Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Patched_c.LXT trojan.


  • This topic is locked This topic is locked
19 replies to this topic

#1 Klasu

Klasu

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 09 June 2012 - 12:44 PM

Hey, I need help in removing patched_c.LXT trojan. scvhost.exe *32 is using almost 100% of processor.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Daemon at 20:32:48 on 2012-06-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.4094.2060 [GMT 3:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\TuneUp Utilities 2012\integrator.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"C:\Windows\SysWOW64\svchost.exe" -g no -t 3 -o http://great-0portunity.com:8344/ -u gyauyskdofk -p ppgzsysl
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daemon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\TuneUp Utilities 2012\RegistryCleaner.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:8118
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{813A4C3B-BA26-45F3-A22A-0F1B0E2769C7} : NameServer = 192.89.123.231,193.210.19.190
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
IFEO: spyhunter4.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IFEO-X64: spyhunter4.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-23 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-24 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-2-9 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-9 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S4 gupdate;Google Päivitä-palvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-27 116648]
S4 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-27 116648]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe --> C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [?]
S4 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
.
=============== Created Last 30 ================
.
2012-06-09 16:10:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-09 16:10:21 110080 ----a-r- C:\Users\Daemon\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-09 16:10:21 110080 ----a-r- C:\Users\Daemon\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-09 16:10:21 110080 ----a-r- C:\Users\Daemon\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-09 16:10:20 -------- d-----w- C:\sh4ldr
2012-06-09 16:10:20 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-09 16:09:13 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-09 16:09:03 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-09 15:59:59 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-09 15:59:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 15:52:23 388096 ----a-r- C:\Users\Daemon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 15:52:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-09 09:58:36 -------- d-----w- C:\Users\Daemon\AppData\Roaming\Malwarebytes
2012-06-09 09:58:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-09 09:58:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-09 09:58:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 07:51:51 -------- d-----w- C:\Program Files (x86)\Kalypso
2012-06-09 07:34:35 -------- d-----w- C:\Users\Daemon\AppData\Local\{EC45564E-5BF5-4B93-B00E-2B50ABAF2423}
2012-06-09 07:34:24 -------- d-----w- C:\Users\Daemon\AppData\Local\{A31397EC-0D90-4923-9285-A54CA2FF40FB}
2012-06-08 11:05:52 -------- d-----w- C:\Users\Daemon\AppData\Local\{43EAC5F2-7AC5-4B70-97E2-A5F19BB54C34}
2012-06-08 11:05:38 -------- d-----w- C:\Users\Daemon\AppData\Local\{E096DBD4-281D-4AF3-8EA6-55E17E22A39A}
2012-06-07 12:48:35 -------- d-----w- C:\Users\Daemon\AppData\Local\{544BB2F3-A3A5-4D89-BDF4-980003B9C1D4}
2012-06-07 12:48:23 -------- d-----w- C:\Users\Daemon\AppData\Local\{7DAAF4CF-0181-4F33-B1E1-D88B62BBE41C}
2012-06-06 14:51:19 -------- d-----w- C:\ProgramData\RELOADED
2012-06-06 13:00:30 -------- d-----w- C:\Users\Daemon\AppData\Local\{7D407F4E-A21E-4C77-88D5-C0C220A65D8C}
2012-06-06 13:00:19 -------- d-----w- C:\Users\Daemon\AppData\Local\{DC38D094-3D9C-4A18-82C7-36FA2428DEAA}
2012-06-05 12:42:40 -------- d-----w- C:\Users\Daemon\AppData\Local\{58E8EC86-C472-4484-B415-A6A8BDC5E680}
2012-06-05 12:42:28 -------- d-----w- C:\Users\Daemon\AppData\Local\{7C5D6121-8D05-409E-BAD0-1ECA426FEDB7}
2012-06-04 17:06:07 -------- d--h--w- C:\Windows\msdownld.tmp
2012-06-04 17:05:33 -------- d-----w- C:\Windows\SysWow64\directx
2012-06-04 12:05:55 -------- d-----w- C:\Users\Daemon\AppData\Local\{B2F84B26-6EF8-4476-9E6E-2C97ED8F7115}
2012-06-04 12:05:43 -------- d-----w- C:\Users\Daemon\AppData\Local\{F44E56C0-51FC-4B4A-AACC-6AFE9BDE2799}
2012-06-03 14:51:22 -------- d-----w- C:\Users\Daemon\AppData\Local\SKIDROW
2012-06-03 14:51:20 -------- d-----w- C:\Users\Daemon\AppData\Roaming\Sports Interactive
2012-06-03 14:51:20 -------- d-----w- C:\Users\Daemon\AppData\Local\Sports Interactive
2012-06-03 14:43:27 -------- d-----w- C:\Program Files (x86)\SEGA
2012-06-03 09:22:05 -------- d-----w- C:\Users\Daemon\AppData\Local\{8D1347D2-9A15-40BA-A074-6ACF129369AD}
2012-06-03 09:21:52 -------- d-----w- C:\Users\Daemon\AppData\Local\{C01338FE-48D9-4B70-BFFB-290EB3892264}
2012-06-02 17:14:52 -------- d-----w- C:\Users\Daemon\AppData\Local\{0BBA5ECC-D73D-405E-B82F-B7FFDF76E983}
2012-06-02 17:14:41 -------- d-----w- C:\Users\Daemon\AppData\Local\{324AEFCA-AE51-413F-B22E-1D6F431731D0}
2012-06-02 05:52:24 -------- d-----w- C:\yes
2012-06-02 05:14:26 -------- d-----w- C:\Users\Daemon\AppData\Local\{3693B905-EC47-4B1C-A3EA-9F9A3750B774}
2012-06-02 05:14:14 -------- d-----w- C:\Users\Daemon\AppData\Local\{22819529-3847-4527-BA4F-B39D2DD7E551}
2012-06-01 13:06:21 -------- d-----w- C:\Users\Daemon\AppData\Local\{994E2D85-810E-4216-8FD8-2901AB09AFA4}
2012-06-01 13:06:09 -------- d-----w- C:\Users\Daemon\AppData\Local\{DE3CBDEA-4A2A-41A8-BAD9-5D400AD763F5}
2012-05-31 12:38:49 -------- d-----w- C:\Users\Daemon\AppData\Local\{A2BDA991-86A1-4A9B-B2C2-535B5EA62594}
2012-05-31 12:38:36 -------- d-----w- C:\Users\Daemon\AppData\Local\{8E7EB554-EBE9-454E-A49C-05FE64C6316E}
2012-05-30 12:43:54 -------- d-----w- C:\Users\Daemon\AppData\Local\{C8FDB076-79BE-4AEA-AC43-3AAE04546887}
2012-05-30 12:43:40 -------- d-----w- C:\Users\Daemon\AppData\Local\{E87CECBA-302D-40CF-8F06-89C3AD5625DF}
2012-05-29 12:38:44 -------- d-----w- C:\Users\Daemon\AppData\Local\{13FE3EA7-0E78-419A-AD73-B5DAED0EAE54}
2012-05-29 12:38:31 -------- d-----w- C:\Users\Daemon\AppData\Local\{2BB4D36F-8FC0-4C57-9A08-68CBBDD8ACBA}
2012-05-28 13:30:48 -------- d-----w- C:\Windows\SysWow64\System32
2012-05-28 12:41:30 -------- d-----w- C:\Users\Daemon\AppData\Local\{D30AAA48-4C32-4D45-BE33-B500215A597A}
2012-05-28 12:41:18 -------- d-----w- C:\Users\Daemon\AppData\Local\{354959FB-924A-4CC6-B64F-6C43CDCBFB6A}
2012-05-27 08:00:10 -------- d-----w- C:\Users\Daemon\AppData\Local\{F76D36DB-809F-40A7-8E74-4572E0D77187}
2012-05-27 07:59:58 -------- d-----w- C:\Users\Daemon\AppData\Local\{2339C6EE-A3F2-4D2D-BE83-DF2A2FD3FBA1}
2012-05-26 08:04:32 -------- d-----w- C:\Users\Daemon\AppData\Local\{B2A4C5DE-1CAA-4EB3-9294-7E8B4F40B46E}
2012-05-26 08:04:19 -------- d-----w- C:\Users\Daemon\AppData\Local\{52449857-3A51-491E-8CEC-E0C84F6007A2}
2012-05-25 12:35:47 -------- d-----w- C:\Users\Daemon\AppData\Local\{86942A3D-ADD4-46D7-A6AF-DB5A767E10BF}
2012-05-25 12:35:35 -------- d-----w- C:\Users\Daemon\AppData\Local\{C6E7B368-2982-43FF-B199-7B2CA7EDE421}
2012-05-24 13:11:52 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-05-24 13:11:52 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-05-24 13:11:52 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-05-24 13:11:52 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-05-24 13:11:52 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-05-24 13:11:52 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-05-24 13:11:52 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-05-24 13:11:52 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-05-24 13:11:52 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-05-24 13:11:52 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-05-24 13:11:52 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-05-24 13:11:52 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-05-24 12:39:59 -------- d-----w- C:\Users\Daemon\AppData\Local\{52975BFE-A9CF-4D4D-80D3-ED0BDAB9A287}
2012-05-24 12:39:47 -------- d-----w- C:\Users\Daemon\AppData\Local\{C403D0CB-A7F8-459F-BAB6-F887F5442F94}
2012-05-23 13:51:27 -------- d-----w- C:\Users\Daemon\AppData\Roaming\f-secure
2012-05-23 13:51:20 -------- d-----w- C:\ProgramData\F-Secure
2012-05-23 13:47:48 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-23 12:47:12 -------- d-----w- C:\Users\Daemon\AppData\Local\{DF1C9778-8513-4E97-9997-493C34B64A37}
2012-05-23 12:47:00 -------- d-----w- C:\Users\Daemon\AppData\Local\{78064F47-6E3A-4AA0-B79A-11FB5FED8CED}
2012-05-22 12:47:19 -------- d-----w- C:\Users\Daemon\AppData\Local\{4CA364B8-38B3-4D70-B223-5CE2396834E0}
2012-05-22 12:47:07 -------- d-----w- C:\Users\Daemon\AppData\Local\{03EC4E87-9F41-470B-8D8E-73B398006D0C}
2012-05-21 12:36:22 -------- d-----w- C:\Users\Daemon\AppData\Local\{A843A3DB-2AC0-4D1C-8F71-1EE86CCA4889}
2012-05-21 12:36:08 -------- d-----w- C:\Users\Daemon\AppData\Local\{1A53D064-64A9-4725-B3B7-2FBB721CE172}
2012-05-20 18:46:17 -------- d-----w- C:\Users\Daemon\AppData\Local\{1343AA84-7C11-4570-A9E9-3C10833A5D7E}
2012-05-20 11:54:13 -------- d-----w- C:\Program Files (x86)\Cubemen
2012-05-20 06:45:51 -------- d-----w- C:\Users\Daemon\AppData\Local\{C3396561-59D2-4F08-8DC0-1C0FCCC0543A}
2012-05-20 06:45:39 -------- d-----w- C:\Users\Daemon\AppData\Local\{EC591327-28F6-401C-B593-C975651B3DCD}
2012-05-19 18:45:12 -------- d-----w- C:\Users\Daemon\AppData\Local\{6FBFD98B-35F2-43CF-B0E1-0F9571A30228}
2012-05-19 06:44:47 -------- d-----w- C:\Users\Daemon\AppData\Local\{8C9010F2-8119-4640-80BD-74511580DCC1}
2012-05-19 06:44:36 -------- d-----w- C:\Users\Daemon\AppData\Local\{7B55619C-972C-4067-BF53-8814E86F08D3}
2012-05-18 12:41:25 -------- d-----w- C:\Users\Daemon\AppData\Local\{7F900112-974D-47B3-9609-ACF7D4DE75A5}
2012-05-18 12:41:14 -------- d-----w- C:\Users\Daemon\AppData\Local\{3255AC06-60A1-4CDC-9B94-0B34E8DF8311}
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 08:03:20 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 07:52:22 -------- d-----w- C:\Users\Daemon\AppData\Local\{3CC647FD-4307-4277-8333-1466DFB092C8}
2012-05-17 07:52:11 -------- d-----w- C:\Users\Daemon\AppData\Local\{67709542-DA17-4825-92FF-4BE4CCD9A1CE}
2012-05-16 12:11:30 -------- d-----w- C:\Users\Daemon\AppData\Local\{C168776A-7360-43DF-8F47-50190A01C101}
2012-05-16 12:11:19 -------- d-----w- C:\Users\Daemon\AppData\Local\{92B5C851-5E29-4A4B-A3A9-76ABE3278E84}
2012-05-15 12:40:59 -------- d-----w- C:\Users\Daemon\AppData\Local\{6F944B45-7CB6-40F3-B64C-A03AA51275C8}
2012-05-15 12:40:48 -------- d-----w- C:\Users\Daemon\AppData\Local\{9F9BD54A-8DB7-404A-BC1A-F33E9F93D85C}
2012-05-14 23:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-14 12:38:38 -------- d-----w- C:\Users\Daemon\AppData\Local\{75DCD696-F3A0-4DDF-B4A2-426793BC1E5B}
2012-05-14 12:38:27 -------- d-----w- C:\Users\Daemon\AppData\Local\{42B60C2A-2E25-46C6-A3D0-48B548C07108}
2012-05-13 07:44:18 -------- d-----w- C:\Users\Daemon\AppData\Local\{170DEF48-17AC-4FF2-B8EA-0ADD065181ED}
2012-05-13 07:44:06 -------- d-----w- C:\Users\Daemon\AppData\Local\{93F7B202-16B8-49C6-B0D9-12C65ED42EED}
2012-05-12 18:55:51 -------- d-----w- C:\Users\Daemon\AppData\Local\{59E4E995-0DD0-4801-8507-B0C531B6648C}
2012-05-12 18:55:39 -------- d-----w- C:\Users\Daemon\AppData\Local\{8788191E-0242-4CDE-9846-6F32FF7F40A0}
2012-05-12 06:55:13 -------- d-----w- C:\Users\Daemon\AppData\Local\{F1C0CD93-8F71-464E-9F93-3BF4BA437576}
2012-05-12 06:55:02 -------- d-----w- C:\Users\Daemon\AppData\Local\{7B116910-A41E-4B2D-A48F-EDC149BF3FA2}
2012-05-11 12:34:34 -------- d-----w- C:\Users\Daemon\AppData\Local\{5AA18F0C-38C2-480E-BC0F-A04A2A002EA7}
2012-05-11 12:34:22 -------- d-----w- C:\Users\Daemon\AppData\Local\{0A7A4616-A7DD-41AB-A4D1-C2E2FB312E25}
.
==================== Find3M ====================
.
2012-06-02 09:56:18 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-05-15 10:48:00 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48:00 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 10:48:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 10:48:00 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 10:48:00 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-05-15 10:48:00 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-05-15 10:48:00 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-15 10:48:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-06 11:59:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-06 11:59:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-06 11:59:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-06 11:59:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-05 18:57:10 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:57:10 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:57:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 17:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-24 10:23:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-24 10:23:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-23 19:57:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 20:33:40,72 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 12:35 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 04:49 AM

Hey, thanks for the quick response.

I followed your instructions and here's the securitycheck log


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Thunderbird (12.0.1)
Google Chrome 18.0.1025.142
Google Chrome 18.0.1025.151
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
[/b][/b]

I'm not sure if I used the combofix program correctly.
I did disable my AVG and other security software. But when I ran the combofix.exe I just see it deleting something and then extracting. I don't know where to find the log file or if it is supposed to do something else after the extracting process. I tried it 3 times. I didn't get any report yet, so I assume it's supposed to do something.

I haven't had a single AVG threat pop up after these about the "patched_c.LXT" in services.exe though. And yes I have re-enabled AVG :). But the svchost.exe *32 still comes back in the task managers process list, hogging up the processor. Even if I kill it, it's back after a while. If it helps the process takes 7,4MB of RAM.

#4 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 04:52 AM

Ok I take my words back.

As soon as I had posted the above reply AVG detected the threat. I guess it didn't before because I was constantly killing the malicious process.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 05:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 12:39 PM

Hey!

