Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with patched_c.LXT


  • This topic is locked This topic is locked
37 replies to this topic

#1 Renfan

Renfan

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 19 June 2012 - 10:29 AM

I already opened a Topic.

Here's the link: Infected with patched_c.LXT

Here are the logfiles of DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Philipp at 17:24:04 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8190.5695 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
D:\Programme\EVGA Precision X\EVGAPrecision.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\System32\rundll32.exe
D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe
D:\Programme\Aqua Computer\aquasuite\aquasuite.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
D:\Programme\Origin\Origin.exe
D:\Programme\Java\bin\javaw.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k swprv
D:\Programme\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Philipp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - C:\Program Files (x86)\ToolKitService\splash.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Programme\Java\bin\jp2ssv.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - C:\Program Files (x86)\ToolKitService\toolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [RemoteControl9] d:\Programme\Cyberlink\PowerDVD9\PDVD9Serv.exe
mRun: [EVTUNE] D:\Programme\EVGA Precision X\Bundle\EVTune\EVTune.exe -silent
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AQUASU~1.LNK - D:\Programme\Aqua Computer\aquasuite\aquasuite.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{D0599518-8EF9-4F57-A1B3-03FE95D83EA8} : DhcpNameServer = 192.168.178.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{70EA269E-56DF-49C2-86B2-1A1924ED88B4}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D3B22A92-87A2-47b6-B3E6-A64877B5C242}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [RemoteControl9] d:\Programme\Cyberlink\PowerDVD9\PDVD9Serv.exe
mRun-x64: [EVTUNE] D:\Programme\EVGA Precision X\Bundle\EVTune\EVTune.exe -silent
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;D:\Programme\EVGA Precision X\RTCore64.sys [2012-4-14 15176]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 VMfilt;VMfilt;C:\Windows\system32\drivers\VMfilt64.sys --> C:\Windows\system32\drivers\VMfilt64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 CLKMSVC10_BB1DDEDD;CyberLink Product - 2011/10/28 13:39:58;D:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;D:\Programme\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2012-2-26 28320]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-13 79360]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys --> C:\Windows\system32\drivers\scramby_out.sys [?]
S3 ToolkitDisk;ToolkitDisk;\??\C:\Windows\system32\Drivers\toolkitdisk.sys --> C:\Windows\system32\Drivers\toolkitdisk.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2011-12-31 680464]
.
=============== Created Last 30 ================
.
2012-06-19 14:46:17 -------- d-----w- C:\Users\Philipp\AppData\Local\{EB4C4B95-94D2-4A97-9F56-1714A5EC9878}
2012-06-19 14:45:48 -------- d-----w- C:\Users\Philipp\AppData\Local\{588656FA-6609-4F0D-A708-3AF111F0136A}
2012-06-18 14:43:14 -------- d-----w- C:\Users\Philipp\AppData\Local\{8D1507C6-EEC1-4363-9255-B04A01BD11DD}
2012-06-17 16:00:08 -------- d-----w- C:\Users\Philipp\AppData\Local\{F7CC23A1-4454-42D2-A977-EA094798FDFA}
2012-06-17 09:58:16 -------- d-----w- C:\Users\Philipp\AppData\Local\{FD05BD94-B2D8-4E46-9644-BBE158B11FD6}
2012-06-17 09:30:18 329216 ----a-w- C:\Windows\System32\services.exe
2012-06-17 08:51:53 -------- d-----w- C:\Users\Philipp\AppData\Local\{DCB15CC7-CD53-4538-92A8-7C0D022558D5}
2012-06-16 19:36:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-16 14:55:59 -------- d-----w- C:\Users\Philipp\AppData\Local\{D773507D-C982-4278-B79F-7DD959245AC8}
2012-06-16 12:25:07 -------- d-----w- C:\Users\Philipp\AppData\Local\{ED4A5D3F-FF6F-47A4-AF85-1CF115C10A52}
2012-06-15 12:13:28 -------- d-----w- C:\Users\Philipp\AppData\Local\{759FDABA-564A-4DF9-8753-B14CF937B478}
