:22:57.0313 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:57.0313 4324 HdAudAddService - ok
18:22:57.0363 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:57.0363 4324 HDAudBus - ok
18:22:57.0373 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:22:57.0373 4324 HidBatt - ok
18:22:57.0393 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:22:57.0393 4324 HidBth - ok
18:22:57.0403 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:22:57.0403 4324 HidIr - ok
18:22:57.0423 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:22:57.0423 4324 hidserv - ok
18:22:57.0453 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:57.0453 4324 HidUsb - ok
18:22:57.0523 4324 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
18:22:57.0523 4324 HiPatchService - ok
18:22:57.0543 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:22:57.0543 4324 hkmsvc - ok
18:22:57.0563 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:22:57.0573 4324 HomeGroupListener - ok
18:22:57.0593 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:22:57.0593 4324 HomeGroupProvider - ok
18:22:57.0623 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:57.0643 4324 HpSAMD - ok
18:22:57.0673 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:57.0683 4324 HTTP - ok
18:22:57.0753 4324 HWiNFO32 (f78ff50c486d530504b7d2bb36b1ed22) C:\Program Files\HWiNFO64\HWiNFO64A.SYS
18:22:57.0753 4324 HWiNFO32 - ok
18:22:57.0763 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:57.0763 4324 hwpolicy - ok
18:22:57.0773 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:57.0783 4324 i8042prt - ok
18:22:57.0833 4324 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
18:22:57.0833 4324 iaStor - ok
18:22:57.0943 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:57.0943 4324 iaStorV - ok
18:22:57.0993 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:22:58.0003 4324 idsvc - ok
18:22:58.0033 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:22:58.0033 4324 iirsp - ok
18:22:58.0093 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:22:58.0103 4324 IKEEXT - ok
18:22:58.0193 4324 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:58.0193 4324 IntcAzAudAddService - ok
18:22:58.0243 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:58.0243 4324 intelide - ok
18:22:58.0273 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:58.0273 4324 intelppm - ok
18:22:58.0313 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:22:58.0313 4324 IPBusEnum - ok
18:22:58.0323 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:58.0323 4324 IpFilterDriver - ok
18:22:58.0373 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:22:58.0373 4324 iphlpsvc - ok
18:22:58.0373 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:58.0373 4324 IPMIDRV - ok
18:22:58.0393 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:58.0393 4324 IPNAT - ok
18:22:58.0423 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:58.0423 4324 IRENUM - ok
18:22:58.0433 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:58.0433 4324 isapnp - ok
18:22:58.0453 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:58.0453 4324 iScsiPrt - ok
18:22:58.0493 4324 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys
18:22:58.0493 4324 JRAID - ok
18:22:58.0523 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:58.0523 4324 kbdclass - ok
18:22:58.0553 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:58.0553 4324 kbdhid - ok
18:22:58.0583 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:58.0583 4324 KeyIso - ok
18:22:58.0603 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:22:58.0603 4324 KSecDD - ok
18:22:58.0613 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:58.0623 4324 KSecPkg - ok
18:22:58.0623 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:58.0623 4324 ksthunk - ok
18:22:58.0703 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:22:58.0713 4324 KtmRm - ok
18:22:58.0743 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:22:58.0743 4324 LanmanServer - ok
18:22:58.0763 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:22:58.0763 4324 LanmanWorkstation - ok
18:22:58.0803 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:58.0813 4324 lltdio - ok
18:22:58.0823 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:22:58.0823 4324 lltdsvc - ok
18:22:58.0853 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:22:58.0853 4324 lmhosts - ok
18:22:58.0883 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:22:58.0883 4324 LSI_FC - ok
18:22:58.0893 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:22:58.0893 4324 LSI_SAS - ok
18:22:58.0903 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:22:58.0913 4324 LSI_SAS2 - ok
18:22:58.0923 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:22:58.0923 4324 LSI_SCSI - ok
18:22:58.0943 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:58.0943 4324 luafv - ok
18:22:59.0013 4324 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:22:59.0013 4324 MBAMProtector - ok
18:22:59.0083 4324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:59.0093 4324 MBAMService - ok
18:22:59.0113 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:22:59.0123 4324 Mcx2Svc - ok
18:22:59.0133 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:22:59.0133 4324 megasas - ok
18:22:59.0173 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:22:59.0173 4324 MegaSR - ok
18:22:59.0213 4324 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:22:59.0213 4324 MEIx64 - ok