Here are the logs


15:19:47.0183 3516 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:19:48.0633 3516 ============================================================
15:19:48.0633 3516 Current date / time: 2012/06/10 15:19:48.0633
15:19:48.0633 3516 SystemInfo:
15:19:48.0633 3516
15:19:48.0633 3516 OS Version: 6.1.7601 ServicePack: 1.0
15:19:48.0633 3516 Product type: Workstation
15:19:48.0633 3516 ComputerName: JONIWIN7
15:19:48.0633 3516 UserName: Daemon
15:19:48.0633 3516 Windows directory: C:\Windows
15:19:48.0633 3516 System windows directory: C:\Windows
15:19:48.0633 3516 Running under WOW64
15:19:48.0633 3516 Processor architecture: Intel x64
15:19:48.0633 3516 Number of processors: 3
15:19:48.0633 3516 Page size: 0x1000
15:19:48.0633 3516 Boot type: Normal boot
15:19:48.0633 3516 ============================================================
15:19:49.0493 3516 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:49.0493 3516 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:49.0513 3516 ============================================================
15:19:49.0513 3516 \Device\Harddisk0\DR0:
15:19:49.0513 3516 MBR partitions:
15:19:49.0513 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4912CA9A
15:19:49.0513 3516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x4912CAD9, BlocksNum 0x172A3E8
15:19:49.0513 3516 \Device\Harddisk1\DR1:
15:19:49.0513 3516 MBR partitions:
15:19:49.0513 3516 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:19:49.0513 3516 ============================================================
15:19:49.0533 3516 C: <-> \Device\Harddisk0\DR0\Partition0
15:19:49.0713 3516 D: <-> \Device\Harddisk0\DR0\Partition1
15:19:49.0733 3516 J: <-> \Device\Harddisk1\DR1\Partition0
15:19:49.0733 3516 ============================================================
15:19:49.0733 3516 Initialize success
15:19:49.0733 3516 ============================================================
15:20:26.0123 4952 ============================================================
15:20:26.0123 4952 Scan started
15:20:26.0123 4952 Mode: Manual;
15:20:26.0123 4952 ============================================================
15:20:27.0103 4952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:20:27.0103 4952 1394ohci - ok
15:20:27.0153 4952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:20:27.0163 4952 ACPI - ok
15:20:27.0183 4952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:20:27.0183 4952 AcpiPmi - ok
15:20:27.0243 4952 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:20:27.0243 4952 AdobeARMservice - ok
15:20:27.0493 4952 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:20:27.0493 4952 AdobeFlashPlayerUpdateSvc - ok
15:20:27.0563 4952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:20:27.0563 4952 adp94xx - ok
15:20:27.0593 4952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:20:27.0603 4952 adpahci - ok
15:20:27.0623 4952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:20:27.0623 4952 adpu320 - ok
15:20:27.0653 4952 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:20:27.0653 4952 AeLookupSvc - ok
15:20:27.0693 4952 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:20:27.0723 4952 AFD - ok
15:20:27.0763 4952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:20:27.0773 4952 agp440 - ok
15:20:27.0783 4952 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:20:27.0793 4952 ALG - ok
15:20:27.0813 4952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:20:27.0813 4952 aliide - ok
15:20:27.0813 4952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:20:27.0823 4952 amdide - ok
15:20:27.0843 4952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:20:27.0843 4952 AmdK8 - ok
15:20:27.0873 4952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:20:27.0873 4952 AmdPPM - ok
15:20:27.0893 4952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:20:27.0893 4952 amdsata - ok
15:20:27.0913 4952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:20:27.0923 4952 amdsbs - ok
15:20:27.0933 4952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:20:27.0943 4952 amdxata - ok
15:20:27.0973 4952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:20:27.0973 4952 AppID - ok
15:20:28.0003 4952 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:20:28.0003 4952 AppIDSvc - ok
15:20:28.0033 4952 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:20:28.0033 4952 Appinfo - ok
15:20:28.0103 4952 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:20:28.0113 4952 Apple Mobile Device - ok
15:20:28.0143 4952 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:20:28.0163 4952 AppMgmt - ok
15:20:28.0183 4952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:20:28.0183 4952 arc - ok
15:20:28.0193 4952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:20:28.0203 4952 arcsas - ok
15:20:28.0323 4952 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:20:28.0393 4952 aspnet_state - ok
15:20:28.0433 4952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:28.0433 4952 AsyncMac - ok
15:20:28.0473 4952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:20:28.0473 4952 atapi - ok
15:20:28.0533 4952 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:20:28.0543 4952 AudioEndpointBuilder - ok
15:20:28.0553 4952 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:20:28.0553 4952 AudioSrv - ok
15:20:28.0603 4952 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:20:28.0603 4952 Avgfwfd - ok
15:20:29.0653 4952 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
15:20:29.0693 4952 avgfws - ok
15:20:29.0933 4952 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:20:29.0963 4952 AVGIDSAgent - ok
15:20:30.0033 4952 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:20:30.0043 4952 AVGIDSDriver - ok
15:20:30.0053 4952 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:20:30.0053 4952 AVGIDSEH - ok
15:20:30.0063 4952 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:20:30.0063 4952 AVGIDSFilter - ok
15:20:30.0103 4952 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:20:30.0103 4952 Avgldx64 - ok
15:20:30.0113 4952 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:20:30.0113 4952 Avgmfx64 - ok
15:20:30.0133 4952 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:20:30.0133 4952 Avgrkx64 - ok
15:20:30.0163 4952 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:20:30.0163 4952 Avgtdia - ok
15:20:30.0203 4952 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:20:30.0203 4952 avgwd - ok
15:20:30.0243 4952 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:20:30.0243 4952 AxInstSV - ok
15:20:30.0323 4952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:20:30.0463 4952 b06bdrv - ok
15:20:30.0513 4952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:20:30.0543 4952 b57nd60a - ok
15:20:30.0613 4952 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:20:30.0613 4952 BDESVC - ok
15:20:30.0623 4952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:20:30.0623 4952 Beep - ok
15:20:30.0683 4952 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:20:30.0703 4952 BITS - ok
15:20:30.0753 4952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:30.0753 4952 blbdrive - ok
15:20:30.0833 4952 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:20:30.0833 4952 Bonjour Service - ok
15:20:30.0863 4952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:20:30.0863 4952 bowser - ok
15:20:30.0903 4952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:20:30.0903 4952 BrFiltLo - ok
15:20:30.0913 4952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:20:30.0913 4952 BrFiltUp - ok
15:20:30.0943 4952 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:20:30.0943 4952 BridgeMP - ok
15:20:30.0973 4952 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:20:30.0973 4952 Browser - ok
15:20:31.0003 4952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:20:31.0003 4952 Brserid - ok
15:20:31.0013 4952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:31.0013 4952 BrSerWdm - ok
15:20:31.0033 4952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:31.0033 4952 BrUsbMdm - ok
15:20:31.0043 4952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:31.0043 4952 BrUsbSer - ok
15:20:31.0063 4952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:20:31.0063 4952 BTHMODEM - ok
15:20:31.0113 4952 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:20:31.0113 4952 bthserv - ok
15:20:31.0123 4952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:20:31.0123 4952 cdfs - ok
15:20:31.0163 4952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:20:31.0183 4952 cdrom - ok
15:20:31.0213 4952 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:20:31.0213 4952 CertPropSvc - ok
15:20:31.0243 4952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:20:31.0243 4952 circlass - ok
15:20:31.0263 4952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:20:31.0273 4952 CLFS - ok
15:20:31.0443 4952 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:20:31.0443 4952 clr_optimization_v2.0.50727_32 - ok
15:20:31.0623 4952 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:20:31.0633 4952 clr_optimization_v2.0.50727_64 - ok
15:20:31.0663 4952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:31.0703 4952 clr_optimization_v4.0.30319_32 - ok
15:20:31.0723 4952 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:31.0743 4952 clr_optimization_v4.0.30319_64 - ok
15:20:31.0773 4952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:31.0773 4952 CmBatt - ok
15:20:31.0803 4952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:20:31.0803 4952 cmdide - ok
15:20:31.0833 4952 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:20:31.0843 4952 CNG - ok
15:20:31.0853 4952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:20:31.0853 4952 Compbatt - ok
15:20:31.0873 4952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:20:31.0873 4952 CompositeBus - ok
15:20:31.0893 4952 COMSysApp - ok
15:20:31.0913 4952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:31.0913 4952 crcdisk - ok
15:20:31.0953 4952 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:20:31.0963 4952 CryptSvc - ok
15:20:31.0993 4952 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:20:32.0003 4952 CSC - ok
15:20:32.0033 4952 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:20:32.0043 4952 CscService - ok
15:20:32.0113 4952 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:20:32.0123 4952 DcomLaunch - ok
15:20:32.0143 4952 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:20:32.0153 4952 defragsvc - ok
15:20:32.0213 4952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:20:32.0233 4952 DfsC - ok
15:20:32.0263 4952 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
15:20:32.0263 4952 dg_ssudbus - ok
15:20:32.0303 4952 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:20:32.0323 4952 Dhcp - ok
15:20:32.0353 4952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:20:32.0353 4952 discache - ok
15:20:32.0383 4952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:20:32.0383 4952 Disk - ok
15:20:32.0403 4952 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:20:32.0423 4952 Dnscache - ok
15:20:32.0453 4952 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:20:32.0483 4952 dot3svc - ok
15:20:32.0503 4952 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:20:32.0513 4952 DPS - ok
15:20:32.0553 4952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:20:32.0553 4952 drmkaud - ok
15:20:33.0193 4952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:20:33.0193 4952 DXGKrnl - ok
15:20:33.0213 4952 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:20:33.0243 4952 EapHost - ok
15:20:33.0643 4952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:20:33.0663 4952 ebdrv - ok
15:20:34.0253 4952 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:20:34.0253 4952 EFS - ok
15:20:34.0763 4952 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:20:34.0783 4952 ehRecvr - ok
15:20:34.0813 4952 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:20:34.0813 4952 ehSched - ok
15:20:35.0493 4952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:20:35.0493 4952 elxstor - ok
15:20:35.0523 4952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:20:35.0523 4952 ErrDev - ok
15:20:35.0613 4952 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
15:20:35.0613 4952 esgiguard - ok
15:20:35.0693 4952 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:20:35.0703 4952 EventSystem - ok
15:20:35.0733 4952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:20:35.0743 4952 exfat - ok
15:20:35.0773 4952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:20:35.0783 4952 fastfat - ok
15:20:35.0843 4952 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:20:35.0853 4952 Fax - ok
15:20:35.0873 4952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:20:35.0883 4952 fdc - ok
15:20:35.0943 4952 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:20:35.0953 4952 fdPHost - ok
15:20:35.0963 4952 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:20:35.0963 4952 FDResPub - ok
15:20:35.0973 4952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:20:35.0973 4952 FileInfo - ok
15:20:35.0983 4952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:20:35.0983 4952 Filetrace - ok
15:20:36.0003 4952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:36.0003 4952 flpydisk - ok
15:20:36.0043 4952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:20:36.0043 4952 FltMgr - ok
15:20:36.0203 4952 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:20:36.0233 4952 FontCache - ok
15:20:36.0343 4952 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:36.0343 4952 FontCache3.0.0.0 - ok
15:20:36.0423 4952 ForceWare Intelligent Application Manager (IAM) (b60df5324d7ea0c8017f4c5331962d59) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
15:20:36.0443 4952 ForceWare Intelligent Application Manager (IAM) - ok
15:20:36.0513 4952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:20:36.0523 4952 FsDepends - ok
15:20:36.0543 4952 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:20:36.0543 4952 Fs_Rec - ok
15:20:36.0783 4952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:20:36.0783 4952 fvevol - ok
15:20:36.0893 4952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:36.0893 4952 gagp30kx - ok
15:20:36.0923 4952 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:20:36.0923 4952 GEARAspiWDM - ok
15:20:36.0983 4952 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:20:36.0993 4952 gpsvc - ok
15:20:37.0063 4952 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:37.0063 4952 gupdate - ok
15:20:37.0073 4952 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:37.0083 4952 gupdatem - ok
15:20:37.0193 4952 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
15:20:37.0233 4952 HCW85BDA - ok
15:20:37.0343 4952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:20:37.0343 4952 hcw85cir - ok
15:20:37.0413 4952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:20:37.0433 4952 HdAudAddService - ok
15:20:37.0473 4952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:20:37.0473 4952 HDAudBus - ok
15:20:37.0483 4952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:37.0483 4952 HidBatt - ok
15:20:37.0503 4952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:20:37.0503 4952 HidBth - ok
15:20:37.0533 4952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:20:37.0533 4952 HidIr - ok
15:20:37.0553 4952 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:20:37.0553 4952 hidserv - ok
15:20:37.0593 4952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:20:37.0593 4952 HidUsb - ok
15:20:37.0633 4952 HiPatchService - ok
15:20:37.0673 4952 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:20:37.0673 4952 hkmsvc - ok
15:20:37.0703 4952 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:20:37.0713 4952 HomeGroupListener - ok
15:20:37.0763 4952 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:20:37.0783 4952 HomeGroupProvider - ok
15:20:37.0803 4952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:20:37.0803 4952 HpSAMD - ok
15:20:37.0863 4952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:20:37.0873 4952 HTTP - ok
15:20:37.0893 4952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:20:37.0893 4952 hwpolicy - ok
15:20:37.0933 4952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:20:37.0933 4952 i8042prt - ok
15:20:37.0963 4952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:20:37.0973 4952 iaStorV - ok
15:20:38.0233 4952 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:38.0243 4952 idsvc - ok
15:20:38.0293 4952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:20:38.0293 4952 iirsp - ok
15:20:38.0383 4952 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:20:38.0423 4952 IKEEXT - ok
15:20:39.0083 4952 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
15:20:39.0103 4952 IntcAzAudAddService - ok
15:20:39.0893 4952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:20:39.0903 4952 intelide - ok
15:20:39.0953 4952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:20:39.0953 4952 intelppm - ok
15:20:40.0023 4952 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:20:40.0023 4952 IPBusEnum - ok
15:20:40.0053 4952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:40.0053 4952 IpFilterDriver - ok
15:20:40.0113 4952 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:20:40.0123 4952 iphlpsvc - ok
15:20:40.0153 4952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:20:40.0183 4952 IPMIDRV - ok
15:20:40.0213 4952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:20:40.0213 4952 IPNAT - ok
15:20:40.0613 4952 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:20:40.0633 4952 iPod Service - ok
15:20:40.0693 4952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:20:40.0693 4952 IRENUM - ok
15:20:40.0713 4952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:20:40.0713 4952 isapnp - ok
15:20:40.0753 4952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:20:40.0773 4952 iScsiPrt - ok
15:20:40.0803 4952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:20:40.0803 4952 kbdclass - ok
15:20:40.0833 4952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:20:40.0833 4952 kbdhid - ok
15:20:40.0853 4952 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:40.0853 4952 KeyIso - ok
15:20:40.0873 4952 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:20:40.0873 4952 KSecDD - ok
15:20:41.0023 4952 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:20:41.0033 4952 KSecPkg - ok
15:20:41.0083 4952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:20:41.0093 4952 ksthunk - ok
15:20:41.0163 4952 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:20:41.0183 4952 KtmRm - ok
15:20:41.0213 4952 L8042Kbd (7d80a55b6d0c2a54728158e846f4696d) C:\Windows\system32\DRIVERS\L8042Kbd.sys
15:20:41.0213 4952 L8042Kbd - ok
15:20:41.0243 4952 L8042mou (40985c70ac469208ec010a72c2f72ed9) C:\Windows\system32\DRIVERS\L8042mou.Sys
15:20:41.0243 4952 L8042mou - ok
15:20:41.0293 4952 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:20:41.0303 4952 LanmanServer - ok
15:20:41.0323 4952 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:20:41.0333 4952 LanmanWorkstation - ok
15:20:41.0403 4952 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:20:41.0423 4952 LBTServ - ok
15:20:41.0463 4952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:20:41.0463 4952 lltdio - ok
15:20:41.0583 4952 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:20:41.0603 4952 lltdsvc - ok
15:20:41.0673 4952 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:20:41.0673 4952 lmhosts - ok
15:20:41.0713 4952 LMouKE (2ab80e1d548cacc409f8f4d5d945d219) C:\Windows\system32\DRIVERS\LMouKE.Sys
15:20:41.0713 4952 LMouKE - ok
15:20:41.0773 4952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:41.0773 4952 LSI_FC - ok
15:20:41.0793 4952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:41.0793 4952 LSI_SAS - ok
15:20:41.0803 4952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:41.0803 4952 LSI_SAS2 - ok
15:20:41.0823 4952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:41.0823 4952 LSI_SCSI - ok
15:20:41.0843 4952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:20:41.0843 4952 luafv - ok
15:20:41.0883 4952 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:20:41.0903 4952 Mcx2Svc - ok
15:20:41.0923 4952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:20:41.0923 4952 megasas - ok
15:20:41.0943 4952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:41.0953 4952 MegaSR - ok
15:20:41.0983 4952 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:20:41.0983 4952 MMCSS - ok
15:20:42.0003 4952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:20:42.0003 4952 Modem - ok
15:20:42.0043 4952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:20:42.0043 4952 monitor - ok
15:20:42.0073 4952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:20:42.0083 4952 mouclass - ok
15:20:42.0093 4952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:20:42.0093 4952 mouhid - ok
15:20:42.0113 4952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:20:42.0113 4952 mountmgr - ok
15:20:42.0153 4952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:20:42.0153 4952 mpio - ok
15:20:42.0183 4952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:20:42.0183 4952 mpsdrv - ok
15:20:42.0213 4952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:20:42.0213 4952 MRxDAV - ok
15:20:42.0233 4952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:42.0243 4952 mrxsmb - ok
15:20:42.0283 4952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:42.0303 4952 mrxsmb10 - ok
15:20:42.0353 4952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:42.0353 4952 mrxsmb20 - ok
15:20:42.0373 4952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:20:42.0373 4952 msahci - ok
15:20:42.0393 4952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:20:42.0403 4952 msdsm - ok
15:20:42.0433 4952 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:20:42.0443 4952 MSDTC - ok
15:20:42.0453 4952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:20:42.0453 4952 Msfs - ok
15:20:42.0463 4952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:20:42.0463 4952 mshidkmdf - ok
15:20:42.0473 4952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:20:42.0483 4952 msisadrv - ok
15:20:42.0513 4952 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:20:42.0523 4952 MSiSCSI - ok
15:20:42.0523 4952 msiserver - ok
15:20:42.0553 4952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:20:42.0563 4952 MSKSSRV - ok
15:20:42.0573 4952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:42.0583 4952 MSPCLOCK - ok
15:20:42.0603 4952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:20:42.0603 4952 MSPQM - ok
15:20:42.0633 4952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:20:42.0633 4952 MsRPC - ok
15:20:42.0683 4952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:20:42.0683 4952 mssmbios - ok
15:20:42.0703 4952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:20:42.0703 4952 MSTEE - ok
15:20:42.0703 4952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:42.0713 4952 MTConfig - ok
15:20:42.0733 4952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:20:42.0733 4952 Mup - ok
15:20:42.0773 4952 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:20:42.0793 4952 napagent - ok
15:20:42.0823 4952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:20:42.0833 4952 NativeWifiP - ok
15:20:42.0903 4952 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:20:42.0903 4952 NDIS - ok
15:20:42.0913 4952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:42.0913 4952 NdisCap - ok
15:20:42.0933 4952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:42.0933 4952 NdisTapi - ok
15:20:42.0963 4952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:42.0963 4952 Ndisuio - ok
15:20:42.0983 4952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:42.0983 4952 NdisWan - ok
15:20:43.0003 4952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:20:43.0003 4952 NDProxy - ok
15:20:43.0023 4952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:20:43.0023 4952 NetBIOS - ok
15:20:43.0043 4952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:20:43.0053 4952 NetBT - ok
15:20:43.0073 4952 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:43.0073 4952 Netlogon - ok
15:20:43.0113 4952 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:20:43.0123 4952 Netman - ok
15:20:43.0383 4952 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:43.0413 4952 NetMsmqActivator - ok
15:20:43.0433 4952 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:43.0433 4952 NetPipeActivator - ok
15:20:43.0453 4952 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:20:43.0463 4952 netprofm - ok