2012-06-14 15:45:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 15:45:32 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-14 14:09:54 -------- d-----w- C:\Users\Philipp\AppData\Local\{D5358912-E3FD-4E15-A5E5-E69EC5E1F048}
2012-06-14 14:09:28 -------- d-----w- C:\Users\Philipp\AppData\Local\{249EE2E3-852A-4183-991B-DA049A712777}
2012-06-13 15:14:28 -------- d-----w- C:\Users\Philipp\AppData\Local\{0A709C51-3AF8-4748-A343-43F5B64F24EF}
2012-06-13 15:14:17 -------- d-----w- C:\Users\Philipp\AppData\Local\{DFC2F76D-8692-4921-AF40-5C80176E4D5B}
2012-06-12 15:08:44 -------- d-----w- C:\Users\Philipp\AppData\Local\{AEE0D567-53CF-457E-95AD-BC91B08B587A}
2012-06-12 15:08:20 -------- d-----w- C:\Users\Philipp\AppData\Local\{C82DF501-AB3C-427A-87FF-0E38E27F4617}
2012-06-11 14:45:03 -------- d-----w- C:\Users\Philipp\AppData\Local\{0A64403A-2CF5-4F2D-9EC6-1C30049264C7}
2012-06-11 14:44:39 -------- d-----w- C:\Users\Philipp\AppData\Local\{D8E95872-AF46-45EB-9B08-32CB208B57CC}
2012-06-10 09:20:47 -------- d-----w- C:\Users\Philipp\AppData\Local\{27C96A4C-2480-45D7-ADC2-61CA585439CE}
2012-06-10 09:20:26 -------- d-----w- C:\Users\Philipp\AppData\Local\{349CBE51-7012-4083-B381-9A0B9E780031}
2012-06-09 17:14:46 -------- d-----w- C:\Users\Philipp\AppData\Local\{A752BB94-C0BE-4771-973B-7BBA423DF02E}
2012-06-09 17:14:23 -------- d-----w- C:\Users\Philipp\AppData\Local\{F4ED7356-9989-4C6A-B4ED-822A4B0B7B19}
2012-06-07 13:34:51 -------- d-----w- C:\Users\Philipp\AppData\Local\{25427C8A-EAB8-450F-B018-F366EB528D02}
2012-06-07 10:30:59 -------- d-----w- C:\Users\Philipp\AppData\Local\{C02CB438-3904-404A-A225-5273264AF9C6}
2012-06-06 15:00:55 -------- d-----w- C:\Users\Philipp\AppData\Local\{04FA8CC4-4704-4B39-8987-336AB9036865}
2012-06-06 15:00:30 -------- d-----w- C:\Users\Philipp\AppData\Local\{D343BCA0-219D-4075-84B3-E8394543ED95}
2012-06-05 14:37:10 -------- d-----w- C:\Users\Philipp\AppData\Local\{79C998A0-C349-487A-9F98-4179366A4D69}
2012-06-05 14:36:47 -------- d-----w- C:\Users\Philipp\AppData\Local\{9FEC4D8F-1019-4241-A0E7-81E70E91986E}
2012-06-04 14:48:23 -------- d-----w- C:\Users\Philipp\AppData\Local\{9ABFB77B-8753-4993-8E46-C5B1263A3854}
2012-06-04 14:47:58 -------- d-----w- C:\Users\Philipp\AppData\Local\{C2237B20-6A96-4DBE-8590-5CD8EFBA3A7A}
2012-06-03 12:07:52 -------- d-----w- C:\Users\Philipp\AppData\Local\{F206A6E3-9D56-4B75-855A-34E4522134FE}
2012-06-03 12:07:40 -------- d-----w- C:\Users\Philipp\AppData\Local\{86452CC2-D3CD-4CBE-A3C8-171702A130CB}
2012-06-03 07:49:12 -------- d-----w- C:\Users\Philipp\AppData\Local\{4F135D04-D6EF-4DBB-B9BB-5EB4A867D21C}
2012-06-02 22:44:31 -------- d-----w- C:\Users\Philipp\AppData\Local\{848FC7D8-C169-4FC3-8644-93901B908F28}
2012-06-02 22:44:19 -------- d-----w- C:\Users\Philipp\AppData\Local\{E424C5EF-5D0B-43DC-BEC7-962E1519D435}
2012-06-02 11:34:30 -------- d-----w- C:\Program Files (x86)\WB Games
2012-06-02 10:26:44 -------- d-----w- C:\Users\Philipp\AppData\Local\{C4200986-86E5-4C35-9B99-8671505FB6F8}
2012-06-02 10:26:21 -------- d-----w- C:\Users\Philipp\AppData\Local\{E274CCCB-8C58-43D8-A5F7-F48E44BB3076}
2012-06-01 19:27:20 -------- d-----w- C:\Users\Philipp\AppData\Roaming\Day 1 Studios
2012-06-01 19:27:18 -------- d-----w- C:\Users\Philipp\AppData\Local\ALI213
2012-06-01 15:11:58 -------- d-----w- C:\Users\Philipp\AppData\Local\{246626B6-8995-4385-AE85-944BF07036B2}
2012-06-01 15:11:35 -------- d-----w- C:\Users\Philipp\AppData\Local\{3A9FEC7F-4ECE-4E38-86CB-25574AA61FF1}
2012-05-31 11:40:46 -------- d-----w- C:\Users\Philipp\AppData\Local\{876DC575-B0F3-4A30-B535-39C6151D6B7B}
2012-05-31 11:40:35 -------- d-----w- C:\Users\Philipp\AppData\Local\{0A9E0A7B-E4FF-46CC-9121-C0167A0AF92C}
2012-05-30 12:05:53 -------- d-----w- C:\Users\Philipp\AppData\Local\{6B4E5AF6-6D7F-4834-9412-750217FE3FC0}
2012-05-30 12:05:30 -------- d-----w- C:\Users\Philipp\AppData\Local\{DB0B308F-D9D6-4F27-A36E-B63CBC59A221}
2012-05-29 20:12:05 226304 ----a-w- C:\Windows\SysWow64\binkw32.dll
2012-05-29 18:40:45 -------- d-----w- C:\Users\Philipp\AppData\Local\4A Games
2012-05-29 07:13:44 -------- d-----w- C:\Users\Philipp\AppData\Local\{6F2B4461-DB8D-46A8-8DF6-20C6A16A4794}
2012-05-29 07:13:19 -------- d-----w- C:\Users\Philipp\AppData\Local\{C6D1EFFD-7F0C-42A3-BA81-30906BD320A6}
2012-05-28 10:38:04 -------- d-----w- C:\Users\Philipp\AppData\Local\{5A08494B-395E-4339-93AB-25E90A705603}