18:22:59.0243 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:22:59.0243 4324 MMCSS - ok
18:22:59.0253 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:59.0253 4324 Modem - ok
18:22:59.0303 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:59.0303 4324 monitor - ok
18:22:59.0323 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:59.0323 4324 mouclass - ok
18:22:59.0343 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:59.0343 4324 mouhid - ok
18:22:59.0353 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:59.0353 4324 mountmgr - ok
18:22:59.0423 4324 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:22:59.0423 4324 MozillaMaintenance - ok
18:22:59.0443 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:59.0443 4324 mpio - ok
18:22:59.0463 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:59.0473 4324 mpsdrv - ok
18:22:59.0523 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:22:59.0533 4324 MpsSvc - ok
18:22:59.0543 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:59.0543 4324 MRxDAV - ok
18:22:59.0563 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:59.0563 4324 mrxsmb - ok
18:22:59.0573 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:59.0573 4324 mrxsmb10 - ok
18:22:59.0583 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:59.0583 4324 mrxsmb20 - ok
18:22:59.0593 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:59.0593 4324 msahci - ok
18:22:59.0633 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:59.0643 4324 msdsm - ok
18:22:59.0663 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:22:59.0663 4324 MSDTC - ok
18:22:59.0673 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:59.0673 4324 Msfs - ok
18:22:59.0683 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:59.0683 4324 mshidkmdf - ok
18:22:59.0693 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:59.0693 4324 msisadrv - ok
18:22:59.0723 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:22:59.0733 4324 MSiSCSI - ok
18:22:59.0733 4324 msiserver - ok
18:22:59.0743 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:59.0743 4324 MSKSSRV - ok
18:22:59.0753 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:59.0753 4324 MSPCLOCK - ok
18:22:59.0753 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:59.0753 4324 MSPQM - ok
18:22:59.0773 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:59.0773 4324 MsRPC - ok
18:22:59.0783 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:59.0783 4324 mssmbios - ok
18:22:59.0783 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:59.0783 4324 MSTEE - ok
18:22:59.0793 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:22:59.0793 4324 MTConfig - ok
18:22:59.0803 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:59.0803 4324 Mup - ok
18:22:59.0853 4324 mv91xx (4fad606c7aeb336e5aa4a005de09ca80) C:\Windows\system32\DRIVERS\mv91xx.sys
18:22:59.0853 4324 mv91xx - ok
18:22:59.0893 4324 mvs91xx (2e6a752e8bb8ff39b5dfccadd31f6c00) C:\Windows\system32\DRIVERS\mvs91xx.sys
18:22:59.0893 4324 mvs91xx - ok
18:22:59.0923 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:22:59.0933 4324 napagent - ok
18:22:59.0993 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:59.0993 4324 NativeWifiP - ok
18:23:00.0023 4324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:23:00.0033 4324 NDIS - ok
18:23:00.0073 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:23:00.0073 4324 NdisCap - ok
18:23:00.0083 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:00.0083 4324 NdisTapi - ok
18:23:00.0093 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:00.0093 4324 Ndisuio - ok
18:23:00.0113 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:00.0113 4324 NdisWan - ok
18:23:00.0153 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:23:00.0153 4324 NDProxy - ok
18:23:00.0173 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:23:00.0173 4324 NetBIOS - ok
18:23:00.0193 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:23:00.0193 4324 NetBT - ok
18:23:00.0213 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:00.0213 4324 Netlogon - ok
18:23:00.0263 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:23:00.0263 4324 Netman - ok
18:23:00.0383 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:00.0413 4324 NetMsmqActivator - ok
18:23:00.0413 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:00.0413 4324 NetPipeActivator - ok
18:23:00.0463 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:23:00.0463 4324 netprofm - ok
18:23:00.0463 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:00.0473 4324 NetTcpActivator - ok
18:23:00.0473 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:00.0473 4324 NetTcpPortSharing - ok
18:23:00.0533 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:23:00.0533 4324 nfrd960 - ok
18:23:00.0573 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:23:00.0583 4324 NlaSvc - ok
18:23:00.0623 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:23:00.0623 4324 Npfs - ok
18:23:00.0633 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:23:00.0633 4324 nsi - ok
18:23:00.0643 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:23:00.0643 4324 nsiproxy - ok
18:23:00.0673 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:23:00.0683 4324 Ntfs - ok
18:23:00.0743 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:23:00.0743 4324 Null - ok
18:23:00.0773 4324 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:23:00.0773 4324 nusb3hub - ok
