Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST infection


  • This topic is locked This topic is locked
25 replies to this topic

#1 SoNoVa

SoNoVa

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 14 June 2012 - 04:46 PM

Since a few days i started to notice my pc was getting extremely slow.
So i started to do some basic checking this and that and i came up with
this issue.

link to screenshot: http://prntscr.com/aldjh

Found this problem using procces explorer.
Also during my hunt i came to the conclusion
that my windows firewall is disfunctional and
cannot be restarted.

This procces can be terminated and everything goes
back to normal for about a half minute and then it
just reactivates itself.
-------------------------------------------------------------------------------------------------------------------------------------------------------

Have read another topic on the forum about the same issue
so i already did a few checks and ran defogger.exe

SecurityCheck.exe results:

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

-------------------------------------------------------------------------------------------------------------------------------------------------------
D.D.S. results:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Nele at 23:38:47 on 2012-06-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.12287.10031 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Windows\SysWOW64\svchost.exe" -g no -t 3 -o http://great-0portunity.com:8344/ -u kujbplmtpj -p wdozvrxqjy
C:\Users\Nele\AppData\Local\Skillbrains\lightshot\2.5.0.0\LightShot.exe
C:\Users\Nele\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Defrag.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.immoweb.be/nl/customer.cfm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
TCP: Interfaces\{9B755004-DF3C-415E-B73B-61350D7113F0} : DhcpNameServer = 195.130.131.133 195.130.130.5
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - C:\PROGRA~2\OFFLIN~1\ssp.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
IE-X64: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
Hosts: 121.128.133.30 gwgt1.joymax.com
Hosts: 121.128.133.30 gwgt2.joymax.com
Hosts: 121.128.133.30 gwgt3.joymax.com
Hosts: 121.128.133.30 gwgt4.joymax.com
Hosts: 121.128.133.30 gwgt5.joymax.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\x42ip6nx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-2-7 90112]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-26 2984832]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-9-14 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-14 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\system32\DRIVERS\s1029bus.sys --> C:\Windows\system32\DRIVERS\s1029bus.sys [?]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1029mdfl.sys --> C:\Windows\system32\DRIVERS\s1029mdfl.sys [?]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1029mdm.sys --> C:\Windows\system32\DRIVERS\s1029mdm.sys [?]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1029mgmt.sys --> C:\Windows\system32\DRIVERS\s1029mgmt.sys [?]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1029nd5.sys --> C:\Windows\system32\DRIVERS\s1029nd5.sys [?]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1029obex.sys --> C:\Windows\system32\DRIVERS\s1029obex.sys [?]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1029unic.sys --> C:\Windows\system32\DRIVERS\s1029unic.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-06-14 21:14:44 -------- d-s---w- C:\ComboFix
2012-06-14 12:06:26 -------- d-----w- C:\Users\Nele\AppData\Local\Macromedia
2012-06-14 12:02:59 -------- d-----w- C:\Users\Nele\AppData\Local\{4ADD1A74-DB21-4669-8C75-F6B335B5E128}
2012-06-14 11:41:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 11:22:57 -------- d-----w- C:\Users\Nele\AppData\Local\{11BB0E29-BEF4-44D0-B79A-D184C5C6DFDF}
2012-06-14 11:22:23 -------- d-----w- C:\Users\Nele\AppData\Local\{AF0F66DF-34A8-470D-BD9F-2588FD55E179}
2012-06-13 04:50:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 04:50:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:50:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 04:17:46 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 04:17:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 04:17:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 04:00:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 20:08:53 108475 ----a-w- C:\Windows\Thumbplug TGA Uninstaller.exe
2012-06-12 20:08:53 -------- d-----w- C:\Program Files (x86)\Thumbplug TGA
2012-06-12 10:50:34 -------- d-----w- C:\Users\Nele\AppData\Local\{B1AB2487-1FD9-4DF0-B266-888DB3E1EC65}
2012-06-11 18:23:52 -------- d-----w- C:\Users\Nele\AppData\Local\{F5E69990-36BD-4375-B4BC-3398635087A6}
2012-06-11 18:23:50 -------- d-----w- C:\Users\Nele\AppData\Local\{3708AA05-5479-42F3-A3C6-41BC7DF34410}
2012-06-11 18:14:27 -------- d-----w- C:\Users\Nele\AppData\Local\{954B70EC-C4D4-4C80-B937-B3C56DFAE8CB}
2012-06-11 18:14:25 -------- d-----w- C:\Users\Nele\AppData\Local\{9A353896-34F9-483E-AC84-74948AE78FE6}
2012-06-11 17:43:42 -------- d-----w- C:\Users\Nele\AppData\Local\{C7FCAD62-56A2-4256-B033-ED1633EB8CBC}
2012-06-11 17:43:40 -------- d-----w- C:\Users\Nele\AppData\Local\{C1693D0A-2109-48BE-B4A1-8328B558124D}
2012-06-11 12:43:24 84832 ----a-w- C:\Windows\SysWow64\drivers\ASPI32.SYS
2012-06-11 12:43:24 45056 ----a-w- C:\Windows\SysWow64\WNASPI32.DLL
2012-06-11 12:43:23 -------- d-----w- C:\Program Files (x86)\4Musics WAV Bitrate Changer
2012-06-11 12:37:20 -------- d-----w- C:\Users\Nele\AppData\Roaming\Free MP3 WMA OGG Converter
2012-06-11 12:37:07 -------- d-----w- C:\Program Files (x86)\Free MP3 WMA OGG Converter
2012-06-11 12:34:55 -------- d-----w- C:\ProgramData\FreeRIP
2012-06-11 12:31:40 40960 ----a-w- C:\Windows\SysWow64\DGPNorm.ocx
2012-06-11 12:26:15 892928 ----a-w- C:\Windows\SysWow64\NCTAudioInformation.dll
2012-06-11 12:26:15 73785 ----a-w- C:\Windows\SysWow64\temp.002
2012-06-11 12:26:15 274432 ----a-w- C:\Windows\SysWow64\NCTAudioPlayer.dll
2012-06-11 12:26:15 233472 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2012-06-11 12:26:15 1703936 ----a-w- C:\Windows\SysWow64\NCTAudioFile.dll
2012-06-11 12:26:15 140288 ------w- C:\Windows\SysWow64\Comdlg32.ocx
2012-06-11 12:26:15 1388544 ----a-w- C:\Windows\SysWow64\temp.003
2012-06-11 12:26:15 -------- d-----w- C:\Program Files (x86)\Ace MP3 To WAV Converter
2012-06-09 20:25:04 -------- d-----w- C:\Users\Nele\AppData\Local\{A2914F69-0245-4EF6-AEDA-6CA94FD697FA}
2012-06-09 20:25:02 -------- d-----w- C:\Users\Nele\AppData\Local\{3FB14155-1BDB-4BAC-A110-D5EE732FB73C}
2012-06-09 20:11:07 -------- d-----w- C:\Users\Nele\AppData\Local\{1614B3B2-044C-4838-AC77-AF0560129BE8}
2012-06-09 20:11:05 -------- d-----w- C:\Users\Nele\AppData\Local\{ED90AFB9-6AA8-4453-8475-A1E6B7A83591}
2012-06-09 20:09:15 -------- d-----w- C:\Users\Nele\AppData\Local\{FA413403-A765-4227-A782-C8F4B8930765}
2012-06-09 20:09:13 -------- d-----w- C:\Users\Nele\AppData\Local\{9B7B996B-95A9-4DFB-903B-44DDEEECDD16}
2012-06-06 18:21:27 -------- d-----w- C:\Users\Nele\AppData\Local\GameSpy
2012-06-06 11:18:45 -------- d-----w- C:\Users\Nele\AppData\Local\{8FE6DAC1-DCFF-46E6-9FF6-36DB36866FBD}
2012-06-06 11:18:02 -------- d-----w- C:\Users\Nele\AppData\Local\{44A6ECFD-72FA-479C-A0D3-5A2F120E2F37}
2012-06-05 19:11:23 -------- d-s---w- C:\Program Files (x86)\HLSW
2012-06-05 19:11:23 -------- d-----w- C:\Users\Nele\AppData\Roaming\HLSW
2012-06-03 15:21:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-06-03 15:14:28 -------- d-----w- C:\ProgramData\ALM
2012-06-03 15:10:50 -------- d-----w- C:\Users\Nele\Adobe Flash Builder 4.6
2012-06-03 15:03:19 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-06-03 15:03:19 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-06-03 15:03:18 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-06-03 15:03:12 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-05-31 17:38:00 -------- d-----w- C:\Users\Nele\AppData\Local\{222183F8-491A-4097-AE4B-B0A9C1E6F441}
2012-05-31 17:37:48 -------- d-----w- C:\Users\Nele\AppData\Local\{13E88110-38B9-4948-9486-E9A0330E25C1}
2012-05-30 20:25:28 -------- d-----w- C:\Program Files\SmartFTP Client
2012-05-30 20:24:40 -------- d-----w- C:\Windows\System32\appmgmt
2012-05-30 18:52:23 -------- d-----w- C:\Users\Nele\AppData\Local\{DF1DAAF4-FB44-409B-BCB6-2078C2D0385F}
2012-05-30 18:52:10 -------- d-----w- C:\Users\Nele\AppData\Local\{D4803620-CA34-4FB5-9EE6-EFFFC0B69CB4}
2012-05-29 18:17:57 -------- d-----w- C:\Program Files\Microsoft LifeCam
2012-05-29 18:17:57 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2012-05-28 12:45:07 -------- d-----w- C:\Users\Nele\AppData\Roaming\iZotope
2012-05-28 12:35:18 -------- d-----w- C:\Program Files (x86)\iZotope
2012-05-28 12:35:11 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-05-28 12:08:32 86016 ----a-w- C:\Windows\unvise32.exe
2012-05-26 16:13:54 2240 ----a-w- C:\Windows\LENDIG.sys
2012-05-26 13:24:19 -------- d-----w- C:\Users\Nele\Sylenth1DemoWin32
2012-05-26 12:36:34 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-05-26 11:40:33 -------- d-----w- C:\Program Files (x86)\Common Files\reFX
2012-05-26 11:36:09 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-05-25 23:01:09 -------- d-----w- C:\Users\Nele\AppData\Roaming\SynthMaker
2012-05-25 22:44:21 -------- d-----w- C:\Users\Nele\AppData\Roaming\Image-Line
2012-05-24 23:46:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-24 22:48:35 -------- d-----w- C:\Users\Nele\AppData\Roaming\Deckadance19
2012-05-24 22:24:00 -------- d-----w- C:\Users\Nele\AppData\Roaming\SongManager
2012-05-24 22:21:27 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-05-24 22:21:07 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-05-24 22:21:07 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-05-24 22:20:53 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-05-24 22:20:48 -------- d-----w- C:\Program Files (x86)\Outsim
2012-05-24 22:17:50 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-05-22 16:30:25 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCF1E2DE-9B94-40DF-B4EB-43AF5F857A25}\mpengine.dll
2012-05-18 14:25:01 -------- d-----w- C:\Users\Nele\AppData\Local\{37A801A0-78F8-4971-9178-D38CBF7EA000}
2012-05-18 14:24:36 -------- d-----w- C:\Users\Nele\AppData\Local\{E4B350ED-7162-4D9B-9B24-379C34F881CB}
.
==================== Find3M ====================
.
2012-06-14 11:41:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-25 12:09:35 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-25 12:09:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-18 11:49:50 405176 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-04-07 07:58:11 60 ----a-w- C:\GM_EFC0.tmp
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 11:43:58 2557952 ----a-w- C:\Windows\SysWow64\QtCore4.dll
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 23:39:28,08 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2010 0:41:54
System Uptime: 14/06/2012 22:53:27 (1 hours ago)
.
Motherboard: MSI | | 890FXA-GD70 (MS-7640)
Processor: AMD Phenom™ II X4 965 Processor | CPU1 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 7,633 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 465,658 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76401462&REV_03\03000000684CE00000
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76401462&REV_03\03000000684CE00000
Service: RTL8167
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4Musics WAV Bitrate Changer 4.2
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader X - Nederlands
Adobe Widget Browser
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD OverDrive Beta
AMD System Monitor
Apple Application Support
Apple Software Update
ASIO4ALL
µTorrent
bl
Camel Audio Camel Phat VST v3.15
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
CCProxy 7.2
Compatibiliteitspakket voor het 2007 Microsoft Office system
ConsoleApplication1
Counter-Strike
Counter-Strike: Source
Creative Configuratiescherm voor geluid
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
D3DX10
De Sims™ 3
Deckadance
Dev-C++ 5 beta 9 release (4.9.9.2)
devolo dLAN-configuratiewizard
devolo Informer
DiRT 2
DiskMax 4.50
Dolby Digital Live Pack
DTS Connect Pack
EA Download Manager
EA Download Manager UI
ExtraFilm Designer BE NL
Far Cry 2
FL Studio 10
Free MP3 WMA OGG Converter 8.9.1
Free YouTube Download version 3.1.25.423
Google Earth
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
HEMA fotoalbum be-nl
HLSW v1.4.0.2
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hydra VSTi/DXi v1.2
ICQ7.6
IL Download Manager
iSroProxify
Java Auto Updater
Java™ 6 Update 29
Lennar Digital Sylenth VSTi v1.2.1
lightshot-2.5.0.0
Media Go
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Professional Editie 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Morphyre
Mozilla Firefox 12.0 (x86 nl)
Mozilla Maintenance Service
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Offline Commander
Ohm Force - Ohmicide VST
OpenAL
PDF Settings CS6
ph
PlayStation®Network Downloader
PlayStation®Store
PunkBuster Services
QuickTime
Rapture3D 2.3.26 Game
Realtek Ethernet Controller Driver For Windows Vista and Later
reFX Nexus VSTi RTAS v2.2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Silkroad
Skype Click to Call
Skype™ 5.5
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Sony Ericsson PC Companion 1.60.13
Sony Ericsson PC Suite 6.011.00
Sound Blaster X-Fi
Steam
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
TeamSpeak 3 Client
TeamViewer 7
Test Drive Unlimited 2 Demo
Thumbplug TGA
Universal Bot
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.8
Waves Diamond Bundle v5.2
Winamp
Winamp Applicatie Detect
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
XAMPP 1.7.4
Xfire (remove only)
.
==== End Of File ===========================

Edited by SoNoVa, 14 June 2012 - 05:06 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 14 June 2012 - 11:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 June 2012 - 06:29 AM

i posted the results of security check in my initial post

i did try combofix before your reply and it simply does not get past
the extraction procces, it shuts down on itself. even after a reboot.

however, sometimes i see a flash of the blue gui before it closes (really fast).


edit:

even when combofix fails to run properly it shuts down the infected svchost entry
or atleast the entry shuts down (not shure if its combofix closing it), after wich
the procces comes back.


edit:

the infected svchost procces seems to be gone for longer time now...