2012-05-28 10:37:41 -------- d-----w- C:\Users\Philipp\AppData\Local\{D468875F-6430-4226-A844-EBC8B11886D7}
2012-05-27 16:07:39 -------- d-----w- C:\Users\Philipp\AppData\Local\{F5C159BD-FC37-4196-8C1F-B7713CF5ADA3}
2012-05-27 16:07:16 -------- d-----w- C:\Users\Philipp\AppData\Local\{A6AC8DD5-EEAB-48D4-951E-D57E5BC60ADB}
2012-05-27 11:12:11 -------- d-----w- C:\Users\Philipp\AppData\Local\{D962E5D3-9353-4AFC-A68B-1074B6244DBE}
2012-05-27 08:11:09 -------- d-----w- C:\Users\Philipp\AppData\Local\{CEAE300E-8DFF-471B-BC82-A2F7BFD19363}
2012-05-26 13:58:21 -------- d-----w- C:\Users\Philipp\AppData\Local\{87C7BDEB-92F0-4448-A3AE-B18A7839EDDA}
2012-05-26 13:57:59 -------- d-----w- C:\Users\Philipp\AppData\Local\{2EACDB52-280A-4918-A2BA-B9C3BB758945}
2012-05-26 12:10:28 -------- d-----w- C:\Users\Philipp\AppData\Local\{CE55209F-689C-412E-AFD5-C35BFAFC36C9}
2012-05-25 22:03:52 -------- d-----w- C:\Users\Philipp\AppData\Local\{40E07E90-F95A-41F9-9769-C9F8EA3C6A2A}
2012-05-25 22:03:29 -------- d-----w- C:\Users\Philipp\AppData\Local\{B85C1DAB-1983-4DB1-AA92-97747A9D4B7A}
2012-05-25 08:27:52 -------- d-----w- C:\Users\Philipp\AppData\Local\{354651F1-E548-4072-9E88-589AAAED6076}
2012-05-25 08:27:30 -------- d-----w- C:\Users\Philipp\AppData\Local\{DC9BB43E-DABE-40F7-8A25-D472CFAAD3B8}
2012-05-24 15:58:35 -------- d-----w- C:\Users\Philipp\AppData\Local\{E11ED031-3DAF-4478-AD31-4157AC1AF337}
2012-05-24 15:58:12 -------- d-----w- C:\Users\Philipp\AppData\Local\{5E6A0B89-FB30-4C2A-8489-00FA27C089F7}
2012-05-23 12:11:19 -------- d-----w- C:\Users\Philipp\AppData\Local\{E198A47E-261B-4607-9D3F-BAD238E52019}
2012-05-23 12:10:56 -------- d-----w- C:\Users\Philipp\AppData\Local\{2310AC77-A53E-467C-8776-30ABFEC1D595}
2012-05-22 13:30:28 -------- d-----w- C:\Users\Philipp\AppData\Local\{DA4D514F-EFF9-4ACB-958A-E3CBF8CE7181}
2012-05-22 13:30:05 -------- d-----w- C:\Users\Philipp\AppData\Local\{5E4393FE-987C-4CF2-B4CD-5A9016BBBED3}
2012-05-21 15:51:31 -------- d-----w- C:\Users\Philipp\AppData\Local\{FEE8EB12-D31F-42DA-B8F8-2492DF3D3C8C}
2012-05-21 15:51:08 -------- d-----w- C:\Users\Philipp\AppData\Local\{74EE0807-224C-4739-A42A-A5698D2C4002}
2012-05-21 15:33:21 -------- d-----w- C:\Users\Philipp\AppData\Local\EA Games
2012-05-21 15:32:12 -------- d-----w- C:\ProgramData\Solidshield
.
==================== Find3M ====================
.
2012-06-18 19:16:25 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-18 19:16:25 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-18 19:16:13 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-15 14:15:28 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 17:24:31,26 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13.10.2011 22:46:49
System Uptime: 19.06.2012 16:42:39 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair IV Formula
Processor: AMD Phenom™ II X6 1090T Processor | AM3 | 3913/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 6,603 GiB free.
D: is FIXED (NTFS) - 649 GiB total, 495,096 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP233: 19.06.2012 17:17:45 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Reader X (10.1.1) - Deutsch
Adobe Shockwave Player 11
AIDA64 Extreme Edition v2.20
AMD USB Filter Driver
Apple Application Support
Apple Software Update
aquasuite
Assassin's Creed Brotherhood
Battlefield 3
BattleForge™
Battlelog Web Plugins
BufferChm
C4700
CABAL Online - Legacy of Darkness Client
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 9
D3DX10
Dead Space™ 2
Destinations
DeviceDiscovery
DivX-Setup
eReg
ESN Sonar
EVGA Precision X 3.0.2
F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
FEAR_Installer_Fix
Fraps (remove only)
Google Chrome
GPBaseService2
HP Update
HPPhotoGadget
HPProductAssistant
hpWLPGInstaller
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java™ 6 Update 29
JDownloader 0.9
JMicron JMB36X Driver
Junk Mail filter update
LightScribe System Software
Marvell Miniport Driver
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Need for Speed™ SHIFT
NVIDIA PhysX
OpenAL
Origin
Platform
PS_AIO_06_C4700_SW_Min
PunkBuster Services
Renesas Electronics USB 3.0 Host Controller Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
SolutionCenter