18:23:00.0823 4324 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:23:00.0823 4324 nusb3xhc - ok
18:23:00.0873 4324 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
18:23:00.0873 4324 NVHDA - ok
18:23:01.0063 4324 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:23:01.0113 4324 nvlddmkm - ok
18:23:01.0163 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:23:01.0163 4324 nvraid - ok
18:23:01.0203 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:23:01.0203 4324 nvstor - ok
18:23:01.0253 4324 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
18:23:01.0263 4324 nvsvc - ok
18:23:01.0353 4324 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:23:01.0363 4324 nvUpdatusService - ok
18:23:01.0413 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:23:01.0413 4324 nv_agp - ok
18:23:01.0413 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:23:01.0413 4324 ohci1394 - ok
18:23:01.0483 4324 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:01.0483 4324 ose - ok
18:23:01.0573 4324 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:23:01.0613 4324 osppsvc - ok
18:23:01.0663 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:23:01.0663 4324 p2pimsvc - ok
18:23:01.0673 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:23:01.0683 4324 p2psvc - ok
18:23:01.0693 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:23:01.0693 4324 Parport - ok
18:23:01.0723 4324 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:23:01.0723 4324 partmgr - ok
18:23:01.0743 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:23:01.0753 4324 PcaSvc - ok
18:23:01.0763 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:23:01.0763 4324 pci - ok
18:23:01.0793 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:23:01.0793 4324 pciide - ok
18:23:01.0813 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:23:01.0813 4324 pcmcia - ok
18:23:01.0823 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:23:01.0823 4324 pcw - ok
18:23:01.0843 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:23:01.0853 4324 PEAUTH - ok
18:23:01.0933 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:23:01.0933 4324 PerfHost - ok
18:23:02.0163 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:23:02.0173 4324 pla - ok
18:23:02.0253 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:23:02.0253 4324 PlugPlay - ok
18:23:02.0283 4324 PnkBstrA - ok
18:23:02.0303 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:23:02.0313 4324 PNRPAutoReg - ok
18:23:02.0323 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:23:02.0323 4324 PNRPsvc - ok
18:23:02.0373 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:23:02.0373 4324 PolicyAgent - ok
18:23:02.0393 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:23:02.0393 4324 Power - ok
18:23:02.0433 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:23:02.0433 4324 PptpMiniport - ok
18:23:02.0443 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:23:02.0443 4324 Processor - ok
18:23:02.0473 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:23:02.0473 4324 ProfSvc - ok
18:23:02.0513 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:02.0513 4324 ProtectedStorage - ok
18:23:02.0553 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:23:02.0553 4324 Psched - ok
18:23:02.0583 4324 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
18:23:02.0583 4324 pxkbf - ok
18:23:02.0613 4324 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
18:23:02.0613 4324 pxrts - ok
18:23:02.0633 4324 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
18:23:02.0633 4324 pxscan - ok
18:23:02.0703 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:23:02.0713 4324 ql2300 - ok
18:23:02.0763 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:23:02.0763 4324 ql40xx - ok
18:23:02.0793 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:23:02.0803 4324 QWAVE - ok
18:23:02.0813 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:23:02.0813 4324 QWAVEdrv - ok
18:23:02.0833 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:23:02.0833 4324 RasAcd - ok
18:23:02.0863 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:02.0863 4324 RasAgileVpn - ok
18:23:02.0873 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:23:02.0873 4324 RasAuto - ok
18:23:02.0893 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:02.0893 4324 Rasl2tp - ok
18:23:02.0933 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:23:02.0933 4324 RasMan - ok
18:23:02.0953 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:02.0953 4324 RasPppoe - ok
18:23:02.0993 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:23:03.0003 4324 RasSstp - ok
18:23:03.0013 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:23:03.0023 4324 rdbss - ok
18:23:03.0033 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:23:03.0033 4324 rdpbus - ok
18:23:03.0043 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:03.0043 4324 RDPCDD - ok
18:23:03.0073 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:23:03.0073 4324 RDPENCDD - ok
18:23:03.0083 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:23:03.0083 4324 RDPREFMP - ok
18:23:03.0113 4324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:23:03.0123 4324 RDPWD - ok
18:23:03.0133 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:23:03.0143 4324 rdyboost - ok
18:23:03.0163 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:23:03.0163 4324 RemoteAccess - ok
18:23:03.0173 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:23:03.0173 4324 RemoteRegistry - ok