Edited by SoNoVa, 15 June 2012 - 06:53 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 15 June 2012 - 07:06 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 June 2012 - 12:38 PM

Seems to be the Sirefef-PL RootKit infection
and Medfos-AA Trojan






19:24:29.0983 6436 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
19:24:30.0057 6436 ============================================================
19:24:30.0057 6436 Current date / time: 2012/06/15 19:24:30.0057
19:24:30.0057 6436 SystemInfo:
19:24:30.0057 6436
19:24:30.0057 6436 OS Version: 6.1.7601 ServicePack: 1.0
19:24:30.0057 6436 Product type: Workstation
19:24:30.0057 6436 ComputerName: NELE-PC
19:24:30.0057 6436 UserName: Nele
19:24:30.0057 6436 Windows directory: C:\Windows
19:24:30.0057 6436 System windows directory: C:\Windows
19:24:30.0057 6436 Running under WOW64
19:24:30.0057 6436 Processor architecture: Intel x64
19:24:30.0057 6436 Number of processors: 4
19:24:30.0057 6436 Page size: 0x1000
19:24:30.0057 6436 Boot type: Normal boot
19:24:30.0057 6436 ============================================================
19:24:31.0504 6436 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:35.0692 6436 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:35.0750 6436 ============================================================
19:24:35.0750 6436 \Device\Harddisk1\DR1:
19:24:35.0751 6436 MBR partitions:
19:24:35.0751 6436 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:24:35.0751 6436 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:24:35.0751 6436 \Device\Harddisk0\DR0:
19:24:35.0751 6436 MBR partitions:
19:24:35.0751 6436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
19:24:35.0751 6436 ============================================================
19:24:35.0779 6436 C: <-> \Device\Harddisk1\DR1\Partition1
19:24:35.0819 6436 D: <-> \Device\Harddisk0\DR0\Partition0
19:24:35.0819 6436 ============================================================
19:24:35.0819 6436 Initialize success
19:24:35.0819 6436 ============================================================
19:24:49.0732 8832 ============================================================
19:24:49.0732 8832 Scan started
19:24:49.0732 8832 Mode: Manual;
19:24:49.0732 8832 ============================================================
19:24:51.0482 8832 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:24:51.0484 8832 1394ohci - ok
19:24:51.0548 8832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:24:51.0551 8832 ACPI - ok
19:24:51.0604 8832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:24:51.0605 8832 AcpiPmi - ok
19:24:51.0697 8832 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:24:51.0698 8832 adfs - ok
19:24:51.0743 8832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:24:51.0747 8832 adp94xx - ok
19:24:51.0773 8832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:24:51.0777 8832 adpahci - ok
19:24:51.0799 8832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:24:51.0801 8832 adpu320 - ok
19:24:51.0834 8832 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:24:51.0835 8832 AeLookupSvc - ok
19:24:51.0919 8832 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:24:51.0923 8832 AFD - ok
19:24:52.0032 8832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:24:52.0033 8832 agp440 - ok
19:24:52.0330 8832 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
19:24:52.0330 8832 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
19:24:52.0335 8832 Akamai ( HiddenFile.Multi.Generic ) - warning
19:24:52.0335 8832 Akamai - detected HiddenFile.Multi.Generic (1)
19:24:52.0417 8832 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:24:52.0418 8832 ALG - ok
19:24:52.0503 8832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:24:52.0504 8832 aliide - ok
19:24:52.0532 8832 AMD External Events Utility (1ea72552bc6ab3a5d02e16a3004b3b97) C:\Windows\system32\atiesrxx.exe
19:24:52.0534 8832 AMD External Events Utility - ok
19:24:52.0571 8832 AMD FUEL Service - ok
19:24:52.0617 8832 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
19:24:52.0619 8832 AMD Reservation Manager - ok
19:24:52.0628 8832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:24:52.0629 8832 amdide - ok
19:24:52.0639 8832 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:24:52.0640 8832 amdiox64 - ok
19:24:52.0666 8832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:24:52.0667 8832 AmdK8 - ok
19:24:52.0985 8832 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
19:24:53.0136 8832 amdkmdag - ok
19:24:53.0243 8832 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
19:24:53.0246 8832 amdkmdap - ok
19:24:53.0278 8832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:24:53.0279 8832 AmdPPM - ok
19:24:53.0344 8832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:24:53.0345 8832 amdsata - ok
19:24:53.0376 8832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:24:53.0378 8832 amdsbs - ok
19:24:53.0396 8832 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:24:53.0397 8832 amdxata - ok
19:24:53.0471 8832 AODDriver4.0 - ok
19:24:53.0551 8832 AODDriver4.1 (6845a9781ef9d2fa5c494cc684a06b6a) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
19:24:53.0552 8832 AODDriver4.1 - ok
19:24:53.0590 8832 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
19:24:53.0592 8832 AODService - ok
19:24:53.0659 8832 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:24:53.0660 8832 AppID - ok
19:24:53.0688 8832 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:24:53.0689 8832 AppIDSvc - ok
19:24:53.0766 8832 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:24:53.0767 8832 Appinfo - ok
19:24:53.0810 8832 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:24:53.0812 8832 AppMgmt - ok
19:24:53.0835 8832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:24:53.0836 8832 arc - ok
19:24:53.0849 8832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:24:53.0850 8832 arcsas - ok
19:24:53.0878 8832 ASPI - ok
19:24:54.0008 8832 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:24:54.0009 8832 aspnet_state - ok
19:24:54.0050 8832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:24:54.0051 8832 AsyncMac - ok
19:24:54.0107 8832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:24:54.0108 8832 atapi - ok
19:24:54.0154 8832 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:24:54.0155 8832 AtiHDAudioService - ok
19:24:54.0215 8832 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
19:24:54.0217 8832 AtiHdmiService - ok
19:24:54.0283 8832 atillk64 - ok
19:24:54.0358 8832 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:24:54.0374 8832 AudioEndpointBuilder - ok
19:24:54.0379 8832 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:24:54.0382 8832 AudioSrv - ok
19:24:54.0476 8832 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:24:54.0478 8832 AxInstSV - ok
19:24:54.0519 8832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:24:54.0523 8832 b06bdrv - ok
19:24:54.0555 8832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:24:54.0558 8832 b57nd60a - ok
19:24:54.0602 8832 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:24:54.0603 8832 BDESVC - ok
19:24:54.0622 8832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:24:54.0623 8832 Beep - ok
19:24:54.0735 8832 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:24:54.0772 8832 BFE - ok
19:24:54.0843 8832 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:24:54.0854 8832 BITS - ok
19:24:54.0900 8832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:24:54.0901 8832 blbdrive - ok
19:24:54.0960 8832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:24:54.0961 8832 bowser - ok
19:24:54.0976 8832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:24:54.0977 8832 BrFiltLo - ok
19:24:54.0992 8832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:24:54.0993 8832 BrFiltUp - ok
19:24:55.0041 8832 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:24:55.0042 8832 BridgeMP - ok
19:24:55.0100 8832 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:24:55.0101 8832 Browser - ok
19:24:55.0131 8832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:24:55.0134 8832 Brserid - ok
19:24:55.0143 8832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:24:55.0144 8832 BrSerWdm - ok
19:24:55.0190 8832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:24:55.0191 8832 BrUsbMdm - ok
19:24:55.0204 8832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:24:55.0204 8832 BrUsbSer - ok
19:24:55.0226 8832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:24:55.0227 8832 BTHMODEM - ok
19:24:55.0251 8832 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:24:55.0253 8832 bthserv - ok
19:24:55.0268 8832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:24:55.0269 8832 cdfs - ok
19:24:55.0333 8832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:24:55.0335 8832 cdrom - ok
19:24:55.0403 8832 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:24:55.0404 8832 CertPropSvc - ok
19:24:55.0418 8832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:24:55.0420 8832 circlass - ok
19:24:55.0462 8832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:24:55.0466 8832 CLFS - ok
19:24:55.0527 8832 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:24:55.0528 8832 clr_optimization_v2.0.50727_32 - ok
19:24:55.0595 8832 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:24:55.0596 8832 clr_optimization_v2.0.50727_64 - ok
19:24:55.0720 8832 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:24:55.0768 8832 clr_optimization_v4.0.30319_32 - ok
19:24:55.0809 8832 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:24:55.0811 8832 clr_optimization_v4.0.30319_64 - ok
19:24:55.0826 8832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:24:55.0827 8832 CmBatt - ok
19:24:55.0879 8832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:24:55.0880 8832 cmdide - ok
19:24:55.0944 8832 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:24:55.0948 8832 CNG - ok
19:24:55.0978 8832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:24:55.0978 8832 Compbatt - ok
19:24:56.0049 8832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:24:56.0050 8832 CompositeBus - ok
19:24:56.0052 8832 COMSysApp - ok
19:24:56.0131 8832 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
19:24:56.0132 8832 cpuz135 - ok
19:24:56.0152 8832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:24:56.0153 8832 crcdisk - ok
19:24:56.0218 8832 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:24:56.0219 8832 Creative ALchemy AL6 Licensing Service - ok
19:24:56.0248 8832 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:24:56.0250 8832 Creative Audio Engine Licensing Service - ok
19:24:56.0319 8832 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:24:56.0321 8832 CryptSvc - ok
19:24:56.0378 8832 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:24:56.0383 8832 CSC - ok
19:24:56.0479 8832 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:24:56.0486 8832 CscService - ok
19:24:56.0568 8832 CT20XUT (b3b541b3b25adb02d793c51953b22491) C:\Windows\system32\drivers\CT20XUT.SYS
19:24:56.0570 8832 CT20XUT - ok
19:24:56.0574 8832 CT20XUT.SYS (b3b541b3b25adb02d793c51953b22491) C:\Windows\System32\drivers\CT20XUT.SYS
19:24:56.0575 8832 CT20XUT.SYS - ok
19:24:56.0611 8832 ctac32k (f2e098f140b769ae62803e89230f11a9) C:\Windows\system32\drivers\ctac32k.sys
19:24:56.0617 8832 ctac32k - ok
19:24:56.0654 8832 ctaud2k (5c315e9dabf63d9d12973585a6113066) C:\Windows\system32\drivers\ctaud2k.sys
19:24:56.0669 8832 ctaud2k - ok
19:24:56.0788 8832 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:24:56.0791 8832 CTAudSvcService - ok
19:24:56.0857 8832 CTEXFIFX (59d681564c6d5cd72890082925501be9) C:\Windows\system32\drivers\CTEXFIFX.SYS
19:24:56.0891 8832 CTEXFIFX - ok
19:24:57.0178 8832 CTEXFIFX.SYS (59d681564c6d5cd72890082925501be9) C:\Windows\System32\drivers\CTEXFIFX.SYS
19:24:57.0184 8832 CTEXFIFX.SYS - ok
19:24:57.0375 8832 CTHWIUT (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\system32\drivers\CTHWIUT.SYS
19:24:57.0377 8832 CTHWIUT - ok
19:24:57.0379 8832 CTHWIUT.SYS (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\System32\drivers\CTHWIUT.SYS
19:24:57.0380 8832 CTHWIUT.SYS - ok
19:24:57.0384 8832 ctprxy2k (ef305cab6295b8a250a77a7fd5f9f113) C:\Windows\system32\drivers\ctprxy2k.sys
19:24:57.0385 8832 ctprxy2k - ok
19:24:57.0402 8832 ctsfm2k (01323c189318b92bb7781b911de9d62b) C:\Windows\system32\drivers\ctsfm2k.sys
19:24:57.0404 8832 ctsfm2k - ok
19:24:57.0538 8832 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:24:57.0543 8832 DcomLaunch - ok
19:24:57.0590 8832 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:24:57.0593 8832 defragsvc - ok
19:24:57.0646 8832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:24:57.0647 8832 DfsC - ok
19:24:57.0732 8832 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:24:57.0736 8832 Dhcp - ok
19:24:57.0760 8832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:24:57.0761 8832 discache - ok
19:24:57.0799 8832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:24:57.0800 8832 Disk - ok
19:24:57.0854 8832 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:24:57.0857 8832 Dnscache - ok
19:24:57.0916 8832 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:24:57.0919 8832 dot3svc - ok
19:24:57.0977 8832 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:24:57.0979 8832 DPS - ok
19:24:58.0013 8832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:24:58.0014 8832 drmkaud - ok
19:24:58.0026 8832 dump_wmimmc - ok
19:24:58.0111 8832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:24:58.0142 8832 DXGKrnl - ok
19:24:58.0186 8832 EagleX64 - ok
19:24:58.0199 8832 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:24:58.0200 8832 EapHost - ok
19:24:58.0329 8832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:24:58.0385 8832 ebdrv - ok
19:24:58.0778 8832 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:24:58.0779 8832 EFS - ok
19:24:58.0913 8832 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:24:58.0928 8832 ehRecvr - ok
19:24:58.0931 8832 ehSched - ok
19:24:58.0999 8832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:24:59.0004 8832 elxstor - ok
19:24:59.0055 8832 emupia (1b68c7ddd39811df63fc04af937be91a) C:\Windows\system32\drivers\emupia2k.sys
19:24:59.0057 8832 emupia - ok
19:24:59.0100 8832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:24:59.0100 8832 ErrDev - ok
19:24:59.0129 8832 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:24:59.0133 8832 EventSystem - ok
19:24:59.0157 8832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:24:59.0159 8832 exfat - ok
19:24:59.0183 8832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:24:59.0186 8832 fastfat - ok
19:24:59.0274 8832 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:24:59.0288 8832 Fax - ok
19:24:59.0303 8832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:24:59.0304 8832 fdc - ok
19:24:59.0331 8832 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:24:59.0332 8832 fdPHost - ok
19:24:59.0349 8832 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:24:59.0350 8832 FDResPub - ok
19:24:59.0361 8832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:24:59.0362 8832 FileInfo - ok
19:24:59.0373 8832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:24:59.0374 8832 Filetrace - ok
19:24:59.0391 8832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:24:59.0392 8832 flpydisk - ok
19:24:59.0458 8832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:24:59.0460 8832 FltMgr - ok
19:24:59.0568 8832 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:24:59.0608 8832 FontCache - ok
19:24:59.0707 8832 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:24:59.0707 8832 FontCache3.0.0.0 - ok
19:24:59.0720 8832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:24:59.0721 8832 FsDepends - ok
19:24:59.0773 8832 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:24:59.0774 8832 Fs_Rec - ok
19:24:59.0840 8832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:24:59.0842 8832 fvevol - ok
19:24:59.0865 8832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:24:59.0866 8832 gagp30kx - ok
19:24:59.0956 8832 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:25:00.0004 8832 gpsvc - ok
19:25:00.0254 8832 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:00.0256 8832 gupdate - ok
19:25:00.0269 8832 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:00.0270 8832 gupdatem - ok
19:25:00.0325 8832 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:25:00.0327 8832 gusvc - ok
19:25:00.0405 8832 ha20x22k (7464c4d841c61e36a6177a6cb8f4aa2e) C:\Windows\system32\drivers\ha20x22k.sys
19:25:00.0422 8832 ha20x22k - ok
19:25:00.0627 8832 ha20x2k (c1c61e83f44b105a4a131cb0c583174c) C:\Windows\system32\drivers\ha20x2k.sys
19:25:00.0659 8832 ha20x2k - ok
19:25:00.0760 8832 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
19:25:00.0761 8832 hamachi - ok
19:25:00.0771 8832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:25:00.0772 8832 hcw85cir - ok
19:25:00.0856 8832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:25:00.0857 8832 HdAudAddService - ok
19:25:00.0877 8832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:25:00.0878 8832 HDAudBus - ok
19:25:00.0894 8832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:25:00.0895 8832 HidBatt - ok
19:25:00.0908 8832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:25:00.0909 8832 HidBth - ok
19:25:00.0923 8832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:25:00.0924 8832 HidIr - ok
19:25:00.0962 8832 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:25:00.0963 8832 hidserv - ok
19:25:01.0041 8832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:25:01.0042 8832 HidUsb - ok
19:25:01.0129 8832 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:25:01.0130 8832 hkmsvc - ok
19:25:01.0185 8832 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:25:01.0188 8832 HomeGroupListener - ok
19:25:01.0244 8832 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:25:01.0246 8832 HomeGroupProvider - ok
19:25:01.0294 8832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:25:01.0295 8832 HpSAMD - ok
19:25:01.0392 8832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:25:01.0407 8832 HTTP - ok
19:25:01.0460 8832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:25:01.0461 8832 hwpolicy - ok
19:25:01.0532 8832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:25:01.0533 8832 i8042prt - ok
19:25:01.0591 8832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:25:01.0595 8832 iaStorV - ok
19:25:01.0690 8832 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:01.0702 8832 idsvc - ok
19:25:01.0741 8832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:25:01.0742 8832 iirsp - ok
19:25:01.0796 8832 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:25:01.0820 8832 IKEEXT - ok
19:25:01.0871 8832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:25:01.0872 8832 intelide - ok
19:25:01.0905 8832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:25:01.0906 8832 intelppm - ok
19:25:01.0935 8832 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:25:01.0937 8832 IPBusEnum - ok
19:25:02.0004 8832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:25:02.0005 8832 IpFilterDriver - ok
19:25:02.0109 8832 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:25:02.0114 8832 iphlpsvc - ok
19:25:02.0149 8832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:25:02.0150 8832 IPMIDRV - ok
19:25:02.0180 8832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:25:02.0182 8832 IPNAT - ok
19:25:02.0202 8832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:25:02.0203 8832 IRENUM - ok
19:25:02.0225 8832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:25:02.0226 8832 isapnp - ok
19:25:02.0257 8832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:25:02.0260 8832 iScsiPrt - ok
19:25:02.0272 8832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:25:02.0273 8832 kbdclass - ok
19:25:02.0331 8832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:25:02.0428 8832 kbdhid - ok
19:25:02.0474 8832 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:02.0474 8832 KeyIso - ok
19:25:02.0492 8832 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:25:02.0493 8832 KSecDD - ok
19:25:02.0558 8832 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:25:02.0560 8832 KSecPkg - ok
19:25:02.0570 8832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:25:02.0571 8832 ksthunk - ok
19:25:02.0613 8832 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:25:02.0618 8832 KtmRm - ok
19:25:02.0637 8832 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:25:02.0640 8832 LanmanServer - ok
19:25:02.0691 8832 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:25:02.0693 8832 LanmanWorkstation - ok
19:25:02.0720 8832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:25:02.0721 8832 lltdio - ok
19:25:02.0759 8832 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:25:02.0762 8832 lltdsvc - ok
19:25:02.0782 8832 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:25:02.0783 8832 lmhosts - ok
19:25:02.0801 8832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:25:02.0803 8832 LSI_FC - ok
19:25:02.0809 8832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:25:02.0810 8832 LSI_SAS - ok
19:25:02.0826 8832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:25:02.0827 8832 LSI_SAS2 - ok
19:25:02.0833 8832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:25:02.0835 8832 LSI_SCSI - ok
19:25:02.0850 8832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:25:02.0852 8832 luafv - ok
19:25:02.0908 8832 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:25:02.0910 8832 Mcx2Svc - ok
19:25:03.0005 8832 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:25:03.0008 8832 MDM - ok
19:25:03.0030 8832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:25:03.0031 8832 megasas - ok
19:25:03.0077 8832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:25:03.0080 8832 MegaSR - ok
19:25:03.0085 8832 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:25:03.0087 8832 MMCSS - ok
19:25:03.0100 8832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:25:03.0101 8832 Modem - ok
19:25:03.0114 8832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:25:03.0114 8832 monitor - ok
19:25:03.0157 8832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:25:03.0158 8832 mouclass - ok
19:25:03.0170 8832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:25:03.0171 8832 mouhid - ok
19:25:03.0224 8832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:25:03.0225 8832 mountmgr - ok
19:25:03.0321 8832 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:25:03.0322 8832 MozillaMaintenance - ok
19:25:03.0364 8832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:25:03.0366 8832 mpio - ok
19:25:03.0386 8832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:25:03.0388 8832 mpsdrv - ok
19:25:03.0492 8832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:25:03.0494 8832 MRxDAV - ok
19:25:03.0553 8832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:25:03.0554 8832 mrxsmb - ok
19:25:03.0624 8832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:25:03.0626 8832 mrxsmb10 - ok
19:25:03.0634 8832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:25:03.0635 8832 mrxsmb20 - ok
19:25:03.0647 8832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:25:03.0648 8832 msahci - ok
19:25:03.0740 8832 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:25:03.0742 8832 MSCamSvc - ok
19:25:03.0793 8832 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:25:03.0795 8832 msdsm - ok
19:25:03.0825 8832 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:25:03.0827 8832 MSDTC - ok
19:25:03.0845 8832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:25:03.0846 8832 Msfs - ok
19:25:03.0861 8832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:25:03.0862 8832 mshidkmdf - ok
19:25:03.0913 8832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:25:03.0913 8832 msisadrv - ok
19:25:03.0952 8832 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:25:03.0954 8832 MSiSCSI - ok
19:25:03.0957 8832 msiserver - ok
19:25:03.0984 8832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:25:03.0984 8832 MSKSSRV - ok
19:25:04.0031 8832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:25:04.0032 8832 MSPCLOCK - ok
19:25:04.0044 8832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:25:04.0045 8832 MSPQM - ok
19:25:04.0109 8832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:25:04.0112 8832 MsRPC - ok
19:25:04.0130 8832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:25:04.0130 8832 mssmbios - ok
19:25:04.0286 8832 MSSQL$SQLEXPRESS - ok
19:25:04.0428 8832 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:25:04.0445 8832 MSSQLServerADHelper100 - ok
19:25:04.0479 8832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:25:04.0480 8832 MSTEE - ok
19:25:04.0486 8832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:25:04.0486 8832 MTConfig - ok
19:25:04.0510 8832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:25:04.0511 8832 Mup - ok
19:25:04.0574 8832 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:25:04.0579 8832 napagent - ok
19:25:04.0613 8832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:25:04.0616 8832 NativeWifiP - ok
19:25:04.0819 8832 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
19:25:04.0823 8832 NAUpdate - ok