Sound Blaster X-Fi MB
Status
Toolbox
TrayApp
Ubisoft Game Launcher
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VIA Plattform-Geräte-Manager
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Youtube Downloader HD v. 2.9.2
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 19 June 2012 - 11:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 June 2012 - 11:06 AM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.1)
Google Chrome 15.0.874.121
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


I can't start Combofix, i installed it but it won't start and there isn't a Logfile :(

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 20 June 2012 - 12:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 June 2012 - 03:03 PM

21:42:47.0259 5732 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:42:47.0376 5732 ============================================================
21:42:47.0376 5732 Current date / time: 2012/06/20 21:42:47.0376
21:42:47.0376 5732 SystemInfo:
21:42:47.0376 5732
21:42:47.0377 5732 OS Version: 6.1.7601 ServicePack: 1.0
21:42:47.0377 5732 Product type: Workstation
21:42:47.0377 5732 ComputerName: GAMING-PC
21:42:47.0377 5732 UserName: Philipp
21:42:47.0377 5732 Windows directory: C:\Windows
21:42:47.0377 5732 System windows directory: C:\Windows
21:42:47.0377 5732 Running under WOW64
21:42:47.0377 5732 Processor architecture: Intel x64
21:42:47.0377 5732 Number of processors: 6
21:42:47.0377 5732 Page size: 0x1000
21:42:47.0377 5732 Boot type: Normal boot
21:42:47.0377 5732 ============================================================
21:42:48.0188 5732 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:42:48.0191 5732 ============================================================
21:42:48.0191 5732 \Device\Harddisk0\DR0:
21:42:48.0191 5732 MBR partitions:
21:42:48.0192 5732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6400000
21:42:48.0192 5732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6432800, BlocksNum 0x51113000
21:42:48.0192 5732 ============================================================
21:42:48.0224 5732 C: <-> \Device\Harddisk0\DR0\Partition0
21:42:48.0269 5732 D: <-> \Device\Harddisk0\DR0\Partition1
21:42:48.0269 5732 ============================================================
21:42:48.0269 5732 Initialize success
21:42:48.0269 5732 ============================================================
21:43:25.0755 4292 ============================================================
21:43:25.0755 4292 Scan started
21:43:25.0755 4292 Mode: Manual;
21:43:25.0755 4292 ============================================================
21:43:26.0703 4292 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:43:26.0705 4292 1394ohci - ok
21:43:26.0735 4292 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:43:26.0738 4292 ACPI - ok
21:43:26.0744 4292 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:43:26.0745 4292 AcpiPmi - ok
21:43:26.0803 4292 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:43:26.0803 4292 AdobeARMservice - ok
21:43:26.0848 4292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:43:26.0852 4292 adp94xx - ok
21:43:26.0870 4292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:43:26.0873 4292 adpahci - ok
21:43:26.0883 4292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:43:26.0885 4292 adpu320 - ok
21:43:26.0908 4292 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:43:26.0909 4292 AeLookupSvc - ok
21:43:26.0948 4292 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:43:26.0952 4292 AFD - ok
21:43:26.0959 4292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:43:26.0960 4292 agp440 - ok
21:43:27.0018 4292 AIDA64Driver (abdf5fcd1340b34b6015e4bd31e7bbce) D:\Programme\FinalWire\AIDA64 Extreme Edition\kerneld.x64
21:43:27.0018 4292 AIDA64Driver - ok
21:43:27.0033 4292 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:43:27.0035 4292 ALG - ok
21:43:27.0046 4292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:43:27.0047 4292 aliide - ok
21:43:27.0054 4292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:43:27.0055 4292 amdide - ok
21:43:27.0070 4292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:43:27.0072 4292 AmdK8 - ok