15:20:43.0463 4952 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:43.0463 4952 NetTcpActivator - ok
15:20:43.0473 4952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:43.0473 4952 NetTcpPortSharing - ok
15:20:43.0543 4952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:43.0553 4952 nfrd960 - ok
15:20:43.0613 4952 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:20:43.0653 4952 NlaSvc - ok
15:20:43.0653 4952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:20:43.0663 4952 Npfs - ok
15:20:43.0673 4952 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:20:43.0673 4952 nsi - ok
15:20:43.0683 4952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:20:43.0683 4952 nsiproxy - ok
15:20:43.0763 4952 nSvcIp (6324eef641c2b6d1b7ec423850b10f82) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
15:20:43.0783 4952 nSvcIp - ok
15:20:43.0873 4952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:20:43.0893 4952 Ntfs - ok
15:20:43.0983 4952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:20:43.0983 4952 Null - ok
15:20:44.0073 4952 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:20:44.0083 4952 NVENETFD - ok
15:20:46.0353 4952 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:20:46.0453 4952 nvlddmkm - ok
15:20:47.0053 4952 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:20:47.0053 4952 NVNET - ok
15:20:47.0093 4952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:20:47.0103 4952 nvraid - ok
15:20:47.0133 4952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:20:47.0143 4952 nvstor - ok
15:20:47.0163 4952 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
15:20:47.0163 4952 nvstor64 - ok
15:20:47.0233 4952 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
15:20:47.0243 4952 nvsvc - ok
15:20:47.0623 4952 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:20:47.0633 4952 nvUpdatusService - ok
15:20:48.0263 4952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:20:48.0273 4952 nv_agp - ok
15:20:48.0303 4952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:20:48.0303 4952 ohci1394 - ok
15:20:48.0343 4952 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:20:48.0353 4952 p2pimsvc - ok
15:20:48.0403 4952 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:20:48.0413 4952 p2psvc - ok
15:20:48.0483 4952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:20:48.0483 4952 Parport - ok
15:20:48.0583 4952 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:20:48.0583 4952 partmgr - ok
15:20:48.0873 4952 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:20:48.0873 4952 PcaSvc - ok
15:20:48.0893 4952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:20:48.0893 4952 pci - ok
15:20:48.0893 4952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:20:48.0903 4952 pciide - ok
15:20:48.0943 4952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:48.0943 4952 pcmcia - ok
15:20:48.0943 4952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:20:48.0943 4952 pcw - ok
15:20:49.0563 4952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:20:49.0573 4952 PEAUTH - ok
15:20:49.0863 4952 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:20:49.0883 4952 PeerDistSvc - ok
15:20:49.0963 4952 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:20:49.0973 4952 PerfHost - ok
15:20:50.0263 4952 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
15:20:50.0263 4952 PEVSystemStart - ok
15:20:50.0433 4952 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:20:50.0473 4952 pla - ok
15:20:50.0513 4952 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:20:50.0523 4952 PlugPlay - ok
15:20:50.0553 4952 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:20:50.0553 4952 PNRPAutoReg - ok
15:20:50.0583 4952 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:20:50.0583 4952 PNRPsvc - ok
15:20:50.0613 4952 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:20:50.0623 4952 PolicyAgent - ok
15:20:50.0673 4952 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:20:50.0683 4952 Power - ok
15:20:50.0743 4952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:20:50.0743 4952 PptpMiniport - ok
15:20:50.0773 4952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:20:50.0773 4952 Processor - ok
15:20:50.0793 4952 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:20:50.0813 4952 ProfSvc - ok
15:20:50.0823 4952 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:50.0823 4952 ProtectedStorage - ok
15:20:50.0853 4952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:20:50.0853 4952 Psched - ok
15:20:50.0943 4952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:20:50.0953 4952 ql2300 - ok
15:20:51.0033 4952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:51.0033 4952 ql40xx - ok
15:20:51.0073 4952 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:20:51.0083 4952 QWAVE - ok
15:20:51.0113 4952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:20:51.0113 4952 QWAVEdrv - ok
15:20:51.0133 4952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:20:51.0133 4952 RasAcd - ok
15:20:51.0173 4952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:51.0173 4952 RasAgileVpn - ok
15:20:51.0193 4952 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:20:51.0203 4952 RasAuto - ok
15:20:51.0223 4952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:51.0223 4952 Rasl2tp - ok
15:20:51.0243 4952 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:20:51.0253 4952 RasMan - ok
15:20:51.0263 4952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:51.0263 4952 RasPppoe - ok
15:20:51.0283 4952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:20:51.0283 4952 RasSstp - ok
15:20:51.0303 4952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:20:51.0323 4952 rdbss - ok
15:20:51.0323 4952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:51.0333 4952 rdpbus - ok
15:20:51.0333 4952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:51.0333 4952 RDPCDD - ok
15:20:51.0393 4952 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:20:51.0393 4952 RDPDR - ok
15:20:51.0413 4952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:20:51.0413 4952 RDPENCDD - ok
15:20:51.0423 4952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:20:51.0423 4952 RDPREFMP - ok
15:20:51.0463 4952 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:20:51.0463 4952 RdpVideoMiniport - ok
15:20:51.0483 4952 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:20:51.0493 4952 RDPWD - ok
15:20:51.0603 4952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:20:51.0603 4952 rdyboost - ok
15:20:51.0643 4952 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:20:51.0643 4952 RemoteAccess - ok
15:20:51.0663 4952 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:20:51.0673 4952 RemoteRegistry - ok
15:20:51.0943 4952 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:20:51.0963 4952 RpcEptMapper - ok
15:20:51.0983 4952 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:20:51.0983 4952 RpcLocator - ok
15:20:52.0233 4952 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:20:52.0233 4952 RpcSs - ok
15:20:52.0273 4952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:20:52.0273 4952 rspndr - ok
15:20:52.0313 4952 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
15:20:52.0313 4952 RSUSBSTOR - ok
15:20:52.0393 4952 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
15:20:52.0393 4952 RTCore64 - ok
15:20:52.0443 4952 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:20:52.0463 4952 s3cap - ok
15:20:52.0473 4952 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:20:52.0473 4952 SamSs - ok
15:20:52.0493 4952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:20:52.0503 4952 sbp2port - ok
15:20:52.0613 4952 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:20:52.0623 4952 SBSDWSCService - ok
15:20:53.0053 4952 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:20:53.0083 4952 SCardSvr - ok
15:20:53.0153 4952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:20:53.0153 4952 scfilter - ok
15:20:53.0233 4952 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:20:53.0253 4952 Schedule - ok
15:20:53.0333 4952 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:20:53.0333 4952 SCPolicySvc - ok
15:20:53.0553 4952 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:20:53.0563 4952 SDRSVC - ok
15:20:53.0663 4952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:20:53.0663 4952 secdrv - ok
15:20:53.0683 4952 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:20:53.0683 4952 seclogon - ok
15:20:53.0743 4952 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:20:53.0743 4952 SENS - ok
15:20:53.0753 4952 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:20:53.0763 4952 SensrSvc - ok
15:20:53.0783 4952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:20:53.0793 4952 Serenum - ok
15:20:53.0803 4952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:20:53.0813 4952 Serial - ok
15:20:53.0843 4952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:20:53.0853 4952 sermouse - ok
15:20:53.0893 4952 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:20:53.0913 4952 SessionEnv - ok
15:20:53.0933 4952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:20:53.0983 4952 sffdisk - ok
15:20:53.0993 4952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:20:53.0993 4952 sffp_mmc - ok
15:20:54.0013 4952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:20:54.0013 4952 sffp_sd - ok
15:20:54.0033 4952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:54.0033 4952 sfloppy - ok
15:20:54.0073 4952 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:20:54.0083 4952 ShellHWDetection - ok
15:20:54.0133 4952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:54.0133 4952 SiSRaid2 - ok
15:20:54.0143 4952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:54.0163 4952 SiSRaid4 - ok
15:20:54.0203 4952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:20:54.0203 4952 Smb - ok
15:20:54.0243 4952 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:20:54.0243 4952 SNMPTRAP - ok
15:20:54.0253 4952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:20:54.0263 4952 spldr - ok
15:20:54.0293 4952 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:20:54.0333 4952 Spooler - ok
15:20:54.0713 4952 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:20:54.0793 4952 sppsvc - ok
15:20:55.0003 4952 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:20:55.0013 4952 sppuinotify - ok
15:20:55.0063 4952 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:20:55.0063 4952 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:20:55.0073 4952 sptd ( LockedFile.Multi.Generic ) - warning
15:20:55.0073 4952 sptd - detected LockedFile.Multi.Generic (1)
15:20:55.0283 4952 SpyHunter 4 Service (36b143c5c4ef1fb0a59b3a712dd2cda1) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
15:20:55.0293 4952 SpyHunter 4 Service - ok
15:20:55.0363 4952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:20:55.0373 4952 srv - ok
15:20:55.0393 4952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:20:55.0393 4952 srv2 - ok
15:20:55.0403 4952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:20:55.0403 4952 srvnet - ok
15:20:55.0423 4952 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:20:55.0443 4952 SSDPSRV - ok
15:20:55.0463 4952 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:20:55.0473 4952 SstpSvc - ok
15:20:55.0503 4952 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:20:55.0513 4952 ssudmdm - ok
15:20:55.0553 4952 Steam Client Service - ok
15:20:55.0633 4952 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:20:55.0643 4952 Stereo Service - ok
15:20:55.0673 4952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:20:55.0673 4952 stexstor - ok
15:20:55.0753 4952 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:20:55.0763 4952 stisvc - ok
15:20:55.0793 4952 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:20:55.0793 4952 storflt - ok
15:20:55.0813 4952 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:20:55.0823 4952 storvsc - ok
15:20:55.0843 4952 SWDUMon (6525ee4b66cd3ba7a7e8122900ff23f1) C:\Windows\system32\DRIVERS\SWDUMon.sys
15:20:55.0843 4952 SWDUMon - ok
15:20:55.0863 4952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:20:55.0863 4952 swenum - ok
15:20:55.0903 4952 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:20:55.0913 4952 swprv - ok
15:20:55.0923 4952 Synth3dVsc - ok
15:20:56.0273 4952 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:20:56.0313 4952 SysMain - ok
15:20:56.0643 4952 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:20:56.0643 4952 TabletInputService - ok
15:20:56.0693 4952 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:20:56.0703 4952 TapiSrv - ok
15:20:56.0733 4952 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:20:56.0733 4952 TBS - ok
15:20:58.0213 4952 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:20:58.0233 4952 Tcpip - ok
15:21:00.0233 4952 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:21:00.0253 4952 TCPIP6 - ok
15:21:01.0303 4952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:21:01.0303 4952 tcpipreg - ok
15:21:01.0333 4952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:21:01.0343 4952 TDPIPE - ok
15:21:01.0373 4952 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:21:01.0373 4952 TDTCP - ok
15:21:01.0403 4952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:21:01.0403 4952 tdx - ok
15:21:01.0433 4952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:21:01.0433 4952 TermDD - ok
15:21:01.0493 4952 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:21:01.0513 4952 TermService - ok
15:21:01.0553 4952 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:21:01.0563 4952 Themes - ok
15:21:01.0583 4952 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:21:01.0583 4952 THREADORDER - ok
15:21:01.0603 4952 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:21:01.0603 4952 TrkWks - ok
15:21:01.0753 4952 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:21:01.0753 4952 TrustedInstaller - ok
15:21:01.0783 4952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:01.0783 4952 tssecsrv - ok
15:21:01.0803 4952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:21:01.0803 4952 TsUsbFlt - ok
15:21:01.0833 4952 tsusbhub - ok
15:21:03.0223 4952 TuneUp.UtilitiesSvc (dafeee8f55e0fa1567e734299ac0af06) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
15:21:03.0263 4952 TuneUp.UtilitiesSvc - ok
15:21:03.0363 4952 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
15:21:03.0363 4952 TuneUpUtilitiesDrv - ok
15:21:03.0453 4952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:21:03.0453 4952 tunnel - ok
15:21:03.0483 4952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:21:03.0493 4952 uagp35 - ok
15:21:03.0643 4952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:21:03.0673 4952 udfs - ok
15:21:03.0703 4952 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:21:03.0703 4952 UI0Detect - ok
15:21:03.0733 4952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:21:03.0743 4952 uliagpkx - ok
15:21:03.0773 4952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:21:03.0843 4952 umbus - ok
15:21:03.0863 4952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:21:03.0933 4952 UmPass - ok
15:21:04.0203 4952 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:21:04.0243 4952 UmRdpService - ok
15:21:04.0263 4952 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:21:04.0273 4952 upnphost - ok
15:21:04.0323 4952 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:21:04.0363 4952 usbaudio - ok
15:21:04.0383 4952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:04.0443 4952 usbccgp - ok
15:21:04.0473 4952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:21:04.0473 4952 usbcir - ok
15:21:04.0503 4952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:21:04.0553 4952 usbehci - ok
15:21:04.0573 4952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:21:04.0643 4952 usbhub - ok
15:21:04.0653 4952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:21:04.0723 4952 usbohci - ok
15:21:04.0753 4952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:21:04.0823 4952 usbprint - ok
15:21:04.0863 4952 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:21:04.0923 4952 usbscan - ok
15:21:04.0943 4952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:05.0013 4952 USBSTOR - ok
15:21:05.0023 4952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:21:05.0123 4952 usbuhci - ok
15:21:05.0143 4952 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:21:05.0143 4952 UxSms - ok
15:21:05.0163 4952 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:21:05.0173 4952 VaultSvc - ok
15:21:05.0203 4952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:21:05.0223 4952 vdrvroot - ok
15:21:05.0273 4952 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:21:05.0323 4952 vds - ok
15:21:05.0353 4952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:05.0393 4952 vga - ok
15:21:05.0413 4952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:21:05.0483 4952 VgaSave - ok
15:21:05.0493 4952 VGPU - ok
15:21:05.0993 4952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:21:06.0083 4952 vhdmp - ok
15:21:06.0113 4952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:21:06.0113 4952 viaide - ok
15:21:06.0133 4952 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:21:06.0143 4952 vmbus - ok
15:21:06.0163 4952 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:21:06.0163 4952 VMBusHID - ok
15:21:06.0183 4952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:21:06.0183 4952 volmgr - ok
15:21:06.0233 4952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:21:06.0233 4952 volmgrx - ok
15:21:06.0263 4952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:21:06.0323 4952 volsnap - ok
15:21:06.0373 4952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:21:06.0393 4952 vsmraid - ok
15:21:07.0623 4952 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:21:07.0663 4952 VSS - ok
15:21:07.0993 4952 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:21:07.0993 4952 vToolbarUpdater10.2.0 - ok
15:21:08.0233 4952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:21:08.0233 4952 vwifibus - ok
15:21:08.0583 4952 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:21:08.0603 4952 W32Time - ok
15:21:08.0623 4952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:21:08.0623 4952 WacomPen - ok
15:21:08.0673 4952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:08.0673 4952 WANARP - ok
15:21:08.0683 4952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:08.0683 4952 Wanarpv6 - ok
15:21:09.0243 4952 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:21:09.0293 4952 WatAdminSvc - ok
15:21:09.0533 4952 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:21:09.0563 4952 wbengine - ok
15:21:09.0783 4952 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:21:09.0783 4952 WbioSrvc - ok
15:21:09.0813 4952 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:21:09.0853 4952 wcncsvc - ok
15:21:09.0863 4952 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:21:09.0863 4952 WcsPlugInService - ok
15:21:09.0883 4952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:21:09.0903 4952 Wd - ok
15:21:09.0943 4952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:21:09.0943 4952 Wdf01000 - ok
15:21:10.0003 4952 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:21:10.0003 4952 WdiServiceHost - ok
15:21:10.0013 4952 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:21:10.0013 4952 WdiSystemHost - ok
15:21:10.0043 4952 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:21:10.0053 4952 WebClient - ok
15:21:10.0063 4952 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:21:10.0073 4952 Wecsvc - ok
15:21:10.0103 4952 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:21:10.0113 4952 wercplsupport - ok
15:21:10.0133 4952 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:21:10.0143 4952 WerSvc - ok
15:21:10.0163 4952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:10.0163 4952 WfpLwf - ok
15:21:10.0173 4952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:21:10.0183 4952 WIMMount - ok
15:21:10.0233 4952 WinDefend - ok
15:21:10.0243 4952 WinHttpAutoProxySvc - ok
15:21:10.0313 4952 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:21:10.0323 4952 Winmgmt - ok
15:21:10.0633 4952 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:21:10.0683 4952 WinRM - ok
15:21:11.0183 4952 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:11.0243 4952 WinUsb - ok
15:21:11.0513 4952 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:21:11.0613 4952 Wlansvc - ok
15:21:12.0253 4952 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:21:12.0293 4952 wlidsvc - ok
15:21:12.0383 4952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:21:12.0403 4952 WmiAcpi - ok
15:21:12.0473 4952 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:21:12.0473 4952 wmiApSrv - ok
15:21:12.0503 4952 WMPNetworkSvc - ok
15:21:12.0543 4952 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:21:12.0543 4952 WPCSvc - ok
15:21:12.0563 4952 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:21:12.0573 4952 WPDBusEnum - ok
15:21:12.0593 4952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:21:12.0593 4952 ws2ifsl - ok
15:21:12.0623 4952 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:21:12.0633 4952 wscsvc - ok
15:21:12.0633 4952 WSearch - ok
15:21:13.0673 4952 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:21:13.0723 4952 wuauserv - ok
15:21:14.0233 4952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:21:14.0233 4952 WudfPf - ok
15:21:14.0263 4952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:14.0313 4952 WUDFRd - ok
15:21:14.0333 4952 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:21:14.0343 4952 wudfsvc - ok
15:21:14.0373 4952 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:21:14.0403 4952 WwanSvc - ok
15:21:14.0443 4952 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
15:21:14.0503 4952 XENfiltv - ok
15:21:14.0533 4952 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:21:14.0533 4952 xusb21 - ok
15:21:14.0553 4952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:21:16.0273 4952 \Device\Harddisk0\DR0 - ok
15:21:16.0273 4952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:21:16.0283 4952 \Device\Harddisk1\DR1 - ok
15:21:16.0293 4952 Boot (0x1200) (e240205ec1eb5f546ae9485a52f815ca) \Device\Harddisk0\DR0\Partition0
15:21:16.0293 4952 \Device\Harddisk0\DR0\Partition0 - ok
15:21:16.0333 4952 Boot (0x1200) (1c8337925d07c2e120f5962b992b849a) \Device\Harddisk0\DR0\Partition1
15:21:16.0363 4952 \Device\Harddisk0\DR0\Partition1 - ok
15:21:16.0363 4952 Boot (0x1200) (da5def75bb81028110fdb12e54669dc1) \Device\Harddisk1\DR1\Partition0
15:21:16.0363 4952 \Device\Harddisk1\DR1\Partition0 - ok
15:21:16.0363 4952 ============================================================
15:21:16.0363 4952 Scan finished
15:21:16.0363 4952 ============================================================
15:21:16.0383 3664 Detected object count: 1
15:21:16.0383 3664 Actual detected object count: 1
15:22:11.0453 3664 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:22:11.0453 3664 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:25:09.0230 3832 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 17:42:43
-----------------------------
17:42:43.209 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:43.219 Number of processors: 3 586 0x203
17:42:43.219 ComputerName: JONIWIN7 UserName: Daemon
17:42:45.539 Initialize success
17:42:55.499 AVAST engine defs: 12061000
17:43:10.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
17:43:10.179 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
17:43:10.179 Disk 0 MBR read successfully
17:43:10.189 Disk 0 MBR scan
17:43:10.189 Disk 0 Windows 7 default MBR code
17:43:10.189 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 598617 MB offset 63
17:43:10.219 Disk 0 Partition 2 00 0C FAT32 LBA NTFS 11860 MB offset 1225968345
17:43:10.269 Disk 0 scanning C:\Windows\system32\drivers
17:43:18.809 Service scanning
17:43:37.569 Modules scanning
17:43:37.569 Disk 0 trace - called modules:
17:43:37.579 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80037982c0]<<spob.sys storport.sys hal.dll nvstor64.sys
17:43:37.589 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046a8060]
17:43:37.589 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003843490]
17:43:37.599 5 ACPI.sys[fffff880010577a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8003809060]
17:43:37.599 \Driver\nvstor64[0xfffffa8004531cc0] -> IRP_MJ_CREATE -> 0xfffffa80037982c0
17:43:39.089 AVAST engine scan C:\
20:34:47.365 Disk 0 MBR has been saved successfully to "C:\Users\Daemon\Desktop\MBR.dat"
20:34:47.370 The log file has been saved successfully to "C:\Users\Daemon\Desktop\aswMBR.txt"