19:25:04.0909 8832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:25:04.0941 8832 NDIS - ok
19:25:04.0961 8832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:25:04.0962 8832 NdisCap - ok
19:25:05.0010 8832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:25:05.0011 8832 NdisTapi - ok
19:25:05.0048 8832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:25:05.0049 8832 Ndisuio - ok
19:25:05.0107 8832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:25:05.0109 8832 NdisWan - ok
19:25:05.0156 8832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:25:05.0157 8832 NDProxy - ok
19:25:05.0163 8832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:25:05.0164 8832 NetBIOS - ok
19:25:05.0225 8832 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:25:05.0227 8832 NetBT - ok
19:25:05.0281 8832 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:05.0282 8832 Netlogon - ok
19:25:05.0336 8832 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:25:05.0340 8832 Netman - ok
19:25:05.0532 8832 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:25:05.0534 8832 NetMsmqActivator - ok
19:25:05.0548 8832 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:25:05.0549 8832 NetPipeActivator - ok
19:25:05.0568 8832 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:25:05.0573 8832 netprofm - ok
19:25:05.0582 8832 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:25:05.0582 8832 NetTcpActivator - ok
19:25:05.0585 8832 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:25:05.0586 8832 NetTcpPortSharing - ok
19:25:05.0650 8832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:25:05.0651 8832 nfrd960 - ok
19:25:05.0730 8832 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:25:05.0733 8832 NlaSvc - ok
19:25:05.0740 8832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:25:05.0741 8832 Npfs - ok
19:25:05.0858 8832 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
19:25:05.0859 8832 NPF_devolo - ok
19:25:05.0890 8832 npggsvc - ok
19:25:05.0893 8832 NPPTNT2 - ok
19:25:05.0905 8832 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:25:05.0907 8832 nsi - ok
19:25:05.0914 8832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:25:05.0914 8832 nsiproxy - ok
19:25:06.0046 8832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:25:06.0085 8832 Ntfs - ok
19:25:06.0228 8832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:25:06.0229 8832 Null - ok
19:25:06.0249 8832 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:25:06.0251 8832 nusb3hub - ok
19:25:06.0282 8832 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:25:06.0284 8832 nusb3xhc - ok
19:25:06.0343 8832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:25:06.0345 8832 nvraid - ok
19:25:06.0385 8832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:25:06.0387 8832 nvstor - ok
19:25:06.0419 8832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:25:06.0421 8832 nv_agp - ok
19:25:06.0588 8832 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:25:06.0593 8832 odserv - ok
19:25:06.0650 8832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:25:06.0651 8832 ohci1394 - ok
19:25:06.0795 8832 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
19:25:06.0796 8832 OMSI download service - ok
19:25:06.0849 8832 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:06.0851 8832 ose - ok
19:25:06.0876 8832 ossrv (eb8724534cee0977eac4878812682f6b) C:\Windows\system32\drivers\ctoss2k.sys
19:25:06.0881 8832 ossrv - ok
19:25:06.0913 8832 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:25:06.0917 8832 p2pimsvc - ok
19:25:06.0943 8832 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:25:06.0948 8832 p2psvc - ok
19:25:07.0029 8832 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
19:25:07.0035 8832 PAC207 - ok
19:25:07.0059 8832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:25:07.0061 8832 Parport - ok
19:25:07.0102 8832 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:25:07.0103 8832 partmgr - ok
19:25:07.0124 8832 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:25:07.0127 8832 PcaSvc - ok
19:25:07.0187 8832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:25:07.0189 8832 pci - ok
19:25:07.0203 8832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:25:07.0204 8832 pciide - ok
19:25:07.0225 8832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:25:07.0227 8832 pcmcia - ok
19:25:07.0241 8832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:25:07.0242 8832 pcw - ok
19:25:07.0278 8832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:25:07.0295 8832 PEAUTH - ok
19:25:07.0393 8832 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:25:07.0471 8832 PeerDistSvc - ok
19:25:08.0164 8832 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:25:08.0165 8832 PerfHost - ok
19:25:08.0321 8832 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:25:08.0342 8832 pla - ok
19:25:08.0413 8832 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:25:08.0418 8832 PlugPlay - ok
19:25:08.0431 8832 PnkBstrA - ok
19:25:08.0440 8832 PnkBstrB - ok
19:25:08.0468 8832 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:25:08.0469 8832 PNRPAutoReg - ok
19:25:08.0496 8832 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:25:08.0499 8832 PNRPsvc - ok
19:25:08.0567 8832 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:25:08.0572 8832 PolicyAgent - ok
19:25:08.0604 8832 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:25:08.0607 8832 Power - ok
19:25:08.0695 8832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:25:08.0697 8832 PptpMiniport - ok
19:25:08.0734 8832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:25:08.0736 8832 Processor - ok
19:25:08.0814 8832 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:25:08.0817 8832 ProfSvc - ok
19:25:08.0858 8832 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:08.0859 8832 ProtectedStorage - ok
19:25:08.0920 8832 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:25:08.0921 8832 Psched - ok
19:25:08.0978 8832 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
19:25:08.0979 8832 PxHlpa64 - ok
19:25:09.0050 8832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:25:09.0070 8832 ql2300 - ok
19:25:09.0181 8832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:25:09.0183 8832 ql40xx - ok
19:25:09.0205 8832 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:25:09.0208 8832 QWAVE - ok
19:25:09.0217 8832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:25:09.0218 8832 QWAVEdrv - ok
19:25:09.0227 8832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:25:09.0228 8832 RasAcd - ok
19:25:09.0256 8832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:25:09.0257 8832 RasAgileVpn - ok
19:25:09.0270 8832 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:25:09.0272 8832 RasAuto - ok
19:25:09.0332 8832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:25:09.0334 8832 Rasl2tp - ok
19:25:09.0404 8832 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:25:09.0408 8832 RasMan - ok
19:25:09.0522 8832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:25:09.0524 8832 RasPppoe - ok
19:25:09.0553 8832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:25:09.0555 8832 RasSstp - ok
19:25:09.0611 8832 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:25:09.0614 8832 rdbss - ok
19:25:09.0621 8832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:25:09.0622 8832 rdpbus - ok
19:25:09.0656 8832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:25:09.0656 8832 RDPCDD - ok
19:25:09.0715 8832 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:25:09.0717 8832 RDPDR - ok
19:25:09.0735 8832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:25:09.0736 8832 RDPENCDD - ok
19:25:09.0740 8832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:25:09.0741 8832 RDPREFMP - ok
19:25:09.0837 8832 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:25:09.0840 8832 RDPWD - ok
19:25:09.0957 8832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:25:09.0959 8832 rdyboost - ok
19:25:09.0985 8832 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:25:09.0987 8832 RemoteAccess - ok
19:25:10.0005 8832 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:25:10.0008 8832 RemoteRegistry - ok
19:25:10.0022 8832 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:25:10.0023 8832 RpcEptMapper - ok
19:25:10.0044 8832 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:25:10.0045 8832 RpcLocator - ok
19:25:10.0130 8832 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:25:10.0133 8832 RpcSs - ok
19:25:10.0233 8832 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
19:25:10.0236 8832 RsFx0103 - ok
19:25:10.0255 8832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:25:10.0257 8832 rspndr - ok
19:25:10.0304 8832 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:25:10.0307 8832 RTL8167 - ok
19:25:10.0357 8832 s1029bus (68f717bc57b0fe12011eb9517c97f78d) C:\Windows\system32\DRIVERS\s1029bus.sys
19:25:10.0359 8832 s1029bus - ok
19:25:10.0424 8832 s1029mdfl (fcfafa529f4fa27b02fce1e52a84922e) C:\Windows\system32\DRIVERS\s1029mdfl.sys
19:25:10.0425 8832 s1029mdfl - ok
19:25:10.0469 8832 s1029mdm (35bd0866eb422ab2d7c8f0ddcc67bf7c) C:\Windows\system32\DRIVERS\s1029mdm.sys
19:25:10.0471 8832 s1029mdm - ok
19:25:10.0483 8832 s1029mgmt (e0fd4f4f42b76e910cc4295c97aa30ba) C:\Windows\system32\DRIVERS\s1029mgmt.sys
19:25:10.0485 8832 s1029mgmt - ok
19:25:10.0548 8832 s1029nd5 (90276f1d842eb96f82510e73fdb792ad) C:\Windows\system32\DRIVERS\s1029nd5.sys
19:25:10.0549 8832 s1029nd5 - ok
19:25:10.0574 8832 s1029obex (128ed45223fab846e8436a2f2baebb55) C:\Windows\system32\DRIVERS\s1029obex.sys
19:25:10.0576 8832 s1029obex - ok
19:25:10.0597 8832 s1029unic (400fc5591586a1dfecf7a0cfaa6b0d68) C:\Windows\system32\DRIVERS\s1029unic.sys
19:25:10.0599 8832 s1029unic - ok
19:25:10.0648 8832 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:25:10.0648 8832 s3cap - ok
19:25:10.0670 8832 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:10.0671 8832 SamSs - ok
19:25:10.0716 8832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:25:10.0717 8832 sbp2port - ok
19:25:10.0761 8832 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:25:10.0764 8832 SCardSvr - ok
19:25:10.0812 8832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:25:10.0813 8832 scfilter - ok
19:25:10.0899 8832 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:25:10.0930 8832 Schedule - ok
19:25:10.0990 8832 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:25:10.0991 8832 SCPolicySvc - ok
19:25:11.0051 8832 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:25:11.0054 8832 SDRSVC - ok
19:25:11.0110 8832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:25:11.0111 8832 secdrv - ok
19:25:11.0164 8832 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:25:11.0166 8832 seclogon - ok
19:25:11.0175 8832 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:25:11.0177 8832 SENS - ok
19:25:11.0192 8832 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:25:11.0194 8832 SensrSvc - ok
19:25:11.0201 8832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:25:11.0202 8832 Serenum - ok
19:25:11.0212 8832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:25:11.0214 8832 Serial - ok
19:25:11.0257 8832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:25:11.0258 8832 sermouse - ok
19:25:11.0315 8832 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:25:11.0317 8832 SessionEnv - ok
19:25:11.0367 8832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:25:11.0368 8832 sffdisk - ok
19:25:11.0375 8832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:25:11.0376 8832 sffp_mmc - ok
19:25:11.0388 8832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:25:11.0389 8832 sffp_sd - ok
19:25:11.0398 8832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:25:11.0399 8832 sfloppy - ok
19:25:11.0542 8832 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:25:11.0547 8832 ShellHWDetection - ok
19:25:11.0576 8832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:25:11.0577 8832 SiSRaid2 - ok
19:25:11.0590 8832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:25:11.0591 8832 SiSRaid4 - ok
19:25:11.0614 8832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:25:11.0615 8832 Smb - ok
19:25:11.0647 8832 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:25:11.0649 8832 SNMPTRAP - ok
19:25:11.0666 8832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:25:11.0666 8832 spldr - ok
19:25:11.0738 8832 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:25:11.0744 8832 Spooler - ok
19:25:11.0927 8832 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:25:11.0993 8832 sppsvc - ok
19:25:12.0110 8832 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:25:12.0112 8832 sppuinotify - ok
19:25:12.0231 8832 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
19:25:12.0242 8832 sptd - ok
19:25:12.0507 8832 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:25:12.0530 8832 SQLAgent$SQLEXPRESS - ok
19:25:12.0662 8832 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:25:12.0684 8832 SQLBrowser - ok
19:25:12.0795 8832 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:25:12.0797 8832 SQLWriter - ok
19:25:12.0923 8832 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:25:12.0927 8832 srv - ok
19:25:12.0959 8832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:25:12.0963 8832 srv2 - ok
19:25:12.0982 8832 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:25:12.0984 8832 srvnet - ok
19:25:13.0027 8832 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:25:13.0030 8832 SSDPSRV - ok
19:25:13.0050 8832 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:25:13.0051 8832 SstpSvc - ok
19:25:13.0068 8832 Steam Client Service - ok
19:25:13.0092 8832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:25:13.0093 8832 stexstor - ok
19:25:13.0733 8832 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:25:13.0740 8832 stisvc - ok
19:25:13.0802 8832 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:25:13.0803 8832 storflt - ok
19:25:13.0839 8832 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:25:13.0840 8832 StorSvc - ok
19:25:13.0851 8832 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:25:13.0852 8832 storvsc - ok
19:25:13.0895 8832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:25:13.0896 8832 swenum - ok
19:25:14.0052 8832 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:25:14.0057 8832 SwitchBoard - ok
19:25:14.0084 8832 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:25:14.0090 8832 swprv - ok
19:25:14.0219 8832 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:25:14.0247 8832 SysMain - ok
19:25:14.0353 8832 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:25:14.0355 8832 TabletInputService - ok
19:25:14.0452 8832 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:25:14.0456 8832 TapiSrv - ok
19:25:14.0464 8832 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:25:14.0465 8832 TBS - ok
19:25:14.0623 8832 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:25:14.0640 8832 Tcpip - ok
19:25:14.0726 8832 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:25:14.0734 8832 TCPIP6 - ok
19:25:14.0811 8832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:25:14.0812 8832 tcpipreg - ok
19:25:14.0837 8832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:25:14.0838 8832 TDPIPE - ok
19:25:14.0886 8832 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:25:14.0887 8832 TDTCP - ok
19:25:14.0945 8832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:25:14.0946 8832 tdx - ok
19:25:15.0206 8832 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:25:15.0262 8832 TeamViewer7 - ok
19:25:15.0325 8832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:25:15.0326 8832 TermDD - ok
19:25:15.0392 8832 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:25:15.0408 8832 TermService - ok
19:25:15.0456 8832 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:25:15.0458 8832 Themes - ok
19:25:15.0499 8832 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:25:15.0500 8832 THREADORDER - ok
19:25:15.0513 8832 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:25:15.0515 8832 TrkWks - ok
19:25:15.0578 8832 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:25:15.0580 8832 TrustedInstaller - ok
19:25:15.0626 8832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:25:15.0627 8832 tssecsrv - ok
19:25:15.0708 8832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:25:15.0709 8832 TsUsbFlt - ok
19:25:15.0793 8832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:25:15.0795 8832 tunnel - ok
19:25:15.0819 8832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:25:15.0820 8832 uagp35 - ok
19:25:15.0884 8832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:25:15.0888 8832 udfs - ok
19:25:15.0902 8832 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:25:15.0904 8832 UI0Detect - ok
19:25:15.0966 8832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:25:15.0967 8832 uliagpkx - ok
19:25:16.0040 8832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:25:16.0041 8832 umbus - ok
19:25:16.0055 8832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:25:16.0056 8832 UmPass - ok
19:25:16.0111 8832 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:25:16.0114 8832 UmRdpService - ok
19:25:16.0142 8832 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:25:16.0146 8832 upnphost - ok
19:25:16.0199 8832 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:25:16.0201 8832 usbaudio - ok
19:25:16.0271 8832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:25:16.0272 8832 usbccgp - ok
19:25:16.0337 8832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:25:16.0339 8832 usbcir - ok
19:25:16.0366 8832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:25:16.0367 8832 usbehci - ok
19:25:16.0406 8832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:25:16.0410 8832 usbhub - ok
19:25:16.0418 8832 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:25:16.0419 8832 usbohci - ok
19:25:16.0430 8832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:25:16.0431 8832 usbprint - ok
19:25:16.0504 8832 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:25:16.0505 8832 usbscan - ok
19:25:16.0517 8832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
19:25:16.0519 8832 USBSTOR - ok
19:25:16.0566 8832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:25:16.0567 8832 usbuhci - ok
19:25:16.0582 8832 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:25:16.0583 8832 UxSms - ok
19:25:16.0633 8832 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:16.0634 8832 VaultSvc - ok
19:25:16.0690 8832 VBoxDrv (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:25:16.0693 8832 VBoxDrv - ok
19:25:16.0768 8832 VBoxNetAdp (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:25:16.0770 8832 VBoxNetAdp - ok
19:25:16.0859 8832 VBoxNetFlt (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:25:16.0861 8832 VBoxNetFlt - ok
19:25:16.0918 8832 VBoxUSBMon (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:25:16.0919 8832 VBoxUSBMon - ok
19:25:16.0923 8832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:25:16.0924 8832 vdrvroot - ok
19:25:16.0993 8832 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:25:16.0999 8832 vds - ok
19:25:17.0016 8832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:25:17.0017 8832 vga - ok
19:25:17.0027 8832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:25:17.0028 8832 VgaSave - ok
19:25:17.0085 8832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:25:17.0088 8832 vhdmp - ok
19:25:17.0143 8832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:25:17.0144 8832 viaide - ok
19:25:17.0207 8832 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:25:17.0209 8832 vmbus - ok
19:25:17.0274 8832 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:25:17.0274 8832 VMBusHID - ok
19:25:17.0295 8832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:25:17.0296 8832 volmgr - ok
19:25:17.0360 8832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:25:17.0363 8832 volmgrx - ok
19:25:17.0385 8832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:25:17.0388 8832 volsnap - ok
19:25:17.0643 8832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:25:17.0653 8832 vsmraid - ok
19:25:17.0751 8832 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:25:17.0794 8832 VSS - ok
19:25:17.0864 8832 vtany - ok
19:25:17.0935 8832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:25:17.0936 8832 vwifibus - ok
19:25:18.0087 8832 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
19:25:18.0143 8832 VX1000 - ok
19:25:18.0222 8832 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:25:18.0227 8832 W32Time - ok
19:25:18.0247 8832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:25:18.0249 8832 WacomPen - ok
19:25:18.0310 8832 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:18.0311 8832 WANARP - ok
19:25:18.0326 8832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:18.0327 8832 Wanarpv6 - ok
19:25:18.0436 8832 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:25:18.0511 8832 WatAdminSvc - ok
19:25:18.0621 8832 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:25:18.0690 8832 wbengine - ok
19:25:19.0084 8832 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:25:19.0088 8832 WbioSrvc - ok
19:25:19.0165 8832 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:25:19.0169 8832 wcncsvc - ok
19:25:19.0186 8832 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:25:19.0188 8832 WcsPlugInService - ok
19:25:19.0208 8832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:25:19.0209 8832 Wd - ok
19:25:19.0246 8832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:25:19.0264 8832 Wdf01000 - ok
19:25:19.0288 8832 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:25:19.0290 8832 WdiServiceHost - ok
19:25:19.0293 8832 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:25:19.0294 8832 WdiSystemHost - ok
19:25:19.0364 8832 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:25:19.0368 8832 WebClient - ok
19:25:19.0393 8832 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:25:19.0396 8832 Wecsvc - ok
19:25:19.0434 8832 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:25:19.0436 8832 wercplsupport - ok
19:25:19.0482 8832 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:25:19.0484 8832 WerSvc - ok
19:25:19.0509 8832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:25:19.0510 8832 WfpLwf - ok
19:25:19.0528 8832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:25:19.0529 8832 WIMMount - ok
19:25:19.0572 8832 WinDefend - ok
19:25:19.0586 8832 WinHttpAutoProxySvc - ok
19:25:19.0642 8832 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:25:19.0645 8832 Winmgmt - ok
19:25:19.0764 8832 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:25:19.0831 8832 WinRM - ok
19:25:19.0968 8832 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:25:19.0969 8832 WinUsb - ok
19:25:20.0034 8832 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:25:20.0091 8832 Wlansvc - ok
19:25:20.0343 8832 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:20.0382 8832 wlidsvc - ok
19:25:20.0460 8832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:25:20.0460 8832 WmiAcpi - ok
19:25:20.0506 8832 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:25:20.0508 8832 wmiApSrv - ok
19:25:20.0526 8832 WMPNetworkSvc - ok
19:25:20.0531 8832 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:25:20.0532 8832 WPCSvc - ok
19:25:20.0593 8832 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:25:20.0595 8832 WPDBusEnum - ok
19:25:20.0625 8832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:25:20.0625 8832 ws2ifsl - ok
19:25:20.0663 8832 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:25:20.0665 8832 wscsvc - ok
19:25:20.0667 8832 WSearch - ok
19:25:20.0813 8832 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:25:20.0863 8832 wuauserv - ok
19:25:20.0939 8832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:25:20.0941 8832 WudfPf - ok
19:25:20.0957 8832 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:25:20.0959 8832 WUDFRd - ok
19:25:21.0018 8832 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:25:21.0020 8832 wudfsvc - ok
19:25:21.0044 8832 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:25:21.0047 8832 WwanSvc - ok
19:25:21.0087 8832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:25:21.0278 8832 \Device\Harddisk1\DR1 - ok
19:25:21.0281 8832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:25:21.0289 8832 \Device\Harddisk0\DR0 - ok
19:25:21.0296 8832 Boot (0x1200) (043f0e1db35ea9e9c23585c2c6b06a7b) \Device\Harddisk1\DR1\Partition0
19:25:21.0297 8832 \Device\Harddisk1\DR1\Partition0 - ok
19:25:21.0310 8832 Boot (0x1200) (c5b6db01e33ccdd6ce72c0387ad28777) \Device\Harddisk1\DR1\Partition1
19:25:21.0311 8832 \Device\Harddisk1\DR1\Partition1 - ok
19:25:21.0314 8832 Boot (0x1200) (1c21395fdaad094ca0acff155a4a3092) \Device\Harddisk0\DR0\Partition0
19:25:21.0314 8832 \Device\Harddisk0\DR0\Partition0 - ok
19:25:21.0315 8832 ============================================================
19:25:21.0315 8832 Scan finished
19:25:21.0315 8832 ============================================================
19:25:21.0324 5136 Detected object count: 1
19:25:21.0324 5136 Actual detected object count: 1
19:25:39.0361 5136 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:25:39.0361 5136 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip



-----------------------------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 19:26:40
-----------------------------
19:26:40.483 OS Version: Windows x64 6.1.7601 Service Pack 1
19:26:40.483 Number of processors: 4 586 0x403
19:26:40.484 ComputerName: NELE-PC UserName: Nele
19:26:41.289 Initialize success
19:27:43.732 AVAST engine defs: 12061500
19:27:51.566 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:27:51.568 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
19:27:51.569 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:51.571 Disk 1 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
19:27:51.610 Disk 1 MBR read successfully
19:27:51.612 Disk 1 MBR scan
19:27:51.615 Disk 1 Windows 7 default MBR code
19:27:51.620 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:27:51.630 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:27:51.653 Disk 1 scanning C:\Windows\system32\drivers
19:28:05.942 Service scanning
19:28:33.866 Modules scanning
19:28:33.870 Disk 1 trace - called modules:
19:28:34.220 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:28:34.223 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800acf2060]
19:28:34.226 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8009cb0890]
19:28:34.229 5 ACPI.sys[fffff88000e977a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a5da060]
19:28:36.072 AVAST engine scan C:\Windows
19:28:39.099 AVAST engine scan C:\Windows\system32
19:30:43.367 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:30:46.825 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:32:53.516 AVAST engine scan C:\Windows\system32\drivers
19:33:09.235 AVAST engine scan C:\Users\Nele
19:36:20.154 Disk 1 MBR has been saved successfully to "C:\Users\Nele\Desktop\MBR.dat"
19:36:20.159 The log file has been saved successfully to "C:\Users\Nele\Desktop\aswMBR.txt"
20:07:50.126 File: C:\Users\Nele\AppData\Local\Temp\ndhere.dll **INFECTED** Win32:Medfos-AA [Trj]
20:14:23.794 Disk 1 MBR has been saved successfully to "C:\Users\Nele\Desktop\MBR.dat"
20:14:23.800 The log file has been saved successfully to "C:\Users\Nele\Desktop\aswMBR.txt"