18:23:03.0183 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:23:03.0193 4324 RpcEptMapper - ok
18:23:03.0203 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:23:03.0203 4324 RpcLocator - ok
18:23:03.0283 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:23:03.0283 4324 RpcSs - ok
18:23:03.0303 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:23:03.0303 4324 rspndr - ok
18:23:03.0373 4324 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:23:03.0373 4324 RTCore64 - ok
18:23:03.0413 4324 RTL8169 (8b94a28ff36e0586117ac6b7c59f806a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:23:03.0423 4324 RTL8169 - ok
18:23:03.0423 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:03.0423 4324 SamSs - ok
18:23:03.0443 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:23:03.0443 4324 sbp2port - ok
18:23:03.0473 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:23:03.0473 4324 SCardSvr - ok
18:23:03.0483 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:23:03.0483 4324 scfilter - ok
18:23:03.0523 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:23:03.0533 4324 Schedule - ok
18:23:03.0543 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:23:03.0543 4324 SCPolicySvc - ok
18:23:03.0563 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:23:03.0563 4324 SDRSVC - ok
18:23:03.0613 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:23:03.0613 4324 secdrv - ok
18:23:03.0613 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:23:03.0623 4324 seclogon - ok
18:23:03.0623 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:23:03.0623 4324 SENS - ok
18:23:03.0633 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:23:03.0643 4324 SensrSvc - ok
18:23:03.0673 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:23:03.0673 4324 Serenum - ok
18:23:03.0703 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:23:03.0703 4324 Serial - ok
18:23:03.0743 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:23:03.0753 4324 sermouse - ok
18:23:03.0773 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:23:03.0773 4324 SessionEnv - ok
18:23:03.0783 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:23:03.0783 4324 sffdisk - ok
18:23:03.0793 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:23:03.0793 4324 sffp_mmc - ok
18:23:03.0803 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:23:03.0803 4324 sffp_sd - ok
18:23:03.0813 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:23:03.0813 4324 sfloppy - ok
18:23:03.0863 4324 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:23:03.0873 4324 Sftfs - ok
18:23:03.0923 4324 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:23:03.0923 4324 sftlist - ok
18:23:03.0953 4324 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:23:03.0953 4324 Sftplay - ok
18:23:03.0973 4324 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:23:03.0973 4324 Sftredir - ok
18:23:03.0983 4324 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:23:03.0983 4324 Sftvol - ok
18:23:04.0023 4324 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:23:04.0023 4324 sftvsa - ok
18:23:04.0063 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:23:04.0073 4324 SharedAccess - ok
18:23:04.0093 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:23:04.0093 4324 ShellHWDetection - ok
18:23:04.0123 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:23:04.0123 4324 SiSRaid2 - ok
18:23:04.0163 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:23:04.0163 4324 SiSRaid4 - ok
18:23:04.0213 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:23:04.0213 4324 Smb - ok
18:23:04.0253 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:23:04.0253 4324 SNMPTRAP - ok
18:23:04.0533 4324 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
18:23:04.0533 4324 speedfan - ok
18:23:04.0533 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:23:04.0533 4324 spldr - ok
18:23:04.0563 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:23:04.0563 4324 Spooler - ok
18:23:04.0613 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:23:04.0633 4324 sppsvc - ok
18:23:04.0683 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:23:04.0683 4324 sppuinotify - ok
18:23:04.0703 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:23:04.0703 4324 srv - ok
18:23:04.0723 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:23:04.0733 4324 srv2 - ok
18:23:04.0743 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:04.0743 4324 srvnet - ok
18:23:04.0813 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:23:04.0813 4324 SSDPSRV - ok
18:23:04.0843 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:23:04.0853 4324 SstpSvc - ok
18:23:04.0893 4324 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:23:04.0893 4324 ssudmdm - ok
18:23:04.0963 4324 Steam Client Service - ok
18:23:05.0073 4324 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:23:05.0073 4324 Stereo Service - ok
18:23:05.0113 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:23:05.0113 4324 stexstor - ok
18:23:05.0273 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:23:05.0283 4324 stisvc - ok
18:23:05.0293 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:23:05.0293 4324 swenum - ok
18:23:05.0313 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:23:05.0313 4324 swprv - ok
18:23:05.0343 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:23:05.0343 4324 SysMain - ok
18:23:05.0373 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:23:05.0373 4324 TabletInputService - ok