My computers state is getting worse. services.exe and svchost.exe have now started to constantly use about 20% of processing power. And the svchost.exe *32 still launches itself constantly after killing it... and the longer it gets to run in the background the more unresponsive my computer gets. Killing it helps for a while.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 01:28 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 02:16 PM

Hi, here's the log

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 01
Ran by SYSTEM at 10-06-2012 22:08:22
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [982880 2012-03-24] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [684240 2012-06-10] (Webroot)
HKU\Daemon\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Daemon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Daemon\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-03] ()
HKU\Daemon\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955792 2012-05-03] (Samsung)
HKU\Daemon\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Daemon\...\Policies\system: [DisableCMD] 0
HKU\Daemon\...\Policies\system: [NoDispAppearancePage] 0
HKU\Daemon\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Daemon\...\Policies\system: [NoDispSettingsPage] 0
HKU\UpdatusUser\...\Policies\system: [DisableCMD] 0
HKU\UpdatusUser\...\Policies\system: [NoDispAppearancePage] 0
HKU\UpdatusUser\...\Policies\system: [NoDispBackgroundPage] 0
HKU\UpdatusUser\...\Policies\system: [NoDispSettingsPage] 0
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{813A4C3B-BA26-45F3-A22A-0F1B0E2769C7}: [NameServer]192.89.123.231,193.210.19.190
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)

==================== Services (Whitelisted) ======

2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2391832 2011-11-22] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-11] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-01] (AVG Technologies CZ, s.r.o.)
4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-04] ()
4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-04] ()
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-09] (TuneUp Software)
2 vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [918880 2012-03-24] ()
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [684240 2012-06-10] (Webroot)
4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-06] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-07] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-12] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
0 aZyOJfiL; C:\Windows\System32\Drivers\aZyOJfiL.sys [112656 2012-06-10] (Webroot)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 HCW85BDA; C:\Windows\System32\Drivers\HCW85BDA.sys [1708800 2009-07-14] (Hauppauge Computer Works)
4 KProcessHacker2; \??\C:\Program Files\Process Hacker 2\kprocesshacker.sys [36424 2011-08-25] (wj32)
3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [32536 2011-09-01] (Logitech, Inc.)
3 L8042mou; C:\Windows\System32\Drivers\L8042mou.sys [91416 2011-09-01] (Logitech, Inc.)
3 LMouKE; C:\Windows\System32\Drivers\LMouKE.sys [113944 2011-09-01] (Logitech, Inc.)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [349416 1999-12-31] (NVIDIA Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 1999-12-31] (Realtek Semiconductor Corp.)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-03-23] (Duplex Secure Ltd.)
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [15672 2012-06-02] ()
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112656 2012-06-10] (Webroot)
3 XENfiltv; C:\Windows\System32\Drivers\XENfiltv.sys [25600 2009-07-30] (Creative Technology Ltd.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 10:19 - 2012-06-10 10:05 - 00442927 ____A C:\Windows\System32\Drivers\etc\hosts.20120610-211920.backup
2012-06-10 10:17 - 2012-06-10 10:18 - 00203934 ____A C:\immudebug.log
2012-06-10 09:46 - 2012-06-10 09:46 - 00001801 ____A C:\Users\Daemon\Desktop\Process Hacker 2.lnk
2012-06-10 09:46 - 2012-06-10 09:46 - 00000000 ____D C:\Program Files\Process Hacker 2
2012-06-10 09:34 - 2012-06-10 09:34 - 00001761 ____A C:\Users\Daemon\Desktop\aswMBR.txt
2012-06-10 09:32 - 2012-06-10 09:32 - 00000000 ____D C:\Users\Daemon\AppData\Local\SvchostViewer
2012-06-10 09:17 - 2012-06-10 09:17 - 00001097 ____A C:\Users\Daemon\Desktop\DllSuite.lnk
2012-06-10 09:17 - 2012-06-10 09:17 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2012-06-10 07:02 - 2012-06-10 07:02 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\aZyOJfiL.sys
2012-06-10 06:50 - 2012-06-10 06:50 - 00000000 ____D C:\Users\Daemon\AppData\Local\lptmp288632729
2012-06-10 06:49 - 2012-06-10 10:12 - 00000000 ____D C:\Users\All Users\WRData
2012-06-10 06:49 - 2012-06-10 06:49 - 00148664 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-06-10 06:49 - 2012-06-10 06:49 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-06-10 06:49 - 2012-06-10 06:49 - 00101808 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-06-10 06:49 - 2012-06-10 06:49 - 00000000 ____D C:\Program Files\Webroot
2012-06-10 06:48 - 2012-06-10 06:48 - 00684240 ____A (Webroot) C:\Users\Daemon\Downloads\wsainstall.exe
2012-06-10 06:02 - 2012-06-10 06:02 - 00285416 ____A C:\Windows\Minidump\061012-49015-01.dmp
2012-06-10 06:02 - 2012-06-10 06:02 - 00000000 ____D C:\Windows\Minidump
2012-06-10 06:01 - 2012-06-10 06:01 - 402395439 ____A C:\Windows\MEMORY.DMP
2012-06-10 05:02 - 2012-06-10 05:02 - 00000412 ____A C:\Users\Daemon\AppData\Roaming\All CPU Meter_Settings.ini
2012-06-10 05:02 - 2012-06-10 05:02 - 00000352 ____A C:\Users\Daemon\AppData\Roaming\Network Meter_Settings.ini
2012-06-10 04:37 - 2012-06-10 09:34 - 00000512 ____A C:\Users\Daemon\Desktop\MBR.dat
2012-06-10 04:19 - 2012-06-10 04:25 - 00132892 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_15.19.47_log.txt
2012-06-10 04:19 - 2012-06-10 04:19 - 04731392 ____A (AVAST Software) C:\Users\Daemon\Desktop\aswMBR.exe
2012-06-10 04:19 - 2012-06-10 04:19 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Daemon\Desktop\tdsskiller.exe
2012-06-10 03:59 - 2012-06-10 03:59 - 00000000 ____D C:\Users\Daemon\Documents\Telltale Games - Copy
2012-06-10 01:30 - 2012-06-10 01:30 - 00000278 ____A C:\Windows\Tasks\MSIAfterburner.job
2012-06-10 01:23 - 2012-06-10 04:17 - 00000000 ___SD C:\32788R22FWJFW
2012-06-10 01:16 - 2012-06-10 01:16 - 04539885 ____R (Swearware) C:\Users\Daemon\Desktop\ComboFix.exe
2012-06-10 01:08 - 2012-06-10 01:08 - 00853862 ____A C:\Users\Daemon\Downloads\SecurityCheck.exe
2012-06-10 00:53 - 2012-06-10 00:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D9330788-2DBF-419A-B264-8F0A7762259A}
2012-06-10 00:53 - 2012-06-10 00:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A22935D0-43F7-4757-9C30-6F2EF2062A00}
2012-06-09 11:35 - 2012-06-09 11:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E477A212-5B2C-4D76-B778-5D8B7EF7F3BA}
2012-06-09 11:35 - 2012-06-09 11:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E3D91BDF-8F8D-482D-9252-7A753C30047C}
2012-06-09 08:17 - 2012-06-09 08:17 - 00005007 ____A C:\Users\Daemon\Downloads\[isoHunt] ff8a1b3ad83e9c028017702d6968f9b564942ae9.torrent
2012-06-09 08:10 - 2012-06-09 08:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-09 08:10 - 2012-06-09 08:10 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-09 08:07 - 2012-06-09 08:07 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Daemon\Downloads\SpyHunter-Installer.exe
2012-06-09 08:03 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120609-190347.backup
2012-06-09 07:59 - 2012-06-09 08:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 07:59 - 2012-06-09 08:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 07:58 - 2012-06-09 07:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Daemon\Downloads\spybotsd162.exe
2012-06-09 07:52 - 2012-06-09 07:52 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 07:51 - 2012-06-09 07:51 - 01402880 ____A C:\Users\Daemon\Downloads\HijackThis_v2.0.5-Beta.msi
2012-06-09 07:44 - 2012-06-09 07:44 - 00001372 ____A C:\Windows\PFRO.log
2012-06-09 01:58 - 2012-06-10 04:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-09 01:58 - 2012-06-10 04:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 01:58 - 2012-06-09 07:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 01:58 - 2012-06-09 01:58 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Malwarebytes
2012-06-09 01:58 - 2012-04-04 04:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-08 23:52 - 2012-06-08 23:52 - 00002137 ____A C:\Users\Public\Desktop\Bang Bang Racing.lnk
2012-06-08 23:51 - 2012-06-08 23:51 - 00000000 ____D C:\Program Files (x86)\Kalypso
2012-06-08 23:34 - 2012-06-08 23:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{EC45564E-5BF5-4B93-B00E-2B50ABAF2423}
2012-06-08 23:34 - 2012-06-08 23:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A31397EC-0D90-4923-9285-A54CA2FF40FB}
2012-06-08 03:05 - 2012-06-08 03:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{43EAC5F2-7AC5-4B70-97E2-A5F19BB54C34}
2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E096DBD4-281D-4AF3-8EA6-55E17E22A39A}
2012-06-07 04:48 - 2012-06-07 04:48 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7DAAF4CF-0181-4F33-B1E1-D88B62BBE41C}
2012-06-07 04:48 - 2012-06-07 04:48 - 00000000 ____D C:\Users\Daemon\AppData\Local\{544BB2F3-A3A5-4D89-BDF4-980003B9C1D4}
2012-06-06 07:05 - 2012-06-06 07:05 - 00000625 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-06-06 06:51 - 2012-06-06 07:15 - 00000000 ____D C:\Users\All Users\RELOADED
2012-06-06 06:51 - 2012-06-06 06:51 - 00000000 ____D C:\Users\Daemon\Documents\Telltale Games
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DC38D094-3D9C-4A18-82C7-36FA2428DEAA}
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7D407F4E-A21E-4C77-88D5-C0C220A65D8C}
2012-06-05 04:42 - 2012-06-05 04:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7C5D6121-8D05-409E-BAD0-1ECA426FEDB7}
2012-06-05 04:42 - 2012-06-05 04:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{58E8EC86-C472-4484-B415-A6A8BDC5E680}
2012-06-04 09:05 - 2012-06-04 09:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-04 04:05 - 2012-06-04 04:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B2F84B26-6EF8-4476-9E6E-2C97ED8F7115}
2012-06-04 04:05 - 2012-06-04 04:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F44E56C0-51FC-4B4A-AACC-6AFE9BDE2799}
2012-06-03 06:51 - 2012-06-08 23:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\SKIDROW
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Sports Interactive
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Daemon\AppData\Local\Sports Interactive
2012-06-03 06:47 - 2012-06-03 06:47 - 00018511 ____A C:\Windows\DirectX.log
2012-06-03 06:46 - 2012-06-03 06:46 - 00002063 ____A C:\Users\Public\Desktop\Football Manager 2012.lnk
2012-06-03 06:43 - 2012-06-03 06:43 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-03 01:22 - 2012-06-03 01:22 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8D1347D2-9A15-40BA-A074-6ACF129369AD}
2012-06-03 01:21 - 2012-06-10 06:01 - 00000784 ____A C:\Windows\setupact.log
2012-06-03 01:21 - 2012-06-03 01:22 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C01338FE-48D9-4B70-BFFB-290EB3892264}
2012-06-02 09:14 - 2012-06-02 09:15 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0BBA5ECC-D73D-405E-B82F-B7FFDF76E983}
2012-06-02 09:14 - 2012-06-02 09:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{324AEFCA-AE51-413F-B22E-1D6F431731D0}
2012-06-01 21:52 - 2012-06-04 04:51 - 00000000 ____D C:\yes
2012-06-01 21:14 - 2012-06-01 21:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3693B905-EC47-4B1C-A3EA-9F9A3750B774}
2012-06-01 21:14 - 2012-06-01 21:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{22819529-3847-4527-BA4F-B39D2DD7E551}
2012-06-01 05:06 - 2012-06-01 05:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DE3CBDEA-4A2A-41A8-BAD9-5D400AD763F5}
2012-06-01 05:06 - 2012-06-01 05:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{994E2D85-810E-4216-8FD8-2901AB09AFA4}
2012-05-31 04:38 - 2012-05-31 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A2BDA991-86A1-4A9B-B2C2-535B5EA62594}
2012-05-31 04:38 - 2012-05-31 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8E7EB554-EBE9-454E-A49C-05FE64C6316E}
2012-05-30 04:43 - 2012-05-30 04:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C8FDB076-79BE-4AEA-AC43-3AAE04546887}
2012-05-30 04:43 - 2012-05-30 04:43 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E87CECBA-302D-40CF-8F06-89C3AD5625DF}
2012-05-29 04:38 - 2012-05-29 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2BB4D36F-8FC0-4C57-9A08-68CBBDD8ACBA}
2012-05-29 04:38 - 2012-05-29 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{13FE3EA7-0E78-419A-AD73-B5DAED0EAE54}
2012-05-28 04:41 - 2012-05-28 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D30AAA48-4C32-4D45-BE33-B500215A597A}
2012-05-28 04:41 - 2012-05-28 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{354959FB-924A-4CC6-B64F-6C43CDCBFB6A}
2012-05-27 00:00 - 2012-05-27 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F76D36DB-809F-40A7-8E74-4572E0D77187}
2012-05-26 23:59 - 2012-05-27 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2339C6EE-A3F2-4D2D-BE83-DF2A2FD3FBA1}
2012-05-26 00:04 - 2012-05-26 00:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B2A4C5DE-1CAA-4EB3-9294-7E8B4F40B46E}
2012-05-26 00:04 - 2012-05-26 00:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\{52449857-3A51-491E-8CEC-E0C84F6007A2}
2012-05-25 04:35 - 2012-05-25 04:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C6E7B368-2982-43FF-B199-7B2CA7EDE421}
2012-05-25 04:35 - 2012-05-25 04:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{86942A3D-ADD4-46D7-A6AF-DB5A767E10BF}
2012-05-24 05:11 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-24 05:11 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-24 05:11 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-24 05:00 - 2012-05-24 05:02 - 168454136 ____A (NVIDIA Corporation) C:\Users\Daemon\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-24 04:48 - 2012-05-24 04:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-24 04:48 - 2012-05-24 04:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-24 04:39 - 2012-05-24 04:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{52975BFE-A9CF-4D4D-80D3-ED0BDAB9A287}
2012-05-24 04:39 - 2012-05-24 04:39 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C403D0CB-A7F8-459F-BAB6-F887F5442F94}
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\f-secure
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\All Users\F-Secure
2012-05-23 05:47 - 2012-05-23 05:47 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-23 04:47 - 2012-05-23 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DF1C9778-8513-4E97-9997-493C34B64A37}
2012-05-23 04:47 - 2012-05-23 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{78064F47-6E3A-4AA0-B79A-11FB5FED8CED}
2012-05-22 04:47 - 2012-05-22 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4CA364B8-38B3-4D70-B223-5CE2396834E0}
2012-05-22 04:47 - 2012-05-22 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{03EC4E87-9F41-470B-8D8E-73B398006D0C}
2012-05-21 04:36 - 2012-05-21 04:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A843A3DB-2AC0-4D1C-8F71-1EE86CCA4889}
2012-05-21 04:36 - 2012-05-21 04:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1A53D064-64A9-4725-B3B7-2FBB721CE172}
2012-05-20 10:46 - 2012-05-20 10:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1343AA84-7C11-4570-A9E9-3C10833A5D7E}
2012-05-20 03:54 - 2012-06-09 06:58 - 00000000 ____D C:\Program Files (x86)\Cubemen
2012-05-20 03:54 - 2012-05-20 03:54 - 00000991 ____A C:\Users\Daemon\Desktop\Cubemen.lnk
2012-05-19 22:45 - 2012-05-20 10:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{EC591327-28F6-401C-B593-C975651B3DCD}
2012-05-19 22:45 - 2012-05-19 22:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C3396561-59D2-4F08-8DC0-1C0FCCC0543A}
2012-05-19 10:45 - 2012-05-19 10:45 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6FBFD98B-35F2-43CF-B0E1-0F9571A30228}
2012-05-18 22:44 - 2012-05-19 10:45 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7B55619C-972C-4067-BF53-8814E86F08D3}
2012-05-18 22:44 - 2012-05-18 22:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8C9010F2-8119-4640-80BD-74511580DCC1}
2012-05-18 04:41 - 2012-05-18 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7F900112-974D-47B3-9609-ACF7D4DE75A5}
2012-05-18 04:41 - 2012-05-18 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3255AC06-60A1-4CDC-9B94-0B34E8DF8311}
2012-05-17 01:18 - 2012-05-17 01:18 - 00000000 ____D C:\Users\Daemon\Documents\Orcs Must Die
2012-05-17 00:03 - 2012-05-17 00:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-16 23:52 - 2012-05-16 23:52 - 00000000 ____D C:\Users\Daemon\AppData\Local\{67709542-DA17-4825-92FF-4BE4CCD9A1CE}
2012-05-16 23:52 - 2012-05-16 23:52 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3CC647FD-4307-4277-8333-1466DFB092C8}
2012-05-16 04:11 - 2012-05-16 04:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C168776A-7360-43DF-8F47-50190A01C101}
2012-05-16 04:11 - 2012-05-16 04:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{92B5C851-5E29-4A4B-A3A9-76ABE3278E84}
2012-05-15 04:40 - 2012-05-15 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6F944B45-7CB6-40F3-B64C-A03AA51275C8}
2012-05-15 04:40 - 2012-05-15 04:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9F9BD54A-8DB7-404A-BC1A-F33E9F93D85C}
2012-05-14 15:21 - 2012-05-14 15:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 04:38 - 2012-05-14 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{75DCD696-F3A0-4DDF-B4A2-426793BC1E5B}
2012-05-14 04:38 - 2012-05-14 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{42B60C2A-2E25-46C6-A3D0-48B548C07108}
2012-05-12 23:44 - 2012-05-12 23:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{93F7B202-16B8-49C6-B0D9-12C65ED42EED}
2012-05-12 23:44 - 2012-05-12 23:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{170DEF48-17AC-4FF2-B8EA-0ADD065181ED}
2012-05-12 10:55 - 2012-05-12 10:56 - 00000000 ____D C:\Users\Daemon\AppData\Local\{59E4E995-0DD0-4801-8507-B0C531B6648C}
2012-05-12 10:55 - 2012-05-12 10:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8788191E-0242-4CDE-9846-6F32FF7F40A0}
2012-05-11 22:55 - 2012-05-11 22:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F1C0CD93-8F71-464E-9F93-3BF4BA437576}
2012-05-11 22:55 - 2012-05-11 22:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7B116910-A41E-4B2D-A48F-EDC149BF3FA2}
2012-05-11 04:34 - 2012-05-11 04:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5AA18F0C-38C2-480E-BC0F-A04A2A002EA7}
2012-05-11 04:34 - 2012-05-11 04:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0A7A4616-A7DD-41AB-A4D1-C2E2FB312E25}