still scanning

Edited by SoNoVa, 15 June 2012 - 01:16 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 15 June 2012 - 01:04 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 June 2012 - 07:47 AM

ok so here's the result of the last scan

Scan result of Farbar Recovery Scan Tool Version: 16-06-2012
Ran by SYSTEM at 16-06-2012 14:37:11
Running from H:\
Windows 7 Professional (X64) OS Language: Dutch Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKU\Nele\...\Run: [AdobeBridge] [x]
HKU\Nele\...\Run: [Akamai NetSession Interface] "C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-05-07] (Akamai Technologies, Inc)
HKU\Nele\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-26] (Google Inc.)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-17] (Advanced Micro Devices)
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2011-10-13] ()
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-03-31] (Microsoft Corporation)
2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-09-14] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2010-09-14] ()
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [267616 2010-04-03] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [146272 2010-04-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [x]
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 AODDriver4.1; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [55936 2011-10-13] (Advanced Micro Devices)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1604632 2009-01-08] (Creative Technology Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
2 NPF_devolo; C:\Windows\SysWow64\Drivers\NPF_devolo.sys [34048 2009-07-13] (CACE Technologies)
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
4 RsFx0103; C:\Windows\System32\Drivers\RsFx0103.sys [311656 2009-03-30] (Microsoft Corporation)
3 s1029bus; C:\Windows\System32\Drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
3 s1029mdfl; C:\Windows\System32\Drivers\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
3 s1029mdm; C:\Windows\System32\Drivers\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation)
3 s1029mgmt; C:\Windows\System32\Drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
3 s1029nd5; C:\Windows\System32\Drivers\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
3 s1029obex; C:\Windows\System32\Drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
3 s1029unic; C:\Windows\System32\Drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-29] (Duplex Secure Ltd.)
3 VX1000; C:\Windows\System32\Drivers\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [x]
3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
3 dump_wmimmc; \??\C:\GamesCampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 vtany; \??\C:\Windows\vtany.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Users\Nele\Desktop\Derdebetaler medische kaart
2012-06-16 13:04 - 2012-06-16 13:04 - 00000017 ____A C:\Users\Nele\AppData\Local\resmon.resmoncfg
2012-06-15 21:06 - 2012-06-15 21:06 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Apple Computer
2012-06-15 20:57 - 2012-06-15 21:13 - 00000000 ____D C:\Fraps
2012-06-15 20:57 - 2012-06-15 20:57 - 00000566 ____A C:\Users\Public\Desktop\Fraps.lnk
2012-06-15 20:37 - 2012-06-15 20:37 - 00000000 ____D C:\Users\Nele\Documents\Bandicam
2012-06-15 20:37 - 2012-06-15 20:37 - 00000000 ____D C:\Users\Nele\AppData\Roaming\BANDISOFT
2012-06-15 20:35 - 2012-06-15 20:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-06-15 20:34 - 2012-06-15 20:34 - 06535184 ____A (Bandisoft) C:\Users\Nele\Desktop\bdcamsetup.exe
2012-06-15 18:36 - 2012-06-15 21:05 - 00000512 ____A C:\Users\Nele\Desktop\MBR.dat
2012-06-15 18:24 - 2012-06-15 18:26 - 00138720 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_19.24.29_log.txt
2012-06-14 23:04 - 2012-06-14 23:04 - 00000332 ____A C:\Start_.cmd
2012-06-14 23:04 - 2012-06-14 23:04 - 00000000 ____D C:\ComboFix
2012-06-14 22:57 - 2012-06-14 23:04 - 00000000 ___SD C:\32788R22FWJFW
2012-06-14 22:36 - 2012-06-14 22:36 - 00058171 ____A C:\Users\Nele\Desktop\DxDiag.txt
2012-06-14 22:09 - 2012-06-14 22:09 - 00000000 ____D C:\Windows\ERDNT
2012-06-14 22:09 - 2012-06-14 22:09 - 00000000 ____D C:\Qoobox
2012-06-14 22:03 - 2012-06-14 22:03 - 00000000 ____D C:\Users\Nele\Downloads\mBot_iSRO1.83
2012-06-14 21:52 - 2012-06-14 21:52 - 00000020 ____A C:\Users\Nele\defogger_reenable
2012-06-14 21:50 - 2012-06-14 21:50 - 00050477 ____A C:\Users\Nele\Downloads\Defogger.exe
2012-06-14 21:45 - 2012-06-14 21:45 - 53681080 ____A C:\Users\Nele\Documents\svchost.dmp
2012-06-14 21:42 - 2012-06-16 13:07 - 00000000 ____D C:\Users\Nele\Downloads\ProcessExplorer
2012-06-14 21:42 - 2012-06-14 21:42 - 01135188 ____A C:\Users\Nele\Downloads\ProcessExplorer.zip
2012-06-14 16:23 - 2012-06-14 16:23 - 00000000 ____D C:\Users\Nele\Documents\Nieuwe map
2012-06-14 13:06 - 2012-06-14 13:06 - 00000000 ____D C:\Users\Nele\AppData\Local\Macromedia
2012-06-14 13:02 - 2012-06-14 13:02 - 00000000 ____D C:\Users\Nele\AppData\Local\{4ADD1A74-DB21-4669-8C75-F6B335B5E128}
2012-06-14 12:41 - 2012-06-14 12:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 12:22 - 2012-06-14 12:22 - 00000000 ____D C:\Users\Nele\AppData\Local\{AF0F66DF-34A8-470D-BD9F-2588FD55E179}
2012-06-14 12:22 - 2012-06-14 12:22 - 00000000 ____D C:\Users\Nele\AppData\Local\{11BB0E29-BEF4-44D0-B79A-D184C5C6DFDF}
2012-06-14 02:00 - 2012-05-18 03:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 02:00 - 2012-05-18 03:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 02:00 - 2012-05-18 03:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 02:00 - 2012-05-18 02:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 02:00 - 2012-05-18 02:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 02:00 - 2012-05-18 02:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 02:00 - 2012-05-18 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 02:00 - 2012-05-18 02:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 02:00 - 2012-05-18 02:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 02:00 - 2012-05-18 02:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 02:00 - 2012-05-18 02:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 02:00 - 2012-05-18 02:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 02:00 - 2012-05-18 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 02:00 - 2012-05-18 02:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 02:00 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 02:00 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 02:00 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 02:00 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 02:00 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 02:00 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 02:00 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 02:00 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 02:00 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 02:00 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 02:00 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 02:00 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 02:00 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 02:00 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 05:50 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 05:50 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 05:50 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 05:50 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 05:50 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 05:50 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 05:50 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 05:50 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 05:50 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 05:47 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 05:44 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 05:44 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 05:17 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:17 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 05:17 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 05:11 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 05:00 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 21:08 - 2012-06-12 21:08 - 00108475 ____A C:\Windows\Thumbplug TGA Uninstaller.exe
2012-06-12 21:08 - 2012-06-12 21:08 - 00000000 ____D C:\Program Files (x86)\Thumbplug TGA
2012-06-12 19:11 - 2012-06-12 19:11 - 00000000 ____D C:\Users\Nele\Downloads\SBot_1.99.46a
2012-06-12 19:08 - 2012-06-12 19:08 - 09830184 ____A C:\Users\Nele\Downloads\SBot_1.99.46a.zip
2012-06-12 19:07 - 2012-06-12 19:07 - 04308170 ____A C:\Users\Nele\Downloads\mBot_iSRO1.83.zip
2012-06-12 11:50 - 2012-06-12 11:50 - 00000000 ____D C:\Users\Nele\AppData\Local\{B1AB2487-1FD9-4DF0-B266-888DB3E1EC65}
2012-06-12 11:46 - 2012-06-14 21:53 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-06-12 11:46 - 2012-06-14 21:53 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-06-11 19:23 - 2012-06-11 19:23 - 00000000 ____D C:\Users\Nele\AppData\Local\{F5E69990-36BD-4375-B4BC-3398635087A6}
2012-06-11 19:23 - 2012-06-11 19:23 - 00000000 ____D C:\Users\Nele\AppData\Local\{3708AA05-5479-42F3-A3C6-41BC7DF34410}
2012-06-11 19:14 - 2012-06-11 19:23 - 00057624 ____A C:\img2-001.raw
2012-06-11 19:14 - 2012-06-11 19:14 - 00000000 ____D C:\Users\Nele\AppData\Local\{9A353896-34F9-483E-AC84-74948AE78FE6}
2012-06-11 19:14 - 2012-06-11 19:14 - 00000000 ____D C:\Users\Nele\AppData\Local\{954B70EC-C4D4-4C80-B937-B3C56DFAE8CB}
2012-06-11 18:43 - 2012-06-11 18:43 - 00000000 ____D C:\Users\Nele\AppData\Local\{C7FCAD62-56A2-4256-B033-ED1633EB8CBC}
2012-06-11 18:43 - 2012-06-11 18:43 - 00000000 ____D C:\Users\Nele\AppData\Local\{C1693D0A-2109-48BE-B4A1-8328B558124D}
2012-06-11 14:12 - 2012-06-11 14:12 - 00000020 ____A C:\Users\Nele\Desktop\Nieuw - WinRAR archive.rar
2012-06-11 13:44 - 2012-06-11 13:44 - 00000000 ____D C:\Users\Nele\Documents\Output
2012-06-11 13:43 - 2012-06-11 13:43 - 00000000 ____D C:\Program Files (x86)\4Musics WAV Bitrate Changer
2012-06-11 13:43 - 2002-07-17 14:23 - 00045056 ____A (Adaptec) C:\Windows\SysWOW64\WNASPI32.DLL
2012-06-11 13:43 - 2002-07-17 14:20 - 00084832 ____A (Adaptec) C:\Windows\SysWOW64\Drivers\ASPI32.SYS
2012-06-11 13:37 - 2012-06-11 13:37 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Free MP3 WMA OGG Converter
2012-06-11 13:37 - 2012-06-11 13:37 - 00000000 ____D C:\Program Files (x86)\Free MP3 WMA OGG Converter
2012-06-11 13:36 - 2012-06-11 13:36 - 00463080 ____A (CNET Download.com) C:\Users\Nele\Downloads\cnet2_FreeMp3WmaOggConverter_exe.exe
2012-06-11 13:35 - 2012-06-12 19:10 - 00000073 ____A C:\Windows\cdplayer.ini
2012-06-11 13:34 - 2012-06-12 19:10 - 00001534 ____A C:\Users\All Users\ss.ini
2012-06-11 13:34 - 2012-06-11 13:34 - 00000000 ____D C:\Users\All Users\FreeRIP
2012-06-11 13:31 - 2012-06-11 13:31 - 00463080 ____A (CNET Download.com) C:\Users\Nele\Downloads\cnet2_setupmp3towav-c_exe.exe
2012-06-11 13:31 - 2001-08-08 21:00 - 00040960 ____A (DGP) C:\Windows\SysWOW64\DGPNorm.ocx
2012-06-11 13:26 - 2012-06-11 13:28 - 00000000 ____D C:\Program Files (x86)\Ace MP3 To WAV Converter
2012-06-11 13:26 - 2002-11-15 12:17 - 00892928 ____A (NCT Company) C:\Windows\SysWOW64\NCTAudioInformation.dll
2012-06-11 13:26 - 2002-11-13 10:14 - 01703936 ____A (NCT Company) C:\Windows\SysWOW64\NCTAudioFile.dll
2012-06-11 13:26 - 2002-10-30 12:14 - 00274432 ____A (NCT Company) C:\Windows\SysWOW64\NCTAudioPlayer.dll
2012-06-11 13:26 - 2002-09-06 10:36 - 00233472 ____A C:\Windows\SysWOW64\lame_enc.dll
2012-06-11 13:26 - 2002-07-09 21:42 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2012-06-11 13:26 - 2000-08-21 10:22 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2012-06-11 13:26 - 2000-06-08 16:00 - 00073785 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2012-06-09 21:25 - 2012-06-09 21:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{A2914F69-0245-4EF6-AEDA-6CA94FD697FA}
2012-06-09 21:25 - 2012-06-09 21:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{3FB14155-1BDB-4BAC-A110-D5EE732FB73C}
2012-06-09 21:11 - 2012-06-09 21:11 - 00000000 ____D C:\Users\Nele\AppData\Local\{ED90AFB9-6AA8-4453-8475-A1E6B7A83591}
2012-06-09 21:11 - 2012-06-09 21:11 - 00000000 ____D C:\Users\Nele\AppData\Local\{1614B3B2-044C-4838-AC77-AF0560129BE8}
2012-06-09 21:09 - 2012-06-09 21:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{FA413403-A765-4227-A782-C8F4B8930765}
2012-06-09 21:09 - 2012-06-09 21:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{9B7B996B-95A9-4DFB-903B-44DDEEECDD16}
2012-06-09 21:05 - 2012-06-09 21:11 - 00000000 ____D C:\Users\Nele\Documents\Gescande Fotos
2012-06-06 19:21 - 2012-06-12 19:14 - 00000000 ____D C:\Users\Nele\AppData\Local\GameSpy
2012-06-06 19:19 - 2012-06-06 19:19 - 06105968 ____A (GameSpy ) C:\Users\Nele\Downloads\ComradeSetup3.2.17.236.exe
2012-06-06 19:16 - 2012-06-06 19:16 - 07496144 ____A (GameSpy ) C:\Users\Nele\Downloads\ComradeSetup2.1.1.214.exe
2012-06-06 12:18 - 2012-06-06 12:19 - 00000000 ____D C:\Users\Nele\AppData\Local\{8FE6DAC1-DCFF-46E6-9FF6-36DB36866FBD}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Nele\AppData\Local\{44A6ECFD-72FA-479C-A0D3-5A2F120E2F37}
2012-06-05 20:11 - 2012-06-06 19:17 - 00000000 ____D C:\Users\Nele\AppData\Roaming\HLSW
2012-06-05 20:11 - 2012-06-05 20:11 - 00000000 ___SD C:\Program Files (x86)\HLSW
2012-06-03 16:21 - 2012-06-03 16:21 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-03 16:14 - 2012-06-03 16:14 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-03 16:14 - 2012-06-03 16:14 - 00000000 ____D C:\Users\All Users\ALM
2012-06-03 16:10 - 2012-06-03 16:10 - 00000000 ____D C:\Users\Nele\Adobe Flash Builder 4.6
2012-06-03 16:03 - 2012-06-03 16:03 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-03 16:03 - 2011-10-17 02:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2012-06-03 16:03 - 2011-10-17 02:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2012-06-03 15:55 - 2012-06-03 16:20 - 00000000 ____D C:\Program Files\Adobe
2012-05-31 18:38 - 2012-05-31 18:38 - 00000000 ____D C:\Users\Nele\AppData\Local\{222183F8-491A-4097-AE4B-B0A9C1E6F441}
2012-05-31 18:37 - 2012-05-31 18:37 - 00000000 ____D C:\Users\Nele\AppData\Local\{13E88110-38B9-4948-9486-E9A0330E25C1}
2012-05-30 21:30 - 2012-05-30 22:09 - 00000000 ____D C:\Users\Nele\AppData\Roaming\FileZilla
2012-05-30 21:27 - 2012-05-30 21:28 - 06806696 ____A C:\Users\Nele\Downloads\FileZilla_3.5.3_win32.zip
2012-05-30 21:25 - 2012-05-30 21:25 - 00000000 ____D C:\Program Files\SmartFTP Client
2012-05-30 21:24 - 2012-05-30 21:24 - 17642960 ____A (SmartSoft Ltd) C:\Users\Nele\Downloads\SFTPMSI.exe
2012-05-30 21:24 - 2012-05-30 21:24 - 00000000 ____D C:\Windows\System32\appmgmt
2012-05-30 19:52 - 2012-05-30 19:52 - 00000000 ____D C:\Users\Nele\AppData\Local\{DF1DAAF4-FB44-409B-BCB6-2078C2D0385F}
2012-05-30 19:52 - 2012-05-30 19:52 - 00000000 ____D C:\Users\Nele\AppData\Local\{D4803620-CA34-4FB5-9EE6-EFFFC0B69CB4}
2012-05-29 19:17 - 2012-05-29 19:17 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2012-05-29 19:17 - 2012-05-29 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2012-05-28 13:45 - 2012-05-28 13:45 - 00000000 ____D C:\Users\Nele\Documents\iZotope
2012-05-28 13:45 - 2012-05-28 13:45 - 00000000 ____D C:\Users\Nele\AppData\Roaming\iZotope
2012-05-28 13:35 - 2012-05-28 13:35 - 00000000 ____D C:\Program Files (x86)\iZotope
2012-05-28 13:08 - 1999-12-17 09:13 - 00086016 ____A (MindVision Software) C:\Windows\unvise32.exe
2012-05-26 17:13 - 2006-09-14 00:21 - 00002240 ____A C:\Windows\LENDIG.sys
2012-05-26 14:24 - 2012-05-26 14:24 - 00000000 ____D C:\Users\Nele\Sylenth1DemoWin32
2012-05-26 12:36 - 2009-10-24 20:15 - 01332224 ____A (AD 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2012-05-26 00:01 - 2012-05-26 00:01 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SynthMaker
2012-05-25 23:44 - 2012-05-25 23:44 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Image-Line
2012-05-25 23:38 - 2012-06-12 19:59 - 00000000 ____D C:\Users\Nele\Downloads\fruityloops plugins
2012-05-25 00:46 - 2012-05-25 00:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-25 00:40 - 2012-05-25 00:40 - 00000012 ____A C:\Windows\srun.log
2012-05-24 23:48 - 2012-05-24 23:48 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Deckadance19
2012-05-24 23:24 - 2012-05-27 13:24 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SongManager
2012-05-24 23:21 - 2012-05-28 14:10 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2012-05-24 23:21 - 2012-05-24 23:21 - 00000000 ____D C:\Users\Nele\Documents\Image-Line
2012-05-24 23:21 - 2012-05-24 23:21 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-05-24 23:21 - 2006-06-20 09:56 - 00225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2012-05-24 23:20 - 2012-05-24 23:20 - 00000000 ____D C:\Program Files (x86)\Outsim
2012-05-24 23:20 - 2009-09-15 10:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2012-05-24 23:17 - 2012-05-24 23:21 - 00000000 ____D C:\Program Files (x86)\Image-Line
2012-05-24 23:07 - 2012-05-24 23:07 - 00000000 ____D C:\Users\Nele\Downloads\torry
2012-05-19 10:18 - 2012-05-19 10:18 - 124337260 ____A C:\Users\Nele\Downloads\db_makeawebsite.be.sql
2012-05-18 15:25 - 2012-05-18 15:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{37A801A0-78F8-4971-9178-D38CBF7EA000}
2012-05-18 15:24 - 2012-05-18 15:24 - 00000000 ____D C:\Users\Nele\AppData\Local\{E4B350ED-7162-4D9B-9B24-379C34F881CB}