21:43:27.0086 4292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:43:27.0087 4292 AmdPPM - ok
21:43:27.0111 4292 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:43:27.0113 4292 amdsata - ok
21:43:27.0129 4292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:43:27.0132 4292 amdsbs - ok
21:43:27.0147 4292 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:43:27.0148 4292 amdxata - ok
21:43:27.0175 4292 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:43:27.0177 4292 AppID - ok
21:43:27.0183 4292 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:43:27.0184 4292 AppIDSvc - ok
21:43:27.0212 4292 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:43:27.0213 4292 Appinfo - ok
21:43:27.0277 4292 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:43:27.0278 4292 Apple Mobile Device - ok
21:43:27.0307 4292 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:43:27.0308 4292 arc - ok
21:43:27.0322 4292 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:43:27.0323 4292 arcsas - ok
21:43:27.0426 4292 AsIO (68726474c69b738eac3a62e06b33addc) C:\Windows\syswow64\drivers\AsIO.sys
21:43:27.0427 4292 AsIO - ok
21:43:27.0447 4292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:43:27.0448 4292 AsyncMac - ok
21:43:27.0453 4292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:43:27.0453 4292 atapi - ok
21:43:27.0496 4292 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:43:27.0502 4292 AudioEndpointBuilder - ok
21:43:27.0507 4292 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:43:27.0510 4292 AudioSrv - ok
21:43:27.0640 4292 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:43:27.0694 4292 AVGIDSAgent - ok
21:43:27.0756 4292 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:43:27.0758 4292 AVGIDSDriver - ok
21:43:27.0764 4292 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:43:27.0765 4292 AVGIDSEH - ok
21:43:27.0768 4292 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:43:27.0769 4292 AVGIDSFilter - ok
21:43:27.0781 4292 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
21:43:27.0784 4292 Avgldx64 - ok
21:43:27.0796 4292 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:43:27.0797 4292 Avgmfx64 - ok
21:43:27.0805 4292 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:43:27.0806 4292 Avgrkx64 - ok
21:43:27.0820 4292 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:43:27.0823 4292 Avgtdia - ok
21:43:27.0847 4292 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:43:27.0848 4292 avgwd - ok
21:43:27.0872 4292 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:43:27.0873 4292 AxInstSV - ok
21:43:27.0905 4292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:43:27.0910 4292 b06bdrv - ok
21:43:27.0932 4292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:43:27.0935 4292 b57nd60a - ok
21:43:27.0965 4292 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:43:27.0966 4292 BDESVC - ok
21:43:27.0981 4292 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:43:27.0982 4292 Beep - ok
21:43:28.0015 4292 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:43:28.0021 4292 BFE - ok
21:43:28.0057 4292 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:43:28.0064 4292 BITS - ok
21:43:28.0100 4292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:43:28.0101 4292 blbdrive - ok
21:43:28.0123 4292 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:43:28.0124 4292 bowser - ok
21:43:28.0134 4292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:43:28.0135 4292 BrFiltLo - ok
21:43:28.0141 4292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:43:28.0142 4292 BrFiltUp - ok
21:43:28.0162 4292 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:43:28.0163 4292 BridgeMP - ok
21:43:28.0189 4292 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:43:28.0190 4292 Browser - ok
21:43:28.0208 4292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:43:28.0211 4292 Brserid - ok
21:43:28.0224 4292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:43:28.0226 4292 BrSerWdm - ok
21:43:28.0237 4292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:43:28.0238 4292 BrUsbMdm - ok
21:43:28.0244 4292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:43:28.0245 4292 BrUsbSer - ok