============ 3 Months Modified Files and Folders =============

2012-06-10 22:08 - 2012-06-10 22:08 - 00000000 ____D C:\FRST
2012-06-10 10:58 - 2012-03-23 06:21 - 01661101 ____A C:\Windows\WindowsUpdate.log
2012-06-10 10:57 - 2012-04-01 00:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 10:55 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 10:19 - 2009-07-13 18:34 - 00442927 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-10 10:18 - 2012-06-10 10:17 - 00203934 ____A C:\immudebug.log
2012-06-10 10:12 - 2012-06-10 06:49 - 00000000 ____D C:\Users\All Users\WRData
2012-06-10 10:05 - 2012-06-10 10:19 - 00442927 ____A C:\Windows\System32\Drivers\etc\hosts.20120610-211920.backup
2012-06-10 09:46 - 2012-06-10 09:46 - 00001801 ____A C:\Users\Daemon\Desktop\Process Hacker 2.lnk
2012-06-10 09:46 - 2012-06-10 09:46 - 00000000 ____D C:\Program Files\Process Hacker 2
2012-06-10 09:34 - 2012-06-10 09:34 - 00001761 ____A C:\Users\Daemon\Desktop\aswMBR.txt
2012-06-10 09:34 - 2012-06-10 04:37 - 00000512 ____A C:\Users\Daemon\Desktop\MBR.dat
2012-06-10 09:32 - 2012-06-10 09:32 - 00000000 ____D C:\Users\Daemon\AppData\Local\SvchostViewer
2012-06-10 09:22 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 09:22 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 09:17 - 2012-06-10 09:17 - 00001097 ____A C:\Users\Daemon\Desktop\DllSuite.lnk
2012-06-10 09:17 - 2012-06-10 09:17 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2012-06-10 08:07 - 2012-03-24 01:34 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\uTorrent
2012-06-10 07:56 - 2012-03-13 15:30 - 00000000 ____D C:\Torrents
2012-06-10 07:02 - 2012-06-10 07:02 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\aZyOJfiL.sys
2012-06-10 06:50 - 2012-06-10 06:50 - 00000000 ____D C:\Users\Daemon\AppData\Local\lptmp288632729
2012-06-10 06:49 - 2012-06-10 06:49 - 00148664 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-06-10 06:49 - 2012-06-10 06:49 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-06-10 06:49 - 2012-06-10 06:49 - 00101808 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-06-10 06:49 - 2012-06-10 06:49 - 00000000 ____D C:\Program Files\Webroot
2012-06-10 06:48 - 2012-06-10 06:48 - 00684240 ____A (Webroot) C:\Users\Daemon\Downloads\wsainstall.exe
2012-06-10 06:02 - 2012-06-10 06:02 - 00285416 ____A C:\Windows\Minidump\061012-49015-01.dmp
2012-06-10 06:02 - 2012-06-10 06:02 - 00000000 ____D C:\Windows\Minidump
2012-06-10 06:01 - 2012-06-10 06:01 - 402395439 ____A C:\Windows\MEMORY.DMP
2012-06-10 06:01 - 2012-06-03 01:21 - 00000784 ____A C:\Windows\setupact.log
2012-06-10 06:01 - 2012-03-23 07:36 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-10 06:01 - 2012-03-23 06:47 - 00000000 ____D C:\Users\Daemon\Tracing
2012-06-10 06:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 05:02 - 2012-06-10 05:02 - 00000412 ____A C:\Users\Daemon\AppData\Roaming\All CPU Meter_Settings.ini
2012-06-10 05:02 - 2012-06-10 05:02 - 00000352 ____A C:\Users\Daemon\AppData\Roaming\Network Meter_Settings.ini
2012-06-10 04:25 - 2012-06-10 04:19 - 00132892 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_15.19.47_log.txt
2012-06-10 04:19 - 2012-06-10 04:19 - 04731392 ____A (AVAST Software) C:\Users\Daemon\Desktop\aswMBR.exe
2012-06-10 04:19 - 2012-06-10 04:19 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Daemon\Desktop\tdsskiller.exe
2012-06-10 04:17 - 2012-06-10 01:23 - 00000000 ___SD C:\32788R22FWJFW
2012-06-10 04:10 - 2012-06-09 01:58 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 04:10 - 2012-06-09 01:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-10 04:01 - 2012-03-24 01:31 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\MiniLyrics
2012-06-10 03:59 - 2012-06-10 03:59 - 00000000 ____D C:\Users\Daemon\Documents\Telltale Games - Copy
2012-06-10 03:57 - 2012-03-14 10:03 - 00000000 ____D C:\Lyrics
2012-06-10 03:06 - 2012-03-23 09:02 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-10 01:30 - 2012-06-10 01:30 - 00000278 ____A C:\Windows\Tasks\MSIAfterburner.job
2012-06-10 01:29 - 2009-07-13 21:08 - 00028084 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 01:26 - 2012-03-26 05:20 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-06-10 01:16 - 2012-06-10 01:16 - 04539885 ____R (Swearware) C:\Users\Daemon\Desktop\ComboFix.exe
2012-06-10 01:08 - 2012-06-10 01:08 - 00853862 ____A C:\Users\Daemon\Downloads\SecurityCheck.exe
2012-06-10 00:56 - 2012-03-23 08:57 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-10 00:53 - 2012-06-10 00:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D9330788-2DBF-419A-B264-8F0A7762259A}
2012-06-10 00:53 - 2012-06-10 00:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A22935D0-43F7-4757-9C30-6F2EF2062A00}
2012-06-10 00:53 - 2012-03-23 10:51 - 00000000 ____D C:\Users\Daemon\AppData\Local\Windows Live
2012-06-09 11:35 - 2012-06-09 11:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E477A212-5B2C-4D76-B778-5D8B7EF7F3BA}
2012-06-09 11:35 - 2012-06-09 11:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E3D91BDF-8F8D-482D-9252-7A753C30047C}
2012-06-09 10:45 - 2012-03-23 07:34 - 00000000 ____D C:\Users\Daemon\Desktop\Ohjelmat
2012-06-09 08:48 - 2012-06-09 07:59 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 08:17 - 2012-06-09 08:17 - 00005007 ____A C:\Users\Daemon\Downloads\[isoHunt] ff8a1b3ad83e9c028017702d6968f9b564942ae9.torrent
2012-06-09 08:10 - 2012-06-09 08:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-09 08:10 - 2012-06-09 08:10 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-09 08:07 - 2012-06-09 08:07 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Daemon\Downloads\SpyHunter-Installer.exe
2012-06-09 08:01 - 2012-06-09 07:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 07:59 - 2012-06-09 07:58 - 16409960 ____A (Safer Networking Limited ) C:\Users\Daemon\Downloads\spybotsd162.exe
2012-06-09 07:52 - 2012-06-09 07:52 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 07:51 - 2012-06-09 07:51 - 01402880 ____A C:\Users\Daemon\Downloads\HijackThis_v2.0.5-Beta.msi
2012-06-09 07:44 - 2012-06-09 07:44 - 00001372 ____A C:\Windows\PFRO.log
2012-06-09 07:44 - 2012-06-09 01:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-09 07:44 - 2012-03-27 03:58 - 00001008 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-09 07:44 - 2012-03-27 03:58 - 00001004 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 06:58 - 2012-05-20 03:54 - 00000000 ____D C:\Program Files (x86)\Cubemen
2012-06-09 01:58 - 2012-06-09 01:58 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Malwarebytes
2012-06-08 23:53 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Daemon\AppData\Local\SKIDROW
2012-06-08 23:52 - 2012-06-08 23:52 - 00002137 ____A C:\Users\Public\Desktop\Bang Bang Racing.lnk
2012-06-08 23:51 - 2012-06-08 23:51 - 00000000 ____D C:\Program Files (x86)\Kalypso
2012-06-08 23:34 - 2012-06-08 23:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{EC45564E-5BF5-4B93-B00E-2B50ABAF2423}
2012-06-08 23:34 - 2012-06-08 23:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A31397EC-0D90-4923-9285-A54CA2FF40FB}
2012-06-08 03:06 - 2012-06-08 03:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{43EAC5F2-7AC5-4B70-97E2-A5F19BB54C34}
2012-06-08 03:05 - 2012-06-08 03:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E096DBD4-281D-4AF3-8EA6-55E17E22A39A}
2012-06-07 04:48 - 2012-06-07 04:48 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7DAAF4CF-0181-4F33-B1E1-D88B62BBE41C}
2012-06-07 04:48 - 2012-06-07 04:48 - 00000000 ____D C:\Users\Daemon\AppData\Local\{544BB2F3-A3A5-4D89-BDF4-980003B9C1D4}
2012-06-06 07:15 - 2012-06-06 06:51 - 00000000 ____D C:\Users\All Users\RELOADED
2012-06-06 07:05 - 2012-06-06 07:05 - 00000625 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-06-06 07:05 - 2012-03-14 03:07 - 00000000 ____D C:\Games
2012-06-06 06:51 - 2012-06-06 06:51 - 00000000 ____D C:\Users\Daemon\Documents\Telltale Games
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DC38D094-3D9C-4A18-82C7-36FA2428DEAA}
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7D407F4E-A21E-4C77-88D5-C0C220A65D8C}
2012-06-05 04:42 - 2012-06-05 04:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7C5D6121-8D05-409E-BAD0-1ECA426FEDB7}
2012-06-05 04:42 - 2012-06-05 04:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{58E8EC86-C472-4484-B415-A6A8BDC5E680}
2012-06-04 09:06 - 2012-06-04 09:05 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-04 09:01 - 2012-04-08 04:53 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\vlc
2012-06-04 04:51 - 2012-06-01 21:52 - 00000000 ____D C:\yes
2012-06-04 04:06 - 2012-06-04 04:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B2F84B26-6EF8-4476-9E6E-2C97ED8F7115}
2012-06-04 04:05 - 2012-06-04 04:05 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F44E56C0-51FC-4B4A-AACC-6AFE9BDE2799}
2012-06-03 08:47 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\FIFA 12
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Sports Interactive
2012-06-03 06:51 - 2012-06-03 06:51 - 00000000 ____D C:\Users\Daemon\AppData\Local\Sports Interactive
2012-06-03 06:47 - 2012-06-03 06:47 - 00018511 ____A C:\Windows\DirectX.log
2012-06-03 06:46 - 2012-06-03 06:46 - 00002063 ____A C:\Users\Public\Desktop\Football Manager 2012.lnk
2012-06-03 06:43 - 2012-06-03 06:43 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-06-03 05:27 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\Settlers7
2012-06-03 01:22 - 2012-06-03 01:22 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8D1347D2-9A15-40BA-A074-6ACF129369AD}
2012-06-03 01:22 - 2012-06-03 01:21 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C01338FE-48D9-4B70-BFFB-290EB3892264}
2012-06-02 09:15 - 2012-06-02 09:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0BBA5ECC-D73D-405E-B82F-B7FFDF76E983}
2012-06-02 09:14 - 2012-06-02 09:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{324AEFCA-AE51-413F-B22E-1D6F431731D0}
2012-06-02 01:57 - 2012-03-23 08:09 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-02 01:56 - 2012-03-28 00:17 - 00015672 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2012-06-01 21:14 - 2012-06-01 21:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3693B905-EC47-4B1C-A3EA-9F9A3750B774}
2012-06-01 21:14 - 2012-06-01 21:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{22819529-3847-4527-BA4F-B39D2DD7E551}
2012-06-01 05:06 - 2012-06-01 05:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DE3CBDEA-4A2A-41A8-BAD9-5D400AD763F5}
2012-06-01 05:06 - 2012-06-01 05:06 - 00000000 ____D C:\Users\Daemon\AppData\Local\{994E2D85-810E-4216-8FD8-2901AB09AFA4}
2012-05-31 04:38 - 2012-05-31 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A2BDA991-86A1-4A9B-B2C2-535B5EA62594}
2012-05-31 04:38 - 2012-05-31 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8E7EB554-EBE9-454E-A49C-05FE64C6316E}
2012-05-30 04:45 - 2012-04-29 00:29 - 00000000 ____D C:\Users\Daemon\Documents\SelfMV
2012-05-30 04:44 - 2012-05-30 04:43 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C8FDB076-79BE-4AEA-AC43-3AAE04546887}
2012-05-30 04:43 - 2012-05-30 04:43 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E87CECBA-302D-40CF-8F06-89C3AD5625DF}
2012-05-29 05:59 - 2012-04-07 00:20 - 00000000 ____D C:\Users\Daemon\Desktop\New folder
2012-05-29 04:38 - 2012-05-29 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2BB4D36F-8FC0-4C57-9A08-68CBBDD8ACBA}
2012-05-29 04:38 - 2012-05-29 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{13FE3EA7-0E78-419A-AD73-B5DAED0EAE54}
2012-05-28 05:35 - 2012-03-23 07:28 - 00764302 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-28 04:41 - 2012-05-28 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D30AAA48-4C32-4D45-BE33-B500215A597A}
2012-05-28 04:41 - 2012-05-28 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{354959FB-924A-4CC6-B64F-6C43CDCBFB6A}
2012-05-27 11:53 - 2012-03-23 06:47 - 00002106 ____A C:\Users\Daemon\.swfinfo
2012-05-27 00:00 - 2012-05-27 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F76D36DB-809F-40A7-8E74-4572E0D77187}
2012-05-27 00:00 - 2012-05-26 23:59 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2339C6EE-A3F2-4D2D-BE83-DF2A2FD3FBA1}
2012-05-26 00:04 - 2012-05-26 00:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B2A4C5DE-1CAA-4EB3-9294-7E8B4F40B46E}
2012-05-26 00:04 - 2012-05-26 00:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\{52449857-3A51-491E-8CEC-E0C84F6007A2}
2012-05-25 04:35 - 2012-05-25 04:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C6E7B368-2982-43FF-B199-7B2CA7EDE421}
2012-05-25 04:35 - 2012-05-25 04:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{86942A3D-ADD4-46D7-A6AF-DB5A767E10BF}
2012-05-24 05:13 - 2012-03-23 07:37 - 00000000 ____D C:\users\UpdatusUser
2012-05-24 05:12 - 2012-03-23 07:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-24 05:02 - 2012-05-24 05:00 - 168454136 ____A (NVIDIA Corporation) C:\Users\Daemon\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-24 04:48 - 2012-05-24 04:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-24 04:48 - 2012-05-24 04:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-24 04:40 - 2012-05-24 04:39 - 00000000 ____D C:\Users\Daemon\AppData\Local\{52975BFE-A9CF-4D4D-80D3-ED0BDAB9A287}
2012-05-24 04:39 - 2012-05-24 04:39 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C403D0CB-A7F8-459F-BAB6-F887F5442F94}
2012-05-23 06:27 - 2012-03-23 08:12 - 00000000 ____D C:\Program Files (x86)\Origin
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\f-secure
2012-05-23 05:51 - 2012-05-23 05:51 - 00000000 ____D C:\Users\All Users\F-Secure
2012-05-23 05:51 - 2012-03-23 09:04 - 00000000 ____D C:\Program Files (x86)\Opera
2012-05-23 05:47 - 2012-05-23 05:47 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-23 04:47 - 2012-05-23 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DF1C9778-8513-4E97-9997-493C34B64A37}
2012-05-23 04:47 - 2012-05-23 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{78064F47-6E3A-4AA0-B79A-11FB5FED8CED}
2012-05-22 04:47 - 2012-05-22 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4CA364B8-38B3-4D70-B223-5CE2396834E0}
2012-05-22 04:47 - 2012-05-22 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{03EC4E87-9F41-470B-8D8E-73B398006D0C}
2012-05-21 04:36 - 2012-05-21 04:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A843A3DB-2AC0-4D1C-8F71-1EE86CCA4889}
2012-05-21 04:36 - 2012-05-21 04:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1A53D064-64A9-4725-B3B7-2FBB721CE172}
2012-05-20 10:46 - 2012-05-20 10:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1343AA84-7C11-4570-A9E9-3C10833A5D7E}
2012-05-20 10:46 - 2012-05-19 22:45 - 00000000 ____D C:\Users\Daemon\AppData\Local\{EC591327-28F6-401C-B593-C975651B3DCD}
2012-05-20 03:54 - 2012-05-20 03:54 - 00000991 ____A C:\Users\Daemon\Desktop\Cubemen.lnk
2012-05-19 22:46 - 2012-05-19 22:45 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C3396561-59D2-4F08-8DC0-1C0FCCC0543A}
2012-05-19 10:45 - 2012-05-19 10:45 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6FBFD98B-35F2-43CF-B0E1-0F9571A30228}
2012-05-19 10:45 - 2012-05-18 22:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7B55619C-972C-4067-BF53-8814E86F08D3}
2012-05-18 22:44 - 2012-05-18 22:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8C9010F2-8119-4640-80BD-74511580DCC1}
2012-05-18 22:44 - 2012-03-24 01:34 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-18 04:41 - 2012-05-18 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7F900112-974D-47B3-9609-ACF7D4DE75A5}
2012-05-18 04:41 - 2012-05-18 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3255AC06-60A1-4CDC-9B94-0B34E8DF8311}
2012-05-17 01:18 - 2012-05-17 01:18 - 00000000 ____D C:\Users\Daemon\Documents\Orcs Must Die
2012-05-17 00:03 - 2012-05-17 00:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-16 23:52 - 2012-05-16 23:52 - 00000000 ____D C:\Users\Daemon\AppData\Local\{67709542-DA17-4825-92FF-4BE4CCD9A1CE}
2012-05-16 23:52 - 2012-05-16 23:52 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3CC647FD-4307-4277-8333-1466DFB092C8}
2012-05-16 04:11 - 2012-05-16 04:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C168776A-7360-43DF-8F47-50190A01C101}
2012-05-16 04:11 - 2012-05-16 04:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{92B5C851-5E29-4A4B-A3A9-76ABE3278E84}
2012-05-15 08:16 - 2012-03-23 07:32 - 00000000 ____D C:\Users\Daemon\Documents\Vastaanotetut tiedostot
2012-05-15 04:41 - 2012-05-15 04:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6F944B45-7CB6-40F3-B64C-A03AA51275C8}
2012-05-15 04:40 - 2012-05-15 04:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9F9BD54A-8DB7-404A-BC1A-F33E9F93D85C}
2012-05-15 02:48 - 2012-05-24 05:11 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-24 05:11 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-24 05:11 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-03-23 07:35 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2009-06-10 12:37 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 01:29 - 2012-03-23 07:36 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-03-23 07:36 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-03-23 07:36 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-03-23 07:36 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-03-23 07:36 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 15:21 - 2012-05-14 15:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 04:38 - 2012-05-14 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{75DCD696-F3A0-4DDF-B4A2-426793BC1E5B}
2012-05-14 04:38 - 2012-05-14 04:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\{42B60C2A-2E25-46C6-A3D0-48B548C07108}
2012-05-12 23:44 - 2012-05-12 23:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{93F7B202-16B8-49C6-B0D9-12C65ED42EED}
2012-05-12 23:44 - 2012-05-12 23:44 - 00000000 ____D C:\Users\Daemon\AppData\Local\{170DEF48-17AC-4FF2-B8EA-0ADD065181ED}
2012-05-12 10:56 - 2012-05-12 10:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{59E4E995-0DD0-4801-8507-B0C531B6648C}