============ 3 Months Modified Files and Folders =============

2012-06-16 14:37 - 2012-06-16 14:37 - 00000000 ____D C:\FRST
2012-06-16 13:34 - 2010-09-14 05:18 - 01692739 ____A C:\Windows\WindowsUpdate.log
2012-06-16 13:34 - 2009-07-14 05:45 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-16 13:34 - 2009-07-14 05:45 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-16 13:29 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-16 13:29 - 2009-07-14 05:51 - 00054749 ____A C:\Windows\setupact.log
2012-06-16 13:27 - 2011-09-18 21:10 - 00000386 ____A C:\Windows\Tasks\update-sys.job
2012-06-16 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-16 13:23 - 2009-07-14 10:16 - 00812470 ____A C:\Windows\System32\perfh013.dat
2012-06-16 13:23 - 2009-07-14 10:16 - 00178766 ____A C:\Windows\System32\perfc013.dat
2012-06-16 13:23 - 2009-07-14 06:13 - 01858936 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Users\Nele\Desktop\Derdebetaler medische kaart
2012-06-16 13:13 - 2011-02-26 21:32 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-16 13:12 - 2011-02-26 21:32 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-16 13:10 - 2010-09-14 00:24 - 64445254 ____A C:\Windows\PFRO.log
2012-06-16 13:07 - 2012-06-14 21:42 - 00000000 ____D C:\Users\Nele\Downloads\ProcessExplorer
2012-06-16 13:04 - 2012-06-16 13:04 - 00000017 ____A C:\Users\Nele\AppData\Local\resmon.resmoncfg
2012-06-16 12:57 - 2011-11-04 01:42 - 00000000 ____D C:\Users\Nele\AppData\Local\Akamai
2012-06-16 12:55 - 2011-02-26 21:31 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Skype
2012-06-16 12:54 - 2011-04-03 17:48 - 00000000 ____D C:\Users\Nele\AppData\Local\ElevatedDiagnostics
2012-06-16 12:43 - 2011-04-26 10:54 - 00000080 ____A C:\Users\Nele\AppData\Roaming\mBot.ini
2012-06-16 09:49 - 2011-09-18 21:10 - 00000386 ____A C:\Windows\Tasks\update-S-1-5-21-90052399-1323003172-978734720-1000.job
2012-06-15 21:13 - 2012-06-15 20:57 - 00000000 ____D C:\Fraps
2012-06-15 21:12 - 2011-03-28 21:40 - 00000000 ____D C:\Users\Nele\AppData\Roaming\vlc
2012-06-15 21:06 - 2012-06-15 21:06 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Apple Computer
2012-06-15 21:05 - 2012-06-15 18:36 - 00000512 ____A C:\Users\Nele\Desktop\MBR.dat
2012-06-15 20:57 - 2012-06-15 20:57 - 00000566 ____A C:\Users\Public\Desktop\Fraps.lnk
2012-06-15 20:37 - 2012-06-15 20:37 - 00000000 ____D C:\Users\Nele\Documents\Bandicam
2012-06-15 20:37 - 2012-06-15 20:37 - 00000000 ____D C:\Users\Nele\AppData\Roaming\BANDISOFT
2012-06-15 20:35 - 2012-06-15 20:35 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-06-15 20:34 - 2012-06-15 20:34 - 06535184 ____A (Bandisoft) C:\Users\Nele\Desktop\bdcamsetup.exe
2012-06-15 18:26 - 2012-06-15 18:24 - 00138720 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_19.24.29_log.txt
2012-06-15 03:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-06-15 02:18 - 2009-07-14 05:45 - 05030712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-15 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\nl-NL
2012-06-15 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\nl-NL
2012-06-14 23:04 - 2012-06-14 23:04 - 00000332 ____A C:\Start_.cmd
2012-06-14 23:04 - 2012-06-14 23:04 - 00000000 ____D C:\ComboFix
2012-06-14 23:04 - 2012-06-14 22:57 - 00000000 ___SD C:\32788R22FWJFW
2012-06-14 22:36 - 2012-06-14 22:36 - 00058171 ____A C:\Users\Nele\Desktop\DxDiag.txt
2012-06-14 22:14 - 2012-01-11 09:52 - 00000000 ____D C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}
2012-06-14 22:09 - 2012-06-14 22:09 - 00000000 ____D C:\Windows\ERDNT
2012-06-14 22:09 - 2012-06-14 22:09 - 00000000 ____D C:\Qoobox
2012-06-14 22:03 - 2012-06-14 22:03 - 00000000 ____D C:\Users\Nele\Downloads\mBot_iSRO1.83
2012-06-14 21:53 - 2012-06-12 11:46 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-06-14 21:53 - 2012-06-12 11:46 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-06-14 21:52 - 2012-06-14 21:52 - 00000020 ____A C:\Users\Nele\defogger_reenable
2012-06-14 21:52 - 2010-12-05 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-14 21:52 - 2010-09-13 23:41 - 00000000 ____D C:\users\Nele
2012-06-14 21:50 - 2012-06-14 21:50 - 00050477 ____A C:\Users\Nele\Downloads\Defogger.exe
2012-06-14 21:45 - 2012-06-14 21:45 - 53681080 ____A C:\Users\Nele\Documents\svchost.dmp
2012-06-14 21:42 - 2012-06-14 21:42 - 01135188 ____A C:\Users\Nele\Downloads\ProcessExplorer.zip
2012-06-14 16:23 - 2012-06-14 16:23 - 00000000 ____D C:\Users\Nele\Documents\Nieuwe map
2012-06-14 13:06 - 2012-06-14 13:06 - 00000000 ____D C:\Users\Nele\AppData\Local\Macromedia
2012-06-14 13:02 - 2012-06-14 13:02 - 00000000 ____D C:\Users\Nele\AppData\Local\{4ADD1A74-DB21-4669-8C75-F6B335B5E128}
2012-06-14 13:02 - 2010-11-01 08:54 - 00000000 ____D C:\Users\Nele\Tracing
2012-06-14 12:41 - 2012-06-14 12:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-14 12:41 - 2011-05-17 12:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 12:22 - 2012-06-14 12:22 - 00000000 ____D C:\Users\Nele\AppData\Local\{AF0F66DF-34A8-470D-BD9F-2588FD55E179}
2012-06-14 12:22 - 2012-06-14 12:22 - 00000000 ____D C:\Users\Nele\AppData\Local\{11BB0E29-BEF4-44D0-B79A-D184C5C6DFDF}
2012-06-14 02:08 - 2010-10-12 20:38 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 21:08 - 2012-06-12 21:08 - 00108475 ____A C:\Windows\Thumbplug TGA Uninstaller.exe
2012-06-12 21:08 - 2012-06-12 21:08 - 00000000 ____D C:\Program Files (x86)\Thumbplug TGA
2012-06-12 19:59 - 2012-05-25 23:38 - 00000000 ____D C:\Users\Nele\Downloads\fruityloops plugins
2012-06-12 19:54 - 2011-05-15 16:58 - 00000000 ____D C:\Program Files (x86)\SlySoft
2012-06-12 19:14 - 2012-06-06 19:21 - 00000000 ____D C:\Users\Nele\AppData\Local\GameSpy
2012-06-12 19:12 - 2010-09-13 23:42 - 00000000 ____D C:\Users\Nele\AppData\LocalLow
2012-06-12 19:11 - 2012-06-12 19:11 - 00000000 ____D C:\Users\Nele\Downloads\SBot_1.99.46a
2012-06-12 19:10 - 2012-06-11 13:35 - 00000073 ____A C:\Windows\cdplayer.ini
2012-06-12 19:10 - 2012-06-11 13:34 - 00001534 ____A C:\Users\All Users\ss.ini
2012-06-12 19:10 - 2011-01-25 15:33 - 00000000 ___AD C:\Program Files (x86)\Silkroad
2012-06-12 19:08 - 2012-06-12 19:08 - 09830184 ____A C:\Users\Nele\Downloads\SBot_1.99.46a.zip
2012-06-12 19:07 - 2012-06-12 19:07 - 04308170 ____A C:\Users\Nele\Downloads\mBot_iSRO1.83.zip
2012-06-12 11:50 - 2012-06-12 11:50 - 00000000 ____D C:\Users\Nele\AppData\Local\{B1AB2487-1FD9-4DF0-B266-888DB3E1EC65}
2012-06-11 22:00 - 2011-01-18 11:10 - 00000000 ____D C:\Users\Nele\AppData\Roaming\uTorrent
2012-06-11 19:23 - 2012-06-11 19:23 - 00000000 ____D C:\Users\Nele\AppData\Local\{F5E69990-36BD-4375-B4BC-3398635087A6}
2012-06-11 19:23 - 2012-06-11 19:23 - 00000000 ____D C:\Users\Nele\AppData\Local\{3708AA05-5479-42F3-A3C6-41BC7DF34410}
2012-06-11 19:23 - 2012-06-11 19:14 - 00057624 ____A C:\img2-001.raw
2012-06-11 19:14 - 2012-06-11 19:14 - 00000000 ____D C:\Users\Nele\AppData\Local\{9A353896-34F9-483E-AC84-74948AE78FE6}
2012-06-11 19:14 - 2012-06-11 19:14 - 00000000 ____D C:\Users\Nele\AppData\Local\{954B70EC-C4D4-4C80-B937-B3C56DFAE8CB}
2012-06-11 18:43 - 2012-06-11 18:43 - 00000000 ____D C:\Users\Nele\AppData\Local\{C7FCAD62-56A2-4256-B033-ED1633EB8CBC}
2012-06-11 18:43 - 2012-06-11 18:43 - 00000000 ____D C:\Users\Nele\AppData\Local\{C1693D0A-2109-48BE-B4A1-8328B558124D}
2012-06-11 14:12 - 2012-06-11 14:12 - 00000020 ____A C:\Users\Nele\Desktop\Nieuw - WinRAR archive.rar
2012-06-11 13:44 - 2012-06-11 13:44 - 00000000 ____D C:\Users\Nele\Documents\Output
2012-06-11 13:43 - 2012-06-11 13:43 - 00000000 ____D C:\Program Files (x86)\4Musics WAV Bitrate Changer
2012-06-11 13:37 - 2012-06-11 13:37 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Free MP3 WMA OGG Converter
2012-06-11 13:37 - 2012-06-11 13:37 - 00000000 ____D C:\Program Files (x86)\Free MP3 WMA OGG Converter
2012-06-11 13:36 - 2012-06-11 13:36 - 00463080 ____A (CNET Download.com) C:\Users\Nele\Downloads\cnet2_FreeMp3WmaOggConverter_exe.exe
2012-06-11 13:34 - 2012-06-11 13:34 - 00000000 ____D C:\Users\All Users\FreeRIP
2012-06-11 13:31 - 2012-06-11 13:31 - 00463080 ____A (CNET Download.com) C:\Users\Nele\Downloads\cnet2_setupmp3towav-c_exe.exe
2012-06-11 13:28 - 2012-06-11 13:26 - 00000000 ____D C:\Program Files (x86)\Ace MP3 To WAV Converter
2012-06-09 21:25 - 2012-06-09 21:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{A2914F69-0245-4EF6-AEDA-6CA94FD697FA}
2012-06-09 21:25 - 2012-06-09 21:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{3FB14155-1BDB-4BAC-A110-D5EE732FB73C}
2012-06-09 21:11 - 2012-06-09 21:11 - 00000000 ____D C:\Users\Nele\AppData\Local\{ED90AFB9-6AA8-4453-8475-A1E6B7A83591}
2012-06-09 21:11 - 2012-06-09 21:11 - 00000000 ____D C:\Users\Nele\AppData\Local\{1614B3B2-044C-4838-AC77-AF0560129BE8}
2012-06-09 21:11 - 2012-06-09 21:05 - 00000000 ____D C:\Users\Nele\Documents\Gescande Fotos
2012-06-09 21:09 - 2012-06-09 21:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{FA413403-A765-4227-A782-C8F4B8930765}
2012-06-09 21:09 - 2012-06-09 21:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{9B7B996B-95A9-4DFB-903B-44DDEEECDD16}
2012-06-06 19:19 - 2012-06-06 19:19 - 06105968 ____A (GameSpy ) C:\Users\Nele\Downloads\ComradeSetup3.2.17.236.exe
2012-06-06 19:17 - 2012-06-05 20:11 - 00000000 ____D C:\Users\Nele\AppData\Roaming\HLSW
2012-06-06 19:16 - 2012-06-06 19:16 - 07496144 ____A (GameSpy ) C:\Users\Nele\Downloads\ComradeSetup2.1.1.214.exe
2012-06-06 12:19 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Nele\AppData\Local\{8FE6DAC1-DCFF-46E6-9FF6-36DB36866FBD}
2012-06-06 12:18 - 2012-06-06 12:18 - 00000000 ____D C:\Users\Nele\AppData\Local\{44A6ECFD-72FA-479C-A0D3-5A2F120E2F37}
2012-06-06 12:13 - 2010-09-14 21:04 - 00000000 ____D C:\Users\Nele\AppData\Local\Adobe
2012-06-05 20:11 - 2012-06-05 20:11 - 00000000 ___SD C:\Program Files (x86)\HLSW
2012-06-05 20:05 - 2011-04-10 21:00 - 00000000 ____D C:\Users\Nele\Downloads\mBot
2012-06-03 19:55 - 2011-11-12 09:00 - 00000000 ____D C:\Program Files\MAXON
2012-06-03 19:54 - 2011-11-12 08:58 - 00000000 ____D C:\Users\Nele\AppData\Roaming\MAXON
2012-06-03 18:48 - 2010-09-14 00:37 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Adobe
2012-06-03 18:33 - 2010-09-13 23:51 - 00109264 ____A C:\Users\Nele\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-03 16:21 - 2012-06-03 16:21 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-03 16:21 - 2010-09-14 21:05 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-03 16:20 - 2012-06-03 15:55 - 00000000 ____D C:\Program Files\Adobe
2012-06-03 16:20 - 2010-09-29 16:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-03 16:19 - 2010-09-14 21:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-03 16:14 - 2012-06-03 16:14 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-03 16:14 - 2012-06-03 16:14 - 00000000 ____D C:\Users\All Users\ALM
2012-06-03 16:10 - 2012-06-03 16:10 - 00000000 ____D C:\Users\Nele\Adobe Flash Builder 4.6
2012-06-03 16:03 - 2012-06-03 16:03 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-03 14:07 - 2010-09-29 15:47 - 00002178 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-03 12:42 - 2010-10-04 20:45 - 00000000 ____D C:\Users\Nele\Documents\Digitale foto's nieuwe Sony
2012-06-03 09:37 - 2010-11-07 15:48 - 00000000 ____D C:\Users\Nele\Documents\Jasper
2012-05-31 18:38 - 2012-05-31 18:38 - 00000000 ____D C:\Users\Nele\AppData\Local\{222183F8-491A-4097-AE4B-B0A9C1E6F441}
2012-05-31 18:38 - 2010-09-13 23:42 - 00000000 ___RD C:\Users\Nele\Mijn afbeeldingen
2012-05-31 18:37 - 2012-05-31 18:37 - 00000000 ____D C:\Users\Nele\AppData\Local\{13E88110-38B9-4948-9486-E9A0330E25C1}
2012-05-30 22:09 - 2012-05-30 21:30 - 00000000 ____D C:\Users\Nele\AppData\Roaming\FileZilla
2012-05-30 21:28 - 2012-05-30 21:27 - 06806696 ____A C:\Users\Nele\Downloads\FileZilla_3.5.3_win32.zip
2012-05-30 21:25 - 2012-05-30 21:25 - 00000000 ____D C:\Program Files\SmartFTP Client
2012-05-30 21:24 - 2012-05-30 21:24 - 17642960 ____A (SmartSoft Ltd) C:\Users\Nele\Downloads\SFTPMSI.exe
2012-05-30 21:24 - 2012-05-30 21:24 - 00000000 ____D C:\Windows\System32\appmgmt
2012-05-30 21:24 - 2011-11-01 16:34 - 00000000 ____D C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-05-30 19:52 - 2012-05-30 19:52 - 00000000 ____D C:\Users\Nele\AppData\Local\{DF1DAAF4-FB44-409B-BCB6-2078C2D0385F}
2012-05-30 19:52 - 2012-05-30 19:52 - 00000000 ____D C:\Users\Nele\AppData\Local\{D4803620-CA34-4FB5-9EE6-EFFFC0B69CB4}