21:43:28.0258 4292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:43:28.0260 4292 BTHMODEM - ok
21:43:28.0267 4292 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:43:28.0269 4292 bthserv - ok
21:43:28.0281 4292 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:43:28.0282 4292 cdfs - ok
21:43:28.0315 4292 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:43:28.0317 4292 cdrom - ok
21:43:28.0349 4292 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:43:28.0350 4292 CertPropSvc - ok
21:43:28.0360 4292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:43:28.0361 4292 circlass - ok
21:43:28.0379 4292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:43:28.0382 4292 CLFS - ok
21:43:28.0459 4292 CLKMSVC10_BB1DDEDD (4642b5a3e0d2e61d08163de95fc5b949) d:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
21:43:28.0461 4292 CLKMSVC10_BB1DDEDD - ok
21:43:28.0522 4292 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:43:28.0523 4292 clr_optimization_v2.0.50727_32 - ok
21:43:28.0563 4292 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:43:28.0565 4292 clr_optimization_v2.0.50727_64 - ok
21:43:28.0606 4292 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:43:28.0607 4292 clr_optimization_v4.0.30319_32 - ok
21:43:28.0623 4292 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:43:28.0624 4292 clr_optimization_v4.0.30319_64 - ok
21:43:28.0639 4292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:43:28.0640 4292 CmBatt - ok
21:43:28.0671 4292 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:43:28.0672 4292 cmdide - ok
21:43:28.0718 4292 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:43:28.0722 4292 CNG - ok
21:43:28.0782 4292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:43:28.0783 4292 Compbatt - ok
21:43:28.0913 4292 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:43:28.0914 4292 CompositeBus - ok
21:43:28.0928 4292 COMSysApp - ok
21:43:28.0936 4292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:43:28.0937 4292 crcdisk - ok
21:43:29.0006 4292 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
21:43:29.0008 4292 Creative ALchemy AL6 Licensing Service - ok
21:43:29.0030 4292 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:43:29.0032 4292 Creative Audio Engine Licensing Service - ok
21:43:29.0047 4292 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:43:29.0049 4292 CryptSvc - ok
21:43:29.0085 4292 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:43:29.0088 4292 CTAudSvcService - ok
21:43:29.0116 4292 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:43:29.0121 4292 DcomLaunch - ok
21:43:29.0162 4292 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:43:29.0165 4292 defragsvc - ok
21:43:29.0236 4292 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:43:29.0237 4292 DfsC - ok
21:43:29.0262 4292 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:43:29.0265 4292 Dhcp - ok
21:43:29.0275 4292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:43:29.0275 4292 discache - ok
21:43:29.0287 4292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:43:29.0288 4292 Disk - ok
21:43:29.0315 4292 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:43:29.0317 4292 Dnscache - ok
21:43:29.0348 4292 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:43:29.0351 4292 dot3svc - ok
21:43:29.0384 4292 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:43:29.0386 4292 Dot4 - ok
21:43:29.0396 4292 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:43:29.0397 4292 Dot4Print - ok
21:43:29.0410 4292 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:43:29.0412 4292 dot4usb - ok
21:43:29.0430 4292 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:43:29.0432 4292 DPS - ok
21:43:29.0457 4292 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:43:29.0458 4292 drmkaud - ok
21:43:29.0495 4292 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:43:29.0503 4292 DXGKrnl - ok
21:43:29.0519 4292 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:43:29.0521 4292 EapHost - ok
21:43:29.0601 4292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:43:29.0646 4292 ebdrv - ok
21:43:29.0716 4292 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:43:29.0717 4292 EFS - ok