18:23:05.0433 4324 tap0901 (e965fc7627862779ba31a4fcb7d0c1ef) C:\Windows\system32\DRIVERS\tap0901.sys
18:23:05.0433 4324 tap0901 - ok
18:23:05.0453 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:23:05.0453 4324 TapiSrv - ok
18:23:05.0483 4324 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
18:23:05.0483 4324 tapoas - ok
18:23:05.0503 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:23:05.0503 4324 TBS - ok
18:23:05.0573 4324 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:23:05.0573 4324 Tcpip - ok
18:23:05.0613 4324 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:05.0613 4324 TCPIP6 - ok
18:23:05.0633 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:23:05.0633 4324 tcpipreg - ok
18:23:05.0643 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:23:05.0643 4324 TDPIPE - ok
18:23:05.0683 4324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:23:05.0683 4324 TDTCP - ok
18:23:05.0703 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:23:05.0703 4324 tdx - ok
18:23:05.0743 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:23:05.0743 4324 TermDD - ok
18:23:05.0763 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:23:05.0773 4324 TermService - ok
18:23:05.0783 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:23:05.0793 4324 Themes - ok
18:23:05.0813 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:23:05.0813 4324 THREADORDER - ok
18:23:05.0823 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:23:05.0823 4324 TrkWks - ok
18:23:05.0853 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:23:05.0853 4324 TrustedInstaller - ok
18:23:05.0863 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:05.0863 4324 tssecsrv - ok
18:23:05.0893 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:23:05.0903 4324 TsUsbFlt - ok
18:23:05.0903 4324 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:23:05.0903 4324 TsUsbGD - ok
18:23:05.0953 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:05.0953 4324 tunnel - ok
18:23:05.0963 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:23:05.0963 4324 uagp35 - ok
18:23:05.0983 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:23:05.0983 4324 udfs - ok
18:23:05.0993 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:23:05.0993 4324 UI0Detect - ok
18:23:06.0023 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:23:06.0023 4324 uliagpkx - ok
18:23:06.0063 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:23:06.0073 4324 umbus - ok
18:23:06.0103 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:23:06.0103 4324 UmPass - ok
18:23:06.0123 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:23:06.0133 4324 upnphost - ok
18:23:06.0163 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:06.0163 4324 usbccgp - ok
18:23:06.0183 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:23:06.0213 4324 usbcir - ok
18:23:06.0223 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:23:06.0223 4324 usbehci - ok
18:23:06.0243 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:23:06.0243 4324 usbhub - ok
18:23:06.0263 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:23:06.0263 4324 usbohci - ok
18:23:06.0263 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:23:06.0273 4324 usbprint - ok
18:23:06.0283 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:06.0283 4324 USBSTOR - ok
18:23:06.0293 4324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:23:06.0293 4324 usbuhci - ok
18:23:06.0303 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:23:06.0313 4324 UxSms - ok
18:23:06.0333 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:06.0333 4324 VaultSvc - ok
18:23:06.0343 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:23:06.0343 4324 vdrvroot - ok
18:23:06.0393 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:23:06.0393 4324 vds - ok
18:23:06.0413 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:06.0413 4324 vga - ok
18:23:06.0433 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:23:06.0433 4324 VgaSave - ok
18:23:06.0453 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:23:06.0453 4324 vhdmp - ok
18:23:06.0463 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:23:06.0463 4324 viaide - ok
18:23:06.0503 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:23:06.0503 4324 volmgr - ok
18:23:06.0533 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:23:06.0533 4324 volmgrx - ok
18:23:06.0643 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:23:06.0643 4324 volsnap - ok
18:23:06.0733 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:23:06.0743 4324 vsmraid - ok
18:23:06.0893 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:23:06.0893 4324 VSS - ok
18:23:06.0973 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:23:06.0973 4324 vwifibus - ok
18:23:06.0993 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:23:06.0993 4324 W32Time - ok
18:23:07.0003 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:23:07.0003 4324 WacomPen - ok
18:23:07.0043 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:07.0053 4324 WANARP - ok
18:23:07.0063 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:07.0063 4324 Wanarpv6 - ok
18:23:07.0113 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:23:07.0123 4324 WatAdminSvc - ok
18:23:07.0153 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:23:07.0163 4324 wbengine - ok
18:23:07.0183 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:23:07.0183 4324 WbioSrvc - ok