2012-05-29 19:17 - 2012-05-29 19:17 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2012-05-29 19:17 - 2012-05-29 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2012-05-28 14:10 - 2012-05-24 23:21 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2012-05-28 13:45 - 2012-05-28 13:45 - 00000000 ____D C:\Users\Nele\Documents\iZotope
2012-05-28 13:45 - 2012-05-28 13:45 - 00000000 ____D C:\Users\Nele\AppData\Roaming\iZotope
2012-05-28 13:35 - 2012-05-28 13:35 - 00000000 ____D C:\Program Files (x86)\iZotope
2012-05-28 02:01 - 2011-08-06 00:46 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Winamp
2012-05-27 13:24 - 2012-05-24 23:24 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SongManager
2012-05-26 14:24 - 2012-05-26 14:24 - 00000000 ____D C:\Users\Nele\Sylenth1DemoWin32
2012-05-26 00:01 - 2012-05-26 00:01 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SynthMaker
2012-05-25 23:44 - 2012-05-25 23:44 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Image-Line
2012-05-25 00:46 - 2012-05-25 00:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-25 00:40 - 2012-05-25 00:40 - 00000012 ____A C:\Windows\srun.log
2012-05-24 23:48 - 2012-05-24 23:48 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Deckadance19
2012-05-24 23:21 - 2012-05-24 23:21 - 00000000 ____D C:\Users\Nele\Documents\Image-Line
2012-05-24 23:21 - 2012-05-24 23:21 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-05-24 23:21 - 2012-05-24 23:17 - 00000000 ____D C:\Program Files (x86)\Image-Line
2012-05-24 23:20 - 2012-05-24 23:20 - 00000000 ____D C:\Program Files (x86)\Outsim
2012-05-24 23:07 - 2012-05-24 23:07 - 00000000 ____D C:\Users\Nele\Downloads\torry
2012-05-20 23:07 - 2012-04-28 23:22 - 00000000 ___RD C:\Users\Nele\Desktop\SHTF
2012-05-19 10:18 - 2012-05-19 10:18 - 124337260 ____A C:\Users\Nele\Downloads\db_makeawebsite.be.sql
2012-05-18 15:25 - 2012-05-18 15:25 - 00000000 ____D C:\Users\Nele\AppData\Local\{37A801A0-78F8-4971-9178-D38CBF7EA000}
2012-05-18 15:24 - 2012-05-18 15:24 - 00000000 ____D C:\Users\Nele\AppData\Local\{E4B350ED-7162-4D9B-9B24-379C34F881CB}
2012-05-18 03:47 - 2012-06-14 02:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-18 03:16 - 2012-06-14 02:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-18 03:06 - 2012-06-14 02:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-18 02:59 - 2012-06-14 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-18 02:59 - 2012-06-14 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-18 02:58 - 2012-06-14 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-18 02:58 - 2012-06-14 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-18 02:56 - 2012-06-14 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-18 02:55 - 2012-06-14 02:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-18 02:55 - 2012-06-14 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-18 02:54 - 2012-06-14 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-18 02:51 - 2012-06-14 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-18 02:51 - 2012-06-14 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-18 02:47 - 2012-06-14 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-18 00:11 - 2012-06-14 02:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 23:48 - 2012-06-14 02:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 23:45 - 2012-06-14 02:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 23:36 - 2012-06-14 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 23:35 - 2012-06-14 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 23:35 - 2012-06-14 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 23:33 - 2012-06-14 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 23:31 - 2012-06-14 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 23:29 - 2012-06-14 02:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 23:29 - 2012-06-14 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 23:27 - 2012-06-14 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 23:25 - 2012-06-14 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 23:24 - 2012-06-14 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 23:20 - 2012-06-14 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 13:49 - 2011-10-18 13:34 - 00000000 ____D C:\Users\Nele\AppData\Local\Search Assistant
2012-05-17 13:49 - 2011-09-18 21:10 - 00001472 ____A C:\Users\Nele\AppData\Local\UserProducts.xml
2012-05-15 19:51 - 2011-11-16 22:34 - 00001250 ____A C:\Users\Nele\Desktop\char inventaris.txt
2012-05-15 02:32 - 2012-06-13 05:47 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 02:01 - 2012-05-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 02:01 - 2012-05-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 19:07 - 2012-05-11 19:07 - 00000000 ____D C:\Users\Nele\AppData\Local\{39A97008-DA43-487A-A251-1C29447960FC}
2012-05-11 19:07 - 2012-05-11 19:07 - 00000000 ____D C:\Users\Nele\AppData\Local\{29333D92-62BB-4A16-8799-D6B6DAE1E9E4}
2012-05-10 19:05 - 2012-05-10 19:05 - 00000000 ____D C:\Users\Nele\AppData\Local\{4B6D09A9-7720-44E1-97BB-98C0CD5535D3}
2012-05-10 19:05 - 2012-05-10 19:04 - 00000000 ____D C:\Users\Nele\AppData\Local\{E3B61D07-05E7-43E5-9896-5040E5E45637}
2012-05-10 10:51 - 2012-05-10 10:51 - 00000000 ____D C:\Users\Nele\AppData\Local\{FD5742F4-0FB4-4302-8A54-1E0EB432356D}
2012-05-10 10:51 - 2012-05-10 10:51 - 00000000 ____D C:\Users\Nele\AppData\Local\{A7484443-339E-4B95-97A3-65923DC9F56C}
2012-05-10 02:04 - 2011-09-20 12:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 02:03 - 2009-07-14 03:34 - 00000542 ____A C:\Windows\win.ini
2012-05-10 02:00 - 2009-07-14 10:58 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 10:36 - 2012-05-08 21:52 - 00080384 ____A C:\Users\Nele\Downloads\isilk.dll
2012-05-05 20:03 - 2011-09-28 11:42 - 00057856 __ASH C:\Users\Nele\Desktop\Thumbs.db
2012-05-05 10:30 - 2012-05-05 10:30 - 00000012 ____A C:\Users\Nele\intlname.ols
2012-05-05 10:11 - 2011-08-26 14:17 - 01879064 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-04 12:06 - 2012-06-13 05:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:03 - 2012-06-13 05:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-13 05:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 06:40 - 2012-06-13 05:11 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 23:42 - 2012-04-28 23:42 - 00000000 ____D C:\Users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers
2012-04-28 23:42 - 2012-04-28 23:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-04-28 23:42 - 2012-04-28 23:41 - 00000000 ____D C:\Users\Nele\AppData\Roaming\DVDVideoSoft
2012-04-28 04:55 - 2012-06-13 05:00 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 21:19 - 2012-04-27 20:39 - 00000000 ____D C:\Users\Nele\Documents\Bestelling
2012-04-27 20:45 - 2011-09-17 10:10 - 00000000 ____D C:\Users\Nele\Documents\Reis Frankrijk 2011
2012-04-27 10:39 - 2012-04-27 10:39 - 00000000 ____D C:\Users\Nele\AppData\Local\{88505B47-B2D5-4C88-A30E-2ACFA491B757}
2012-04-27 10:39 - 2012-04-27 10:39 - 00000000 ____D C:\Users\Nele\AppData\Local\{26A8E401-149C-46BE-A91E-AB97A9A4B1AB}
2012-04-26 09:14 - 2012-04-26 09:14 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-26 09:14 - 2012-04-26 09:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 08:09 - 2012-04-26 08:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{CCB6BCBF-4F9C-431D-BD9E-8BD9A6CECD8C}
2012-04-26 08:09 - 2012-04-26 08:09 - 00000000 ____D C:\Users\Nele\AppData\Local\{5D37AE3C-0A91-41E3-8154-6D51C9FE5666}
2012-04-26 06:41 - 2012-06-13 05:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:41 - 2012-06-13 05:17 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:34 - 2012-06-13 05:17 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-04-26 02:32 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2012-04-26 02:32 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-26 02:31 - 2009-07-14 10:16 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sppui
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Setup
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\oobe
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\manifeststore
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\es-ES
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Dism
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\da-DK
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\cs-CZ
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-26 02:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-04-25 13:11 - 2010-09-14 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-25 13:09 - 2009-07-14 03:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-04-25 13:09 - 2009-07-14 03:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-04-25 13:00 - 2012-04-25 13:00 - 00000000 ____D C:\Windows\System32\SPReview
2012-04-25 12:59 - 2012-04-25 12:59 - 00000000 ____D C:\Windows\System32\EventProviders
2012-04-24 06:37 - 2012-06-13 05:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:37 - 2012-06-13 05:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:37 - 2012-06-13 05:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 05:36 - 2012-06-13 05:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 05:36 - 2012-06-13 05:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 05:36 - 2012-06-13 05:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-24 02:06 - 2012-04-22 20:05 - 00243712 ____A C:\Users\Nele\Documents\FirstProject.ocp
2012-04-22 20:05 - 2012-04-22 20:05 - 00000000 ____D C:\Program Files (x86)\Offline Commander
2012-04-22 19:59 - 2012-04-22 19:59 - 00463080 ____A (CNET Download.com) C:\Users\Nele\Downloads\cnet2_oc_setup_exe.exe
2012-04-22 19:46 - 2012-04-22 19:35 - 00000000 ____D C:\Users\Nele\Documents\Communie Lotte
2012-04-18 12:49 - 2012-04-28 23:42 - 00405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-04-12 07:31 - 2012-04-12 07:31 - 00000000 ____D C:\Users\Nele\AppData\Local\{CB92B25C-A96F-446B-A996-4AEB3CDB0338}
2012-04-12 07:31 - 2012-04-12 07:31 - 00000000 ____D C:\Users\Nele\AppData\Local\{002FDD5E-5D0B-42A4-89DE-F29D4B31E100}
2012-04-10 13:19 - 2011-02-08 14:28 - 00000000 ____D C:\Users\Nele\Downloads\sBot
2012-04-09 20:16 - 2012-04-08 23:51 - 00000000 ____D C:\Program Files (x86)\ACR
2012-04-09 19:04 - 2010-09-16 21:22 - 00000000 ____D C:\Users\Nele\Documents\SOLLICITEREN
2012-04-09 00:36 - 2010-09-14 00:42 - 00000000 ____D C:\Program Files (x86)\Steam
2012-04-08 23:51 - 2012-04-08 23:50 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-08 23:50 - 2012-04-08 23:50 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-04-08 23:38 - 2012-04-08 23:37 - 226633252 ____A (Eutechnyx, Ltd ) C:\Users\Nele\Downloads\ACR_setup.exe
2012-04-07 13:31 - 2012-06-13 05:44 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 12:26 - 2012-06-13 05:44 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-07 08:58 - 2012-04-07 08:58 - 00000060 ____A C:\GM_EFC0.tmp
2012-04-05 12:36 - 2012-04-05 12:36 - 00000000 ____D C:\Users\Nele\AppData\Local\{D0F9C18F-006A-49D6-9A9D-26CD02FFDD4F}
2012-04-05 12:36 - 2012-04-05 12:36 - 00000000 ____D C:\Users\Nele\AppData\Local\{4F795061-9545-45B7-A442-C6440F435560}
2012-04-03 16:13 - 2012-04-03 16:13 - 00029859 ____A C:\Users\Nele\Downloads\-.htm
2012-04-03 16:13 - 2012-04-03 16:13 - 00000000 ____D C:\Users\Nele\Downloads\-_bestanden
2012-04-03 13:49 - 2011-10-26 09:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\ICQ
2012-04-03 13:47 - 2012-04-03 13:47 - 00000000 ____D C:\Users\Nele\AppData\Local\{ACD13C2C-2F19-4287-A5B1-C57CEDCAEEBB}
2012-04-03 13:47 - 2010-11-01 01:34 - 00000000 ____D C:\Users\Nele\AppData\Local\Windows Live
2012-03-30 12:35 - 2012-05-09 21:41 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 23:55 - 2011-01-18 11:16 - 00120832 __ASH C:\Users\Nele\Downloads\Thumbs.db
2012-03-24 22:49 - 2012-03-24 22:30 - 1351588005 ____A C:\Users\Nele\Downloads\DuckRoadClient.rar
2012-03-24 22:32 - 2012-03-24 22:32 - 00000000 ____D C:\Users\Nele\Downloads\XGSRO
2012-03-24 21:52 - 2012-03-24 21:52 - 00001088 ____A C:\Users\Nele\Downloads\alchemy fail report.txt
2012-03-23 18:43 - 2012-03-23 18:43 - 00001158 ____A C:\Users\Nele\Downloads\sro lag report.txt
2012-03-22 12:43 - 2012-04-28 23:42 - 02557952 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCore4.dll
2012-03-20 18:10 - 2011-02-26 21:32 - 00000000 ____D C:\Users\Nele\AppData\Local\Google