2012-05-12 10:55 - 2012-05-12 10:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8788191E-0242-4CDE-9846-6F32FF7F40A0}
2012-05-11 22:55 - 2012-05-11 22:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{F1C0CD93-8F71-464E-9F93-3BF4BA437576}
2012-05-11 22:55 - 2012-05-11 22:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7B116910-A41E-4B2D-A48F-EDC149BF3FA2}
2012-05-11 04:34 - 2012-05-11 04:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5AA18F0C-38C2-480E-BC0F-A04A2A002EA7}
2012-05-11 04:34 - 2012-05-11 04:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0A7A4616-A7DD-41AB-A4D1-C2E2FB312E25}
2012-05-10 04:47 - 2012-05-10 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{AC08B0B5-33EA-4FEF-A628-58E495D50F7E}
2012-05-10 04:47 - 2012-05-10 04:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9F08C062-14CC-4962-A616-8BE4A380BF82}
2012-05-10 04:46 - 2009-07-13 20:45 - 00292584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 10:40 - 2012-03-23 07:48 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 10:33 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 04:46 - 2012-05-09 04:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7E89194B-6150-49E7-A363-3E2A187C3969}
2012-05-09 04:46 - 2012-05-09 04:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2036A4CC-D2AF-4009-9EF2-053F2852AF78}
2012-05-08 04:42 - 2012-05-08 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2DA20A0B-1681-4AFE-B3B1-F5009CD0BB35}
2012-05-08 04:41 - 2012-05-08 04:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D11CDFCC-CC03-4F65-87A0-E45961EF6033}
2012-05-07 03:40 - 2012-05-07 03:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5CA1126E-08BC-4261-A5B8-6D8003F3531A}
2012-05-07 03:40 - 2012-05-07 03:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{46BBF5C3-62FF-4697-B3EF-5EE0BB58A00E}
2012-05-06 03:59 - 2012-05-06 03:59 - 00000000 ____D C:\Users\All Users\Codemasters
2012-05-06 03:59 - 2012-05-06 03:59 - 00000000 ____D C:\Program Files (x86)\BRS
2012-05-06 03:59 - 2012-03-23 11:30 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-06 03:59 - 2012-03-23 11:30 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-06 03:59 - 2012-03-23 11:30 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-06 03:59 - 2012-03-23 11:30 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-06 03:59 - 2012-03-23 11:30 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-06 03:59 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\my games
2012-05-06 01:54 - 2012-05-06 01:54 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Ekapeli
2012-05-06 01:54 - 2012-05-06 01:54 - 00000000 ____D C:\Users\Daemon\AppData\Local\ekapeli
2012-05-06 00:28 - 2012-05-06 00:28 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DB1E25F8-704F-4D83-B6B8-45E1BAA372FD}
2012-05-06 00:28 - 2012-05-06 00:27 - 00000000 ____D C:\Users\Daemon\AppData\Local\{542513DB-2885-403B-8DD2-24FFEB636EE6}
2012-05-05 10:57 - 2012-04-01 00:57 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 10:57 - 2012-04-01 00:11 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 10:57 - 2012-03-23 07:46 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 00:41 - 2012-05-05 00:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{727F93AC-7F4F-461C-977C-DB687CE05B7F}
2012-05-05 00:41 - 2012-05-05 00:41 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6B10A88D-4FCF-4ACF-A46F-BFAF6ABA1CAF}
2012-05-04 12:01 - 2012-05-04 12:01 - 00000000 ____D C:\Users\Daemon\AppData\Local\{24EA1448-3EB3-4CE7-AF38-D115673D7CA0}
2012-05-04 12:01 - 2012-05-04 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{AC1D5B3B-10F7-4405-8302-053279BDAA54}
2012-05-04 06:48 - 2012-05-04 06:48 - 00001186 ____A C:\Users\Daemon\Desktop\fifa - Copy.exe - Shortcut.lnk
2012-05-04 06:47 - 2012-05-04 06:47 - 00000222 ____A C:\Users\Daemon\Desktop\Orcs Must Die!.url
2012-05-04 03:04 - 2012-05-04 03:03 - 00000000 ____D C:\Users\All Users\EPSON
2012-05-04 01:30 - 2012-05-04 01:30 - 00100712 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-04 00:00 - 2012-05-04 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2BB4D771-95ED-4E53-93EB-831BEFF285CD}
2012-05-03 12:00 - 2012-05-03 11:59 - 00000000 ____D C:\Users\Daemon\AppData\Local\{665704DC-0B06-4483-B5DE-1D62CBBF7276}
2012-05-03 11:59 - 2012-05-02 23:59 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D411E380-E619-4BE8-803F-0E100140104A}
2012-05-03 03:01 - 2012-04-25 04:57 - 00000000 ____D C:\Users\Daemon\Documents\SimCity 4
2012-05-02 23:59 - 2012-05-02 23:59 - 00000000 ____D C:\Users\Daemon\AppData\Local\{68476270-29FB-4DA6-86AA-535E2F6D2566}
2012-05-02 11:59 - 2012-05-02 11:58 - 00000000 ____D C:\Users\Daemon\AppData\Local\{BB4B9E1C-F75F-42AE-847C-3C579F7DDF82}
2012-05-02 11:58 - 2012-05-01 23:58 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A7E56E79-42B4-452D-95A0-1CE37BAACF22}
2012-05-02 03:33 - 2012-03-23 09:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-05-01 23:58 - 2012-05-01 23:58 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5EA6E70E-9B19-43F1-8EEE-C208D08AC461}
2012-05-01 07:17 - 2012-05-01 07:17 - 00001719 ____A C:\Users\Public\Desktop\SimCity 4 Ruuhka-aika.lnk
2012-05-01 07:15 - 2012-04-25 04:35 - 00000759 ____A C:\Windows\eReg.dat
2012-05-01 00:33 - 2012-05-01 00:33 - 00000000 ____D C:\Users\Daemon\AppData\Local\{910E212A-E3EB-4312-A465-58EB5D6940E9}
2012-05-01 00:33 - 2012-05-01 00:32 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7C93E10F-AEAE-4E82-B49D-0A17ABD2F81F}
2012-04-30 09:51 - 2012-04-30 09:51 - 00000000 ____D C:\Users\Daemon\AppData\Local\signal studios
2012-04-30 09:49 - 2012-04-30 09:49 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-04-30 09:49 - 2012-04-30 09:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-04-30 09:49 - 2012-04-30 09:34 - 00001566 ____A C:\Users\Public\Desktop\Toy Soldiers.lnk
2012-04-30 09:41 - 2012-03-25 09:30 - 00000000 ____D C:\Users\Daemon\Desktop\Akin Koneelle
2012-04-30 00:01 - 2012-04-30 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{BC58FFFD-8A09-4FA9-9178-D3AFF7611D65}
2012-04-30 00:01 - 2012-04-29 00:27 - 00000000 ____D C:\Users\Daemon\AppData\Local\Samsung
2012-04-30 00:00 - 2012-04-30 00:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{59B144D6-319D-4D1D-B3B4-392D40AA4224}
2012-04-29 00:29 - 2012-04-29 00:29 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2012-04-29 00:27 - 2012-04-29 00:27 - 00000000 ____D C:\Users\Daemon\Documents\samsung
2012-04-29 00:27 - 2012-04-29 00:27 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Samsung
2012-04-29 00:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-04-29 00:23 - 2012-04-29 00:22 - 00000000 ____D C:\Users\All Users\Samsung
2012-04-29 00:23 - 2012-04-29 00:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2012-04-29 00:22 - 2012-04-29 00:22 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-04-29 00:22 - 2012-03-23 07:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-29 00:21 - 2012-04-29 00:21 - 00000000 ____D C:\Users\Daemon\AppData\Local\Downloaded Installations
2012-04-29 00:19 - 2012-04-29 00:18 - 93126984 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Daemon\Downloads\Kies_2.3.0.12035_16_4.exe
2012-04-29 00:15 - 2012-04-29 00:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-29 00:12 - 2012-04-29 00:12 - 00000000 ____D C:\Users\Daemon\AppData\Local\{BD8F97D0-FC33-42C9-BF2E-65E5470BF426}
2012-04-29 00:12 - 2012-04-29 00:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C9B11164-0B08-4ACE-A57A-5DC7768E5E9A}
2012-04-28 11:31 - 2012-04-28 11:31 - 00000000 ____D C:\Users\Daemon\AppData\Local\{FA05A96E-B9DA-4B65-837D-38A3BC2F6EBF}
2012-04-28 11:31 - 2012-04-28 11:31 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D5576ABD-CE7F-4610-BAB1-5014752E42C4}
2012-04-27 23:31 - 2012-04-27 23:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\{86619B4E-0F75-4808-856C-15AE671AC477}
2012-04-27 23:30 - 2012-04-27 23:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\{198F7750-7122-4147-84A7-8AD08DD722CA}
2012-04-27 08:11 - 2012-04-27 07:57 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\BSW
2012-04-27 07:57 - 2012-04-27 07:57 - 00001014 ____A C:\Users\Daemon\Desktop\BrettspielWelt.lnk
2012-04-27 07:57 - 2012-04-27 07:57 - 00000000 ____D C:\Program Files (x86)\BSW
2012-04-27 01:50 - 2012-04-27 01:50 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E7E04509-EF69-4D65-9B9C-93B864203B2A}
2012-04-27 01:50 - 2012-04-27 01:50 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1F728B10-B6C0-4B00-961F-9DAA0C770781}
2012-04-26 00:31 - 2012-04-26 00:31 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4DC43D34-3B4A-4C4D-9A12-1137411A4F3C}
2012-04-26 00:31 - 2012-04-26 00:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6418B5BF-04F3-473C-BE50-EE5952156345}
2012-04-25 11:47 - 2012-04-25 11:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{EE0D1A42-57C0-45CB-906D-00DB020D3669}
2012-04-25 11:47 - 2012-04-24 23:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3AFD7064-A04E-4B05-A947-FD15246346FA}
2012-04-24 23:47 - 2012-04-24 23:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{12853E24-C4A7-4254-9E0A-E41A3242FE6C}
2012-04-24 03:38 - 2012-04-24 03:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{AD779C58-4E2F-4568-8B23-32B39DA69551}
2012-04-24 03:37 - 2012-04-24 03:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{194761FE-985A-47F4-8091-F1F2CF4E3E49}
2012-04-23 03:43 - 2012-04-23 03:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{85B8C109-D744-4D51-8A97-14E5B7F2E83D}
2012-04-23 03:42 - 2012-04-23 03:42 - 00000000 ____D C:\Users\Daemon\AppData\Local\{39117820-745A-4626-89DB-32862A1EA3F9}
2012-04-21 23:56 - 2012-04-21 23:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{96D5221C-F8DD-4D06-A15D-566F0A5C77D3}
2012-04-21 23:55 - 2012-04-21 23:55 - 00000000 ____D C:\Users\Daemon\AppData\Local\{52A16A15-3DB6-4243-8649-0613775A30A3}
2012-04-21 23:55 - 2012-03-23 07:04 - 00001022 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920578845-3360453427-151566150-1001UA.job
2012-04-21 23:55 - 2012-03-23 07:04 - 00000970 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920578845-3360453427-151566150-1001Core.job
2012-04-21 03:26 - 2012-04-21 03:26 - 00000000 ____D C:\Users\Daemon\AppData\Local\{CAE7AC9F-C9F9-4D40-B58A-CCBDEEAE247F}
2012-04-21 03:26 - 2012-04-21 03:26 - 00000000 ____D C:\Users\Daemon\AppData\Local\{63B3C240-8102-430A-84E3-6A1521AF3E94}
2012-04-21 02:05 - 2012-03-27 03:58 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-20 15:25 - 2012-04-20 15:25 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C9501F2B-4AA0-46B3-8F02-AD28897D9C3A}
2012-04-20 15:25 - 2012-04-20 15:25 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5329B094-A086-4A4F-AD1C-1BB37D72BA93}
2012-04-20 02:47 - 2012-04-20 02:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E9CB5BC6-19E7-4400-827E-0F7085D8239E}
2012-04-20 02:47 - 2012-04-20 02:47 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6CDEE91D-F4B2-46F6-AB23-AC4CB984776F}
2012-04-19 05:15 - 2012-04-07 00:39 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Spotify
2012-04-19 01:02 - 2012-04-19 01:00 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-19 01:01 - 2012-04-19 01:01 - 00000000 ____D C:\Users\Daemon\AppData\Local\Adobe
2012-04-19 01:01 - 2012-04-19 01:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-19 01:01 - 2012-03-23 07:17 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Adobe
2012-04-19 01:01 - 2012-03-23 06:36 - 00000000 ____D C:\Users\Daemon\AppData\LocalLow
2012-04-18 23:49 - 2012-04-18 23:49 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D252F180-56B3-44E2-8007-E9712ADDB094}
2012-04-18 23:49 - 2012-04-18 23:49 - 00000000 ____D C:\Users\Daemon\AppData\Local\{445DC0A1-6955-45E4-BE6B-B246CAB8D75B}
2012-04-18 14:22 - 2012-04-18 14:22 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Pole Position 2012
2012-04-18 14:21 - 2012-04-18 14:21 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Kalypso Media
2012-04-18 14:21 - 2012-04-18 14:21 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\.mono
2012-04-18 14:21 - 2012-04-18 14:21 - 00000000 ____D C:\Users\All Users\.mono
2012-04-18 14:14 - 2012-04-18 14:14 - 00000000 ____A C:\Users\Daemon\AppData\Roaming\lzxIc.txt
2012-04-18 09:56 - 2012-04-18 09:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 09:56 - 2012-04-18 09:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 09:38 - 2012-04-18 09:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{3DF9BE5C-4ED9-4455-93BC-3B9C56C6A431}
2012-04-18 09:37 - 2012-04-18 09:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E5990655-ED0F-4F27-A7AA-2DE71198A875}
2012-04-17 21:37 - 2012-04-17 21:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E77E054E-C298-4A7C-92E5-A33BA201E80C}
2012-04-17 21:37 - 2012-04-17 21:37 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6F687B60-ED8B-4E3A-B910-0C3A3FCAE427}
2012-04-17 03:31 - 2012-04-17 03:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0525B0B7-7F4B-43E3-9844-8385AAE30121}
2012-04-17 03:30 - 2012-04-17 03:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\{1A753369-6027-40CC-B959-4C088AC101FD}
2012-04-16 21:36 - 2012-04-16 21:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7C06AC42-09BF-43B1-B568-C7B91BF75FF5}
2012-04-16 21:35 - 2012-04-16 21:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{06805013-6DE8-43E1-AC08-8DFF22F82CA9}
2012-04-16 08:31 - 2012-04-16 08:31 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Waveform
2012-04-16 08:31 - 2012-03-24 09:34 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\NVIDIA
2012-04-16 07:21 - 2012-04-16 07:21 - 00000195 ____A C:\Users\Daemon\Desktop\Waveform Demo.url
2012-04-16 01:50 - 2012-04-16 01:50 - 00018508 ____A C:\Users\Daemon\Documents\Työhakemus.odt
2012-04-16 00:20 - 2012-04-16 00:19 - 00000000 ____D C:\Users\Daemon\AppData\Local\{44453134-1E8D-45C7-8005-901FD394622C}
2012-04-16 00:19 - 2012-04-16 00:19 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C5B89A54-2929-41AE-9517-8C0E6DB19E17}
2012-04-15 11:10 - 2012-04-15 11:10 - 00000000 ____D C:\Users\Daemon\AppData\Local\{E7861015-3F8A-445A-BAA2-E6C5F8431006}
2012-04-15 11:10 - 2012-04-14 23:09 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B8CEB67B-35FB-4C2E-A9BC-20FA30C8A236}
2012-04-15 10:55 - 2012-04-15 10:55 - 00000000 ____D C:\Program Files (x86)\Veetle
2012-04-15 10:54 - 2012-04-15 10:54 - 04618792 ____A (Veetle Inc) C:\Users\Daemon\Downloads\veetle-0.9.19.exe
2012-04-15 07:09 - 2012-04-07 00:39 - 00000000 ____D C:\Users\Daemon\AppData\Local\Spotify
2012-04-14 23:10 - 2012-04-14 23:09 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B7066A17-C1F3-42B1-B4CE-7C84D241C58F}
2012-04-14 00:31 - 2012-04-14 00:31 - 00000000 ____D C:\Users\Daemon\AppData\Local\{AE14ADD0-EE34-47F1-8883-3EC6798999D5}
2012-04-14 00:31 - 2012-04-14 00:31 - 00000000 ____D C:\Users\Daemon\AppData\Local\{13537867-A61E-4E36-B850-04A97C49A50E}
2012-04-13 02:11 - 2012-04-13 02:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A396D5F9-EA2C-4ACD-BF8E-A659F1EF04B7}
2012-04-13 02:11 - 2012-04-13 02:11 - 00000000 ____D C:\Users\Daemon\AppData\Local\{69B6D90B-FBE0-4039-8368-83A31980D13B}
2012-04-12 03:54 - 2012-04-12 03:54 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9957B53F-8D85-4ECD-91FA-88BB05201B16}
2012-04-12 03:54 - 2012-04-12 03:53 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B6B28EBE-A483-4EAE-B8A2-F5422E7A5D54}
2012-04-11 03:56 - 2012-04-11 03:56 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D7F1EC33-AB81-4BDB-BEA0-BFB786519199}
2012-04-11 03:56 - 2012-04-11 03:56 - 00000000 ____D C:\Users\Daemon\AppData\Local\{B07E0E7A-0F92-427C-8F94-375B883065F7}
2012-04-10 03:33 - 2012-04-10 03:32 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4ED9DF1C-EF2E-4F70-BB11-2CD66ADA3BF4}
2012-04-10 03:32 - 2012-04-10 03:32 - 00000000 ____D C:\Users\Daemon\AppData\Local\{96BA54F3-6BE3-46B1-BE46-1F49A10949DE}
2012-04-09 00:33 - 2012-04-09 00:33 - 00000000 ____D C:\Users\Daemon\AppData\Local\{FC743960-2C66-4E82-AD9E-0F4227279266}
2012-04-09 00:33 - 2012-04-09 00:33 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5E27A585-B481-40FF-9BB1-BF58D59C85F4}
2012-04-08 04:52 - 2012-04-08 04:52 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-08 00:23 - 2012-04-08 00:22 - 00000000 ____D C:\Users\Daemon\AppData\Local\{5092B9A6-C010-4A04-B4B4-8A420EA251E1}
2012-04-08 00:22 - 2012-04-08 00:22 - 00000000 ____D C:\Users\Daemon\AppData\Local\{0228BA05-8F58-43EE-9E9C-7B19429F86E1}
2012-04-08 00:22 - 2012-04-08 00:22 - 00000000 ____A C:\Windows\setuperr.log
2012-04-07 02:13 - 2012-04-07 02:13 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2012
2012-04-07 00:17 - 2012-04-07 00:17 - 00000000 ____D C:\Users\Daemon\AppData\Local\{450B7F2F-3F99-4E3D-9EA1-73DB41AAD56F}
2012-04-07 00:17 - 2012-04-07 00:16 - 00000000 ____D C:\Users\Daemon\AppData\Local\{BE62CEA8-3D2D-4782-803F-A914FA97F4A3}
2012-04-05 23:25 - 2012-04-05 23:25 - 00000000 ____D C:\Users\Daemon\AppData\Local\{7A81CD94-DD59-4F68-B603-44E2E1692211}
2012-04-05 23:25 - 2012-04-05 23:25 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4707E4A0-0AF7-4064-9589-54BBFEF4DE71}
2012-04-05 08:35 - 2012-04-05 08:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\Chromium
2012-04-05 08:34 - 2012-04-04 10:23 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-04-05 03:40 - 2012-04-05 03:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{25550A25-6A1A-4E53-A767-0B784616C25F}
2012-04-05 03:40 - 2012-04-05 03:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{138DB036-8B63-4477-A814-5AF815050451}
2012-04-04 04:56 - 2012-06-09 01:58 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 03:35 - 2012-04-04 03:35 - 00000000 ____D C:\Users\Daemon\AppData\Local\{209D649B-E0CB-4FD7-9151-09F74144493B}
2012-04-04 03:35 - 2012-04-04 03:34 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C9A6788D-44CB-430E-8011-2E8A204F94C0}
2012-04-03 03:47 - 2012-04-03 03:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{74ED0074-D533-44BC-B77A-4B8C59C36BB7}