18:23:07.0213 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:23:07.0213 4324 wcncsvc - ok
18:23:07.0223 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:23:07.0223 4324 WcsPlugInService - ok
18:23:07.0233 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:23:07.0233 4324 Wd - ok
18:23:07.0253 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:23:07.0263 4324 Wdf01000 - ok
18:23:07.0283 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:23:07.0283 4324 WdiServiceHost - ok
18:23:07.0283 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:23:07.0283 4324 WdiSystemHost - ok
18:23:07.0303 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:23:07.0303 4324 WebClient - ok
18:23:07.0323 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:23:07.0333 4324 Wecsvc - ok
18:23:07.0343 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:23:07.0343 4324 wercplsupport - ok
18:23:07.0373 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:23:07.0383 4324 WerSvc - ok
18:23:07.0393 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:07.0393 4324 WfpLwf - ok
18:23:07.0403 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:23:07.0403 4324 WIMMount - ok
18:23:07.0453 4324 WinDefend - ok
18:23:07.0453 4324 WinHttpAutoProxySvc - ok
18:23:07.0503 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:23:07.0513 4324 Winmgmt - ok
18:23:07.0573 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:23:07.0583 4324 WinRM - ok
18:23:07.0633 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:23:07.0633 4324 WinUsb - ok
18:23:07.0663 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:23:07.0673 4324 Wlansvc - ok
18:23:07.0733 4324 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:23:07.0743 4324 wlcrasvc - ok
18:23:07.0793 4324 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:23:07.0803 4324 wlidsvc - ok
18:23:07.0843 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:07.0843 4324 WmiAcpi - ok
18:23:07.0873 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:23:07.0873 4324 wmiApSrv - ok
18:23:07.0903 4324 WMPNetworkSvc - ok
18:23:07.0943 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:23:07.0943 4324 WPCSvc - ok
18:23:07.0963 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:23:07.0963 4324 WPDBusEnum - ok
18:23:07.0973 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:07.0973 4324 ws2ifsl - ok
18:23:07.0993 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:23:07.0993 4324 wscsvc - ok
18:23:07.0993 4324 WSearch - ok
18:23:08.0043 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:23:08.0053 4324 wuauserv - ok
18:23:08.0073 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:23:08.0073 4324 WudfPf - ok
18:23:08.0093 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:08.0093 4324 WUDFRd - ok
18:23:08.0103 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:23:08.0103 4324 wudfsvc - ok
18:23:08.0123 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:23:08.0123 4324 WwanSvc - ok
18:23:08.0233 4324 X6va005 - ok
18:23:08.0283 4324 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
18:23:08.0283 4324 xusb21 - ok
18:23:08.0313 4324 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:23:08.0483 4324 \Device\Harddisk0\DR0 - ok
18:23:08.0483 4324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:23:09.0863 4324 \Device\Harddisk1\DR1 - ok
18:23:09.0863 4324 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
18:23:10.0373 4324 \Device\Harddisk2\DR2 - ok
18:23:10.0383 4324 Boot (0x1200) (3111a8822a90030fe4e5638b2f4679f5) \Device\Harddisk0\DR0\Partition0
18:23:10.0383 4324 \Device\Harddisk0\DR0\Partition0 - ok
18:23:10.0383 4324 Boot (0x1200) (b9f8c8dee9e096c85a5fbe7e14c3a535) \Device\Harddisk1\DR1\Partition0
18:23:10.0383 4324 \Device\Harddisk1\DR1\Partition0 - ok
18:23:10.0383 4324 Boot (0x1200) (5f60593161040ee5146569a5578bb143) \Device\Harddisk2\DR2\Partition0
18:23:10.0393 4324 \Device\Harddisk2\DR2\Partition0 - ok
18:23:10.0393 4324 ============================================================
18:23:10.0393 4324 Scan finished
18:23:10.0393 4324 ============================================================
18:23:10.0403 4504 Detected object count: 0
18:23:10.0403 4504 Actual detected object count: 0
18:23:16.0993 3688 Deinitialize success

Edited by trucane, 09 June 2012 - 11:24 AM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 11:33 AM

That looks much better now,

just a couple of more scans to make certain you are in the clear, then you should be good

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 09 June 2012 - 12:13 PM

MBAM showed up clean but the whole log was in swedish so i don't think there is any point in posting it.

The Eset scanner clearly will take 5+ hours so I'm gonna do that one over the night and I will be back tomorrow with the results of that one

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 AM

Posted 09 June 2012 - 01:29 PM

ok, thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 trucane

trucane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 10 June 2012 - 07:20 AM

ESETLOG:

C:\FRST\Quarantine\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\80000000.@ Win64/Sirefef.AE trojan
C:\FRST\Quarantine\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\FRST\Quarantine\{66a7571f-a123-1d16-4ae6-4da21bcb0c50}\U\80000064.@ Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
E:\backup\Users\Bobby\Documents\Mina mottagna filer\eac_updater.exe probably unknown NewHeur_PE virus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users