ZeroAccess:
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000004.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000008.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000004.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000008.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\000000cb.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000000.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000032.@
C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000064.@

ZeroAccess:
C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}
C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L
C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 12287.18 MB
Available physical RAM: 11275.84 MB
Total Pagefile: 12285.33 MB
Available Pagefile: 11265.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:35.52 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
5 Drive h: (INTENSO USB) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 465 GB 0 B
Schf 1 Online 465 GB 0 B
Schf 2 Online 1912 MB 0 B
Schf 3 Geen medium 0 B 0 B
Schf 4 Geen medium 0 B 0 B
Schf 5 Geen medium 0 B 0 B
Schf 6 Geen medium 0 B 0 B

DiskPart afsluiten...


==========================================================

Last Boot: 2012-06-14 14:07

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 16 June 2012 - 12:45 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}
C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 June 2012 - 01:15 PM

ok thanks i'll do this right away and edit this post with results.

Here is the logfile.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-06-2012
Ran by SYSTEM at 2012-06-16 20:18:08 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8} moved successfully.
C:\Users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8} moved successfully.

==== End of Fixlog ====

Edited by SoNoVa, 16 June 2012 - 01:24 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 16 June 2012 - 01:23 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 June 2012 - 01:47 PM

okay so what's our next step in this procces?
the fix went flawless and my pc is already starting to work smoother i must say.

Thanks already :D

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 16 June 2012 - 09:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 17 June 2012 - 02:40 AM

Results from combofix





ComboFix 12-06-16.02 - Nele 17/06/2012 9:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.12287.10664 [GMT 2:00]
Gestart vanuit: c:\users\Nele\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\hpeD2AD.dll
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000004.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000008.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\n
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000004.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000008.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\000000cb.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000000.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000032.@
c:\users\Nele\AppData\Local\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000064.@
c:\users\Nele\AppData\Roaming\edxLabs
c:\users\Nele\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\17761977.txt
c:\users\Nele\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\18487101.txt
c:\users\Nele\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\96388431.txt
c:\users\Nele\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000004.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\L\00000008.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\n
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000004.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\00000008.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\000000cb.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000000.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000032.@
c:\windows\Installer\{b26abb7a-b325-032b-fc27-f0a7a9b8f7f8}\U\80000064.@
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-17 to 2012-06-17 ))))))))))))))))))))))))))))))
.
.
2012-06-17 07:25 . 2012-06-17 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 13:37 . 2012-06-16 13:38 -------- d-----w- C:\FRST
2012-06-15 20:06 . 2012-06-15 20:06 -------- d-----w- c:\users\Nele\AppData\Roaming\Apple Computer
2012-06-15 19:57 . 2012-06-15 20:13 -------- d-----w- C:\Fraps
2012-06-15 19:37 . 2012-06-15 19:37 -------- d-----w- c:\users\Nele\AppData\Roaming\BANDISOFT
2012-06-15 19:35 . 2012-06-15 19:35 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-06-14 12:06 . 2012-06-14 12:06 -------- d-----w- c:\users\Nele\AppData\Local\Macromedia
2012-06-14 11:41 . 2012-06-14 11:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 04:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 04:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 04:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 04:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 04:11 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 04:00 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 20:08 . 2012-06-12 20:08 108475 ----a-w- c:\windows\Thumbplug TGA Uninstaller.exe
2012-06-12 20:08 . 2012-06-12 20:08 -------- d-----w- c:\program files (x86)\Thumbplug TGA
2012-06-11 12:43 . 2002-07-17 13:23 45056 ----a-w- c:\windows\SysWow64\WNASPI32.DLL
2012-06-11 12:43 . 2002-07-17 13:20 84832 ----a-w- c:\windows\SysWow64\drivers\ASPI32.SYS
2012-06-11 12:43 . 2012-06-11 12:43 -------- d-----w- c:\program files (x86)\4Musics WAV Bitrate Changer
2012-06-11 12:37 . 2012-06-11 12:37 -------- d-----w- c:\users\Nele\AppData\Roaming\Free MP3 WMA OGG Converter
2012-06-11 12:37 . 2012-06-11 12:37 -------- d-----w- c:\program files (x86)\Free MP3 WMA OGG Converter
2012-06-11 12:34 . 2012-06-11 12:34 -------- d-----w- c:\programdata\FreeRIP
2012-06-11 12:31 . 2001-08-08 20:00 40960 ----a-w- c:\windows\SysWow64\DGPNorm.ocx
2012-06-11 12:26 . 2012-06-11 12:28 -------- d-----w- c:\program files (x86)\Ace MP3 To WAV Converter
2012-06-11 12:26 . 2002-11-15 11:17 892928 ----a-w- c:\windows\SysWow64\NCTAudioInformation.dll
2012-06-11 12:26 . 2002-11-13 09:14 1703936 ----a-w- c:\windows\SysWow64\NCTAudioFile.dll
2012-06-11 12:26 . 2002-10-30 11:14 274432 ----a-w- c:\windows\SysWow64\NCTAudioPlayer.dll
2012-06-11 12:26 . 2002-09-06 09:36 233472 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-06-11 12:26 . 2002-07-09 20:42 140288 ------w- c:\windows\SysWow64\Comdlg32.ocx
2012-06-11 12:26 . 2000-08-21 09:22 1388544 ----a-w- c:\windows\SysWow64\temp.003
2012-06-11 12:26 . 2000-06-08 15:00 73785 ----a-w- c:\windows\SysWow64\temp.002
2012-06-06 18:21 . 2012-06-12 18:14 -------- d-----w- c:\users\Nele\AppData\Local\GameSpy
2012-06-05 19:11 . 2012-06-06 18:17 -------- d-----w- c:\users\Nele\AppData\Roaming\HLSW
2012-06-05 19:11 . 2012-06-05 19:11 -------- d-s---w- c:\program files (x86)\HLSW
2012-06-03 15:21 . 2012-06-03 15:21 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-03 15:14 . 2012-06-03 15:14 -------- d-----w- c:\windows\system32\Macromed
2012-06-03 15:14 . 2012-06-03 15:14 -------- d-----w- c:\programdata\ALM
2012-06-03 15:10 . 2012-06-03 15:10 -------- d-----w- c:\users\Nele\Adobe Flash Builder 4.6
2012-06-03 15:03 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-03 15:03 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-06-03 15:03 . 2012-06-03 15:03 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-06-03 15:03 . 2012-06-03 15:03 -------- d-----w- c:\program files (x86)\My Company Name
2012-05-30 20:30 . 2012-05-30 21:09 -------- d-----w- c:\users\Nele\AppData\Roaming\FileZilla
2012-05-30 20:25 . 2012-05-30 20:25 -------- d-----w- c:\program files\SmartFTP Client
2012-05-30 20:24 . 2012-05-30 20:24 -------- d-----w- c:\windows\system32\appmgmt
2012-05-29 18:17 . 2012-05-29 18:17 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2012-05-29 18:17 . 2012-05-29 18:17 -------- d-----w- c:\program files\Microsoft LifeCam
2012-05-28 12:45 . 2012-05-28 12:45 -------- d-----w- c:\users\Nele\AppData\Roaming\iZotope
2012-05-28 12:35 . 2012-05-28 12:35 -------- d-----w- c:\program files (x86)\iZotope
2012-05-28 12:35 . 2012-05-28 12:35 -------- d-----w- c:\program files (x86)\Common Files\VST3
2012-05-28 12:08 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2012-05-26 16:13 . 2006-09-13 23:21 2240 ----a-w- c:\windows\LENDIG.sys
2012-05-26 13:24 . 2012-05-26 13:24 -------- d-----w- c:\users\Nele\Sylenth1DemoWin32
2012-05-26 12:36 . 2012-05-26 12:36 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-05-26 11:40 . 2012-05-26 11:40 -------- d-----w- c:\program files (x86)\Common Files\reFX
2012-05-26 11:36 . 2009-10-24 19:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2012-05-25 23:01 . 2012-05-25 23:01 -------- d-----w- c:\users\Nele\AppData\Roaming\SynthMaker
2012-05-25 22:44 . 2012-05-25 22:44 -------- d-----w- c:\users\Nele\AppData\Roaming\Image-Line
2012-05-24 23:46 . 2012-05-24 23:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-24 22:48 . 2012-05-24 22:48 -------- d-----w- c:\users\Nele\AppData\Roaming\Deckadance19
2012-05-24 22:24 . 2012-05-27 12:24 -------- d-----w- c:\users\Nele\AppData\Roaming\SongManager
2012-05-24 22:21 . 2012-05-24 22:21 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-05-24 22:21 . 2012-05-28 13:10 -------- d-----w- c:\program files (x86)\VstPlugins
2012-05-24 22:21 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-05-24 22:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-24 22:20 . 2012-05-24 22:20 -------- d-----w- c:\program files (x86)\Outsim
2012-05-24 22:17 . 2012-05-24 22:21 -------- d-----w- c:\program files (x86)\Image-Line
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 11:41 . 2011-05-17 11:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-22 16:30 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCF1E2DE-9B94-40DF-B4EB-43AF5F857A25}\mpengine.dll
2012-04-25 12:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-25 12:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-18 11:49 . 2012-04-28 22:42 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-04-07 07:58 . 2012-04-07 07:58 60 ----a-w- C:\GM_EFC0.tmp
2012-03-30 11:35 . 2012-05-09 20:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 11:43 . 2012-04-28 22:42 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Nele\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-26 39408]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-13 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-13 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2009-07-13 34048]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 20:32]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 20:32]
.
2012-06-17 c:\windows\Tasks\update-S-1-5-21-90052399-1323003172-978734720-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-09-18 20:09]
.
2012-06-17 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-09-18 20:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.immoweb.be/nl/customer.cfm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Nele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
Handler: ssp - {1E8068DE-05AD-11D4-ACC8-EF447469245C} - c:\progra~2\OFFLIN~1\ssp.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\x42ip6nx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-90052399-1323003172-978734720-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,6d,15,c6,fb,c3,50,37,1b,b3,d6,38,c2,12,c5,67,47,5f,8f,47,db,
66,c4,fd,e4,f1,62,49,9f,81,6f,21,49,29,d7,e3,1e,45,05,d0,7a,94,13,46,87,76,\
"rkeysecu"=hex:3b,68,a3,5c,e0,78,b7,94,21,42,f7,3d,2d,46,b0,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-17 09:37:03 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-17 07:37
.
Pre-Run: 28.049.174.528 bytes beschikbaar
Post-Run: 49.408.499.712 bytes beschikbaar
.
- - End Of File - - 190501B2954A394818FB84A5DDAFC267

#14 SoNoVa

SoNoVa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 17 June 2012 - 10:53 AM

My Windows firewall is back up and working! THANKS
The pc is doing much better overall now :)

Edited by SoNoVa, 17 June 2012 - 10:53 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:19 AM

Posted 17 June 2012 - 10:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users