2012-04-03 03:46 - 2012-04-03 03:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8F3C5748-E7C6-4750-B86A-314D47AFC551}
2012-04-02 02:56 - 2012-04-02 02:56 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8B4C8713-F63D-4461-96E2-FDAE8CD83E00}
2012-04-01 07:31 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-04-01 00:10 - 2012-04-01 00:10 - 00000000 ____D C:\Users\Daemon\AppData\Local\{C9311C98-C29B-44EA-8C9E-5170017A8B8A}
2012-03-30 22:05 - 2012-05-09 08:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 21:40 - 2012-03-30 21:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A1F85CB7-5460-4896-B95D-32BB6CF1434D}
2012-03-30 20:39 - 2012-05-09 08:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 08:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 08:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 08:08 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 23:46 - 2012-03-29 23:46 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9FF2A99D-AC19-451C-A8E7-2FA9F0026199}
2012-03-29 03:48 - 2012-03-23 10:40 - 00000000 ____D C:\Users\Daemon\AppData\Local\Apple Computer
2012-03-29 01:11 - 2012-03-29 01:11 - 00000000 ____D C:\Program Files\iTunes
2012-03-29 01:11 - 2012-03-29 01:11 - 00000000 ____D C:\Program Files\iPod
2012-03-29 01:11 - 2012-03-23 10:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 00:59 - 2012-03-29 00:59 - 00000000 ____D C:\Users\Daemon\AppData\Local\{4C148168-7E26-481F-B118-38628414F2F9}
2012-03-28 11:11 - 2012-04-29 00:23 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-03-28 11:11 - 2012-04-29 00:22 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00569344 ____A (© MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00325552 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00258048 ____A (© PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00200704 ____A ( © MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-03-28 11:11 - 2012-03-28 11:11 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00131072 ____A (© MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00122880 ____A (© MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00110592 ____A (© MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-03-28 11:11 - 2012-03-28 11:11 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-03-28 11:11 - 2012-03-28 11:11 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-03-28 11:11 - 2012-03-28 11:11 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-03-28 11:11 - 2012-03-28 11:11 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-03-28 11:00 - 2012-03-28 11:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A5122CD3-C025-438C-80FA-2F4F180BC919}
2012-03-28 10:14 - 2012-03-28 10:14 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\SystemRequirementsLab
2012-03-28 10:14 - 2012-03-28 10:14 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-03-28 01:21 - 2012-03-28 01:20 - 00000000 ____D C:\Windows\SysWOW64\sda
2012-03-28 01:19 - 2012-03-28 01:19 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-03-28 00:49 - 2012-03-28 00:49 - 00000000 ____D C:\Program Files\PlayReady
2012-03-28 00:27 - 2012-03-23 07:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-28 00:26 - 2012-03-28 00:26 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Windows Live Writer
2012-03-28 00:26 - 2012-03-28 00:26 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\WinBatch
2012-03-28 00:26 - 2012-03-28 00:26 - 00000000 ____D C:\Users\Daemon\AppData\Local\Windows Live Writer
2012-03-28 00:17 - 2012-03-28 00:17 - 00000000 ____D C:\Users\Daemon\AppData\Local\SlimWare Utilities Inc
2012-03-27 23:00 - 2012-03-27 23:00 - 00000000 ____D C:\Users\Daemon\AppData\Local\{D929A5AE-9C26-496B-A1F7-6AB5B30EEAA9}
2012-03-27 09:56 - 2012-03-27 09:56 - 00366035 __RSH C:\NSQTB
2012-03-27 09:56 - 2012-03-13 15:26 - 00000020 __RSH C:\win7.ld
2012-03-27 03:59 - 2012-03-23 07:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\Google
2012-03-27 02:28 - 2012-03-27 02:28 - 00000000 ____D C:\Users\Daemon\AppData\Local\{9AF49839-CF46-4087-8783-294537C65BE1}
2012-03-26 12:43 - 2012-03-26 00:43 - 00000000 ____D C:\Users\Daemon\AppData\Local\{2D6D2174-529E-44CB-9D05-510703F99144}
2012-03-26 01:59 - 2012-03-23 09:27 - 00000000 ____D C:\Users\Daemon\AppData\Local\Thunderbird
2012-03-26 01:32 - 2012-03-26 01:31 - 00000000 ____D C:\Program Files (x86)\Free FLAC to MP3 Converter
2012-03-26 01:31 - 2012-03-26 01:31 - 01060892 ____A (PolySoft Solutions ) C:\Users\Daemon\Downloads\FreeFLACToMP3Converter.exe
2012-03-26 00:43 - 2012-03-26 00:43 - 00000000 ____D C:\Users\Daemon\AppData\Local\{8D1C8BCB-06A5-4985-8C89-F8D006B93531}
2012-03-25 12:38 - 2012-03-25 12:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\Microsoft Games
2012-03-25 12:15 - 2012-03-25 00:15 - 00000000 ____D C:\Users\Daemon\AppData\Local\{AB8E765F-B089-4BB1-8913-A62F0398DE14}
2012-03-25 08:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-03-25 05:13 - 2012-03-24 03:41 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\BSplayer PRO
2012-03-25 00:03 - 2012-03-24 23:57 - 00000000 ____D C:\Users\Daemon\AppData\Local\Ubisoft Game Launcher
2012-03-25 00:02 - 2012-03-25 00:02 - 00001397 ____A C:\Users\Daemon\Desktop\The Settlers 7 Paths to a Kingdom.lnk
2012-03-24 23:27 - 2012-03-24 23:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-03-24 12:14 - 2012-03-24 12:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\{6495C299-53D9-4619-949E-4BB3D3DA9BE8}
2012-03-24 08:29 - 2009-07-13 23:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-03-24 08:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\es-ES
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\da-DK
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\es-ES
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\da-DK
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\cs-CZ
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-03-24 08:29 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-03-24 08:27 - 2012-03-24 08:26 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-24 08:27 - 2012-03-23 09:04 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-03-24 03:41 - 2012-03-24 03:41 - 00000000 ____D C:\Program Files (x86)\Webteh
2012-03-24 02:23 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-03-24 02:23 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-03-24 02:13 - 2012-03-24 02:13 - 00000000 ____D C:\Windows\System32\SPReview
2012-03-24 02:13 - 2012-03-24 02:13 - 00000000 ____D C:\Windows\System32\EventProviders
2012-03-24 01:42 - 2012-03-24 01:42 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\OpenOffice.org
2012-03-24 01:40 - 2012-03-23 10:40 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Apple Computer
2012-03-24 01:31 - 2012-03-24 01:31 - 00000000 ____D C:\Program Files (x86)\Minilyrics
2012-03-24 00:23 - 2012-03-24 00:23 - 00000000 ____D C:\Windows\Sun
2012-03-24 00:14 - 2012-03-24 00:13 - 00000000 ____D C:\Users\Daemon\AppData\Local\{A4E9B031-CD58-41C2-801D-E15AE7BEA2EB}
2012-03-23 16:16 - 2012-03-14 01:08 - 00008192 _RASH C:\BOOTSECT.BAK
2012-03-23 16:16 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-23 16:16 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-23 16:09 - 2012-03-23 16:09 - 00000000 ____D C:\Windows.old
2012-03-23 11:57 - 2012-03-23 11:57 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-23 11:57 - 2012-03-23 11:57 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-23 11:57 - 2012-03-23 11:57 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-23 11:57 - 2012-03-23 09:35 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-23 11:42 - 2012-03-23 11:42 - 00000000 ____D C:\Users\All Users\Pendulo Studios
2012-03-23 11:24 - 2012-03-23 11:24 - 00000000 ____D C:\Users\Daemon\AppData\Local\{DC8D2767-1F94-4C1F-BC2B-FB5863B4F6DF}
2012-03-23 11:01 - 2012-03-23 10:58 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-03-23 10:58 - 2012-03-23 10:58 - 00000000 ____D C:\Program Files\Windows Live
2012-03-23 10:57 - 2012-03-23 10:57 - 00000000 ____D C:\Windows\PCHEALTH
2012-03-23 10:57 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-23 10:52 - 2012-03-23 10:52 - 00000000 ___HD C:\$AVG
2012-03-23 10:39 - 2012-03-23 10:39 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-03-23 10:39 - 2012-03-23 10:39 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-23 10:38 - 2012-03-23 10:38 - 00000000 ____D C:\Users\Daemon\AppData\Local\Apple
2012-03-23 10:38 - 2012-03-23 10:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-23 10:38 - 2012-03-23 10:38 - 00000000 ____D C:\Program Files\Bonjour
2012-03-23 10:38 - 2012-03-23 10:38 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-03-23 10:38 - 2012-03-23 10:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-23 10:38 - 2012-03-23 10:37 - 00000000 ____D C:\Users\All Users\Apple
2012-03-23 10:31 - 2012-03-23 10:31 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Leadertech
2012-03-23 10:31 - 2012-03-23 10:30 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2012-03-23 10:31 - 2012-03-23 07:39 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Logitech
2012-03-23 10:30 - 2012-03-23 10:30 - 00000000 ____D C:\Users\Daemon\AppData\Local\Logishrd
2012-03-23 10:30 - 2012-03-23 10:30 - 00000000 ____D C:\Users\All Users\Logishrd
2012-03-23 10:30 - 2012-03-23 10:30 - 00000000 ____D C:\Program Files\Logitech
2012-03-23 10:30 - 2012-03-23 07:39 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2012-03-23 10:10 - 2012-03-23 09:39 - 00000000 ____D C:\8B90CF3A4F8FD3DD04A88A89
2012-03-23 10:06 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\i68Fifa12
2012-03-23 10:03 - 2012-03-23 07:04 - 00063696 ____A C:\Users\Daemon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-23 10:02 - 2012-03-23 08:00 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\WinRAR
2012-03-23 10:01 - 2012-03-23 07:39 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Logishrd
2012-03-23 09:39 - 2012-03-23 09:39 - 00000000 ____D C:\B09EF6BA63FAF0ECC3
2012-03-23 09:36 - 2012-03-23 09:36 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-03-23 09:35 - 2012-03-23 09:35 - 00000000 ____D C:\Users\All Users\Sun
2012-03-23 09:34 - 2012-03-23 09:34 - 00000000 ____D C:\Program Files (x86)\Java
2012-03-23 09:28 - 2012-03-23 09:28 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Mozilla
2012-03-23 09:28 - 2012-03-23 09:28 - 00000000 ____A C:\Windows\nsreg.dat
2012-03-23 09:28 - 2012-03-23 09:27 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Thunderbird
2012-03-23 09:24 - 2012-03-23 09:20 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-03-23 09:22 - 2012-03-23 09:22 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\TuneUp Software
2012-03-23 09:19 - 2012-03-23 09:19 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-23 09:18 - 2012-03-23 09:03 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\DAEMON Tools Lite
2012-03-23 09:18 - 2012-03-23 09:02 - 00000000 ____D C:\Users\All Users\AVG2012
2012-03-23 09:05 - 2012-03-23 09:05 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\AVG2012
2012-03-23 09:04 - 2012-03-23 09:04 - 00834544 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-03-23 09:04 - 2012-03-23 09:04 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-03-23 09:04 - 2012-03-23 09:04 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Opera
2012-03-23 09:04 - 2012-03-23 09:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\Opera
2012-03-23 09:04 - 2012-03-23 09:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar
2012-03-23 09:04 - 2012-03-23 09:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-03-23 09:03 - 2012-03-23 09:03 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-03-23 09:01 - 2012-03-23 09:01 - 00000000 ____D C:\Program Files (x86)\AVG
2012-03-23 08:14 - 2012-03-23 08:14 - 00000000 ____D C:\Users\Daemon\AppData\Local\Origin
2012-03-23 08:14 - 2012-03-23 08:14 - 00000000 ____D C:\Users\All Users\Origin
2012-03-23 08:14 - 2012-03-23 08:14 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-03-23 08:14 - 2012-03-23 08:12 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Origin
2012-03-23 08:12 - 2012-03-23 08:12 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-03-23 08:09 - 2012-03-23 06:36 - 00000000 ____D C:\users\Daemon
2012-03-23 08:08 - 2012-03-23 08:08 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-03-23 08:08 - 2012-03-23 08:08 - 00000000 ____D C:\Program Files\Realtek
2012-03-23 08:02 - 2012-03-23 08:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-03-23 08:01 - 2012-03-23 08:00 - 00000000 ____D C:\Program Files\WinRAR
2012-03-23 07:52 - 2012-03-23 07:52 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\HDTVPlayer
2012-03-23 07:51 - 2012-03-23 07:51 - 00001063 ____A C:\Users\Daemon\Desktop\HDTV Player.lnk
2012-03-23 07:46 - 2012-03-23 07:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-23 07:46 - 2012-03-23 07:46 - 00000000 ____D C:\Windows\System32\Macromed
2012-03-23 07:46 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-03-23 07:44 - 2012-03-23 07:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-23 07:44 - 2012-03-23 07:44 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-23 07:44 - 2012-03-23 07:44 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-23 07:44 - 2012-03-23 07:44 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-23 07:44 - 2012-03-23 07:44 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-23 07:44 - 2012-03-23 07:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-23 07:44 - 2012-03-23 07:44 - 00072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-23 07:44 - 2012-03-23 07:44 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-23 07:44 - 2012-03-23 07:44 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-23 07:44 - 2012-03-23 07:44 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-23 07:44 - 2012-03-23 07:44 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-23 07:39 - 2012-03-23 07:39 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\InstallShield
2012-03-23 07:37 - 2012-03-23 07:37 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\Templates
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\NetHood
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\My Documents
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-03-23 07:37 - 2012-03-23 07:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-03-23 07:36 - 2012-03-13 15:28 - 00000000 ____D C:\NVIDIA
2012-03-23 07:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-03-23 07:35 - 2012-03-23 07:35 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-03-23 07:34 - 2012-03-23 07:34 - 00000000 ____D C:\Users\Daemon\Desktop\Chrome DLC
2012-03-23 07:17 - 2012-03-23 07:17 - 00000000 ____D C:\Users\Daemon\AppData\Roaming\Macromedia
2012-03-23 07:04 - 2012-03-23 07:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\Deployment
2012-03-23 07:04 - 2012-03-23 07:04 - 00000000 ____D C:\Users\Daemon\AppData\Local\Apps\2.0
2012-03-23 06:55 - 2012-03-23 06:55 - 00000000 ____D C:\75045598c6a283a60a399fcb26db
2012-03-23 06:51 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\Sports Interactive
2012-03-23 06:48 - 2012-03-23 06:48 - 00000000 ___RD C:\Users\Daemon\Documents\Adlm
2012-03-23 06:48 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\BioWare
2012-03-23 06:48 - 2012-03-23 06:48 - 00000000 ____D C:\Users\Daemon\Documents\3dsmax
2012-03-23 06:42 - 2012-03-23 06:42 - 00000355 ____A C:\Users\Daemon\Desktop\Tietsikka.lnk
2012-03-23 06:38 - 2012-03-23 06:38 - 00000468 ____A C:\Users\Daemon\Desktop\Iomega.lnk
2012-03-23 06:38 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-03-23 06:36 - 2012-03-23 16:17 - 00000000 ____D C:\Windows\Panther
2012-03-23 06:36 - 2012-03-23 06:36 - 00000020 ___SH C:\Users\Daemon\ntuser.ini
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\Templates
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\Start Menu
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\PrintHood
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\NetHood
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\My Documents
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\Documents\My Videos
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\Documents\My Pictures
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\Documents\My Music
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\AppData\Local\Temporary Internet Files
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 __SHD C:\Users\Daemon\AppData\Local\History
2012-03-23 06:36 - 2012-03-23 06:36 - 00000000 ____D C:\Users\Daemon\AppData\Local\VirtualStore
2012-03-23 06:35 - 2012-03-13 15:15 - 00000000 __SHD C:\Recovery
2012-03-23 06:35 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-03-23 06:22 - 2009-07-13 21:01 - 00042045 ____A C:\Windows\SysWOW64\license.rtf
2012-03-23 06:22 - 2009-07-13 21:01 - 00042045 ____A C:\Windows\System32\license.rtf
2012-03-23 06:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-03-23 06:20 - 2012-03-23 06:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-03-23 06:18 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\CSC
2012-03-16 23:58 - 2012-05-09 08:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 02:20 - 2012-03-23 06:48 - 00021881 ____A C:\Users\Daemon\Documents\Koulutushakemus.odt
2012-03-15 10:42 - 2012-03-23 07:34 - 00001426 ____A C:\Users\Daemon\Desktop\Mass Effect 3.lnk
2012-03-15 02:44 - 2012-03-15 02:42 - 00001166 ____A C:\DkBootTime.log
2012-03-14 23:38 - 2012-03-23 06:48 - 00014817 ____A C:\Users\Daemon\Downloads\[isoHunt] Diskeeper 2011 Pro Premier 15.0.963.0 100% WORKING.torrent
2012-03-14 06:42 - 2012-03-23 06:48 - 00000000 __SHD C:\Users\Daemon\Documents\i68Backups
2012-03-14 05:34 - 2012-03-23 07:34 - 00000894 ____A C:\Users\Daemon\Desktop\The Elder Scrolls V Skyrim.lnk
2012-03-14 05:32 - 2012-03-23 06:48 - 00005514 ____A C:\Users\Daemon\Downloads\[isoHunt] BS.Player_Pro_v2.61.1065___Serials_[ChattChitto_RG].6917306.TPB.torrent
2012-03-14 05:20 - 2012-03-23 06:48 - 00001916 ____A C:\Users\Daemon\Downloads\BingAerialEurope.theme
2012-03-13 15:24 - 2012-03-23 06:38 - 00000476 ____A C:\Users\Daemon\Desktop\C.lnk