21:43:29.0762 4292 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:43:29.0768 4292 ehRecvr - ok
21:43:29.0793 4292 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:43:29.0794 4292 ehSched - ok
21:43:29.0827 4292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:43:29.0832 4292 elxstor - ok
21:43:29.0846 4292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:43:29.0847 4292 ErrDev - ok
21:43:29.0873 4292 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:43:29.0877 4292 EventSystem - ok
21:43:29.0890 4292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:43:29.0892 4292 exfat - ok
21:43:29.0906 4292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:43:29.0908 4292 fastfat - ok
21:43:29.0940 4292 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:43:29.0947 4292 Fax - ok
21:43:29.0954 4292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:43:29.0955 4292 fdc - ok
21:43:29.0980 4292 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:43:29.0981 4292 fdPHost - ok
21:43:29.0993 4292 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:43:29.0995 4292 FDResPub - ok
21:43:30.0004 4292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:43:30.0005 4292 FileInfo - ok
21:43:30.0013 4292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:43:30.0014 4292 Filetrace - ok
21:43:30.0024 4292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:43:30.0025 4292 flpydisk - ok
21:43:30.0051 4292 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:43:30.0053 4292 FltMgr - ok
21:43:30.0090 4292 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:43:30.0113 4292 FontCache - ok
21:43:30.0155 4292 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:43:30.0157 4292 FontCache3.0.0.0 - ok
21:43:30.0169 4292 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:43:30.0170 4292 FsDepends - ok
21:43:30.0187 4292 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:43:30.0188 4292 Fs_Rec - ok
21:43:30.0214 4292 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:43:30.0216 4292 fvevol - ok
21:43:30.0228 4292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:43:30.0230 4292 gagp30kx - ok
21:43:30.0262 4292 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:43:30.0264 4292 GEARAspiWDM - ok
21:43:30.0303 4292 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:43:30.0311 4292 gpsvc - ok
21:43:30.0334 4292 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:43:30.0336 4292 hamachi - ok
21:43:30.0339 4292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:43:30.0340 4292 hcw85cir - ok
21:43:30.0380 4292 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:43:30.0384 4292 HdAudAddService - ok
21:43:30.0412 4292 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:43:30.0413 4292 HDAudBus - ok
21:43:30.0421 4292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:43:30.0422 4292 HidBatt - ok
21:43:30.0435 4292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:43:30.0437 4292 HidBth - ok
21:43:30.0449 4292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:43:30.0450 4292 HidIr - ok
21:43:30.0461 4292 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:43:30.0462 4292 hidserv - ok
21:43:30.0474 4292 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:43:30.0475 4292 HidUsb - ok
21:43:30.0494 4292 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:43:30.0496 4292 hkmsvc - ok
21:43:30.0508 4292 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:43:30.0511 4292 HomeGroupListener - ok
21:43:30.0537 4292 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:43:30.0540 4292 HomeGroupProvider - ok
21:43:30.0627 4292 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:43:30.0629 4292 hpqcxs08 - ok
21:43:30.0657 4292 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:43:30.0658 4292 hpqddsvc - ok
21:43:30.0671 4292 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:43:30.0672 4292 HpSAMD - ok
21:43:30.0736 4292 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:43:30.0744 4292 HPSLPSVC - ok
21:43:30.0770 4292 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:43:30.0772 4292 HTCAND64 - ok
21:43:30.0815 4292 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:43:30.0816 4292 htcnprot - ok
21:43:30.0855 4292 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:43:30