ZeroAccess:
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\L
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\L\00000004.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\L\00000008.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\00000004.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\00000008.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\000000cb.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\80000000.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\80000032.@
C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.49 MB
Available physical RAM: 3467.64 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3469.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:584.59 GB) (Free:370.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.58 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive f: (Iomega HDD) (Fixed) (Total:465.76 GB) (Free:44.61 GB) NTFS
6 Drive h: (JONINMUISTI) (Removable) (Total:0.95 GB) (Free:0.9 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 973 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 584 GB 31 KB
Partition 2 Primary 11 GB 584 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 584 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Iomega HDD NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 973 MB 123 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H JONINMUISTI FAT32 Removable 973 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-09 12:12

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 02:24 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 02:41 PM

Hi

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-06-2012 01
Ran by SYSTEM at 2012-06-10 22:33:50 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{c2091745-bea3-8d55-326e-90ee58301e27} moved successfully.

==== End of Fixlog ====

AVG still detects the patched_c.LXT threath and services.exe and svchost.exe take ~20% of processor each all the time. The svchost.exe*32 hasn't appeared in task managers process list, at least not yet.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 03:16 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 10 June 2012 - 05:06 PM

Hey.

I had some problems at first with combofix. I had to uninstall every virus and malware software to be sure it would work. Also it seemed as if I clicked anywhere when combo was working it would freeze.
So I finally managed to get it to work by not touching anything while it was running. Combo found an infected Services.exe and succesfully replaced it. Everything seems to be working correctly now.

Thank you very much for the help. You saved me a ton of work as I don't have to do a total system reinstallation. :)

Oh, and here's the combofix log. It's in finnish, but I think you understand what you need from it. ;)



ComboFix 12-06-10.01 - Daemon 11.06.2012 0:47.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.4094.2789 [GMT 3:00]
Sijainti: c:\users\Daemon\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\muzapp.exe
.
Saastunut kopio tiedostosta c:\windows\system32\Services.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-05-10 to 2012-06-10 )))))))))))))))))
.
.
2012-06-11 06:08 . 2012-06-11 06:09 -------- d-----w- C:\FRST
2012-06-10 21:53 . 2012-06-10 21:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-10 21:53 . 2012-06-10 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 21:30 . 2012-06-10 21:30 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-10 21:24 . 2012-06-10 21:24 7021336 ----a-w- c:\users\UpdatusUser\AppData\Roaming\wruninstall.exe
2012-06-10 19:36 . 2012-06-10 19:36 -------- d-----w- c:\users\Daemon\AppData\Roaming\Process Hacker 2
2012-06-10 19:19 . 2012-06-10 19:19 -------- d-----w- C:\HDTVPlayer
2012-06-10 17:46 . 2012-06-10 17:46 -------- d-----w- c:\program files\Process Hacker 2
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\users\Daemon\AppData\Local\SvchostViewer
2012-06-10 17:17 . 2012-06-10 17:17 -------- d-----w- c:\program files (x86)\DLLSuite
2012-06-10 14:50 . 2012-06-10 14:50 -------- d-----w- c:\users\Daemon\AppData\Local\lptmp288632729
2012-06-09 16:10 . 2012-06-09 16:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-09 16:10 . 2012-06-09 16:10 -------- d-----w- c:\program files\Enigma Software Group
2012-06-09 16:09 . 2012-06-09 16:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-09 15:59 . 2012-06-09 16:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-09 15:59 . 2012-06-09 16:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-09 15:52 . 2012-06-09 15:52 388096 ----a-r- c:\users\Daemon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 15:52 . 2012-06-09 15:52 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-09 09:58 . 2012-06-09 09:58 -------- d-----w- c:\users\Daemon\AppData\Roaming\Malwarebytes
2012-06-09 09:58 . 2012-06-09 15:44 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 07:51 . 2012-06-09 07:51 -------- d-----w- c:\program files (x86)\Kalypso
2012-06-06 14:51 . 2012-06-06 15:15 -------- d-----w- c:\programdata\RELOADED
2012-06-03 14:51 . 2012-06-09 07:53 -------- d-----w- c:\users\Daemon\AppData\Local\SKIDROW
2012-06-03 14:51 . 2012-06-03 14:51 -------- d-----w- c:\users\Daemon\AppData\Roaming\Sports Interactive
2012-06-03 14:51 . 2012-06-03 14:51 -------- d-----w- c:\users\Daemon\AppData\Local\Sports Interactive
2012-06-03 14:43 . 2012-06-03 14:43 -------- d-----w- c:\program files (x86)\SEGA
2012-06-02 05:52 . 2012-06-04 12:51 -------- d-----w- C:\yes
2012-05-28 13:30 . 2012-05-28 13:30 -------- d-----w- c:\windows\SysWow64\System32
2012-05-24 13:11 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-24 13:11 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-24 13:11 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-24 13:11 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-24 13:11 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-24 13:11 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-24 13:11 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-24 13:11 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-24 13:11 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-24 13:11 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-24 13:11 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-24 13:11 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-24 12:48 . 2012-05-24 12:48 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-24 12:48 . 2012-05-24 12:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-23 13:51 . 2012-05-23 13:51 -------- d-----w- c:\users\Daemon\AppData\Roaming\f-secure
2012-05-23 13:51 . 2012-05-23 13:51 -------- d-----w- c:\programdata\F-Secure
2012-05-23 13:47 . 2012-05-23 13:47 -------- d-----w- c:\programdata\boost_interprocess
2012-05-20 11:54 . 2012-06-09 14:58 -------- d-----w- c:\program files (x86)\Cubemen
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 08:03 . 2012-05-17 08:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 08:03 . 2012-05-17 08:03 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-14 23:21 . 2012-05-14 23:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 09:56 . 2012-03-28 08:17 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-05-15 10:48 . 2012-03-23 15:35 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-23 15:35 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-23 15:35 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-23 15:35 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-23 15:35 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-23 15:35 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-03-23 15:35 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2012-03-23 15:36 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-03-23 15:36 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-23 15:36 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-23 15:36 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-03-23 15:36 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-06 11:59 . 2012-03-23 19:30 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-06 11:59 . 2012-03-23 19:30 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-06 11:59 . 2012-03-23 19:30 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-06 11:59 . 2012-03-23 19:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-05 18:57 . 2012-04-01 08:11 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 18:57 . 2012-03-23 15:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 18:57 . 2012-04-01 08:57 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:56 . 2012-04-18 17:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 17:56 . 2012-04-18 17:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-09 16:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 16:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 16:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 16:08 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 16:08 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 19:11 . 2012-04-29 08:23 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-28 19:11 . 2012-03-28 19:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 19:11 . 2012-03-28 19:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 19:11 . 2012-03-28 19:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 19:11 . 2012-03-28 19:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 19:11 . 2012-03-28 19:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 19:11 . 2012-03-28 19:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 19:11 . 2012-03-28 19:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 19:11 . 2012-03-28 19:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 19:11 . 2012-03-28 19:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 19:11 . 2012-03-28 19:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 19:11 . 2012-03-28 19:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 19:11 . 2012-03-28 19:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 19:11 . 2012-03-28 19:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 19:11 . 2012-03-28 19:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 19:11 . 2012-03-28 19:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 19:11 . 2012-03-28 19:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 19:11 . 2012-03-28 19:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 19:11 . 2012-03-28 19:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 19:11 . 2012-03-28 19:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 19:11 . 2012-03-28 19:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 19:11 . 2012-03-28 19:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 19:11 . 2012-03-28 19:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 19:11 . 2012-03-28 19:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 19:11 . 2012-03-28 19:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 19:11 . 2012-03-28 19:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 19:11 . 2012-03-28 19:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 19:11 . 2012-03-28 19:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 19:11 . 2012-03-28 19:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-28 19:11 . 2012-04-29 08:22 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-03-28 08:49 . 2012-03-28 08:49 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-28 08:49 . 2012-03-28 08:49 460624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-24 10:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-24 10:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-23 19:57 . 2012-03-23 17:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-23 18:55 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-23 18:31 . 2012-03-23 18:31 53248 ----a-r- c:\users\Daemon\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-23 15:44 . 2012-03-23 15:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 15:44 . 2012-03-23 15:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 15:44 . 2012-03-23 15:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-23 15:44 . 2012-03-23 15:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 15:44 . 2012-03-23 15:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-23 15:44 . 2012-03-23 15:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 15:44 . 2012-03-23 15:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-23 15:44 . 2012-03-23 15:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-23 15:44 . 2012-03-23 15:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-23 15:44 . 2012-03-23 15:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 15:44 . 2012-03-23 15:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 15:44 . 2012-03-23 15:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-23 15:44 . 2012-03-23 15:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 15:44 . 2012-03-23 15:44 448512 ----a-w- c:\windows\system32\html.iec
2012-03-23 15:44 . 2012-03-23 15:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-23 15:44 . 2012-03-23 15:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-23 15:44 . 2012-03-23 15:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-23 15:44 . 2012-03-23 15:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 15:44 . 2012-03-23 15:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-23 15:44 . 2012-03-23 15:44 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 15:44 . 2012-03-23 15:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-23 15:44 . 2012-03-23 15:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 15:44 . 2012-03-23 15:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-23 15:44 . 2012-03-23 15:44 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 15:44 . 2012-03-23 15:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-23 15:44 . 2012-03-23 15:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-23 15:44 . 2012-03-23 15:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-23 15:44 . 2012-03-23 15:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 15:44 . 2012-03-23 15:44 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 15:44 . 2012-03-23 15:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-23 15:44 . 2012-03-23 15:44 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-23 15:44 . 2012-03-23 15:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 15:44 . 2012-03-23 15:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-23 15:44 . 2012-03-23 15:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"WRSVC"="c:\program files\Webroot\WRSA.exe" -ul
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 gupdate;Google Päivitä-palvelu (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R4 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 116648]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed5ad06-750b-11e1-8b64-0022152566e2}]
\shell\AutoRun\command - K:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:57]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 11:58]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-27 11:58]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920578845-3360453427-151566150-1001Core.job
- c:\users\Daemon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23 15:04]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920578845-3360453427-151566150-1001UA.job
- c:\users\Daemon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23 15:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:8118
TCP: Interfaces\{813A4C3B-BA26-45F3-A22A-0F1B0E2769C7}: NameServer = 192.89.123.231,193.210.19.190
.
.
------- Tiedostokytkennät -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Notify-LBTWlgn - (no file)
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-06-11 00:59:59 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-06-10 21:59
.
Ennen ajoa: 399 709 798 400 bytes free
Ajon jälkeen: 399 744 270 336 bytes free
.
- - End Of File - - 50812DFEA75EC4744AB56C83F902E8AF

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 10 June 2012 - 05:08 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Klasu

Klasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 11 June 2012 - 07:49 AM

here it is


Adobe Reader X (10.1.3) - Suomi
Apple Application Support
Apple Software Update
µTorrent
BrettspielWelt
BS.Player PRO
D3DX10
DAEMON Tools Toolbar
eReg
FIFA 12 © EA version 1
Football Manager 2012
Free FLAC to MP3 Converter 1.0
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Mass Effect™ 3
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Minilyrics
Mozilla Thunderbird 12.0.1 (x86 fi)
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
MyFreeCodec
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Opera 11.64
Orcs Must Die!
Origin
QuickTime
Rapture3D 2.4.11 Game
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimCity 4 Ruuhka-aika
Spotify
Spybot - Search & Destroy
Steam
System Requirements Lab CYRI
The Settlers 7 - Paths to a Kingdom
The Walking Dead © 3 version 1
Toy Soldiers
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Waveform Demo
Veetle TV
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:45 AM

Posted 11 June 2012 - 09:22 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
DAEMON Tools Toolbar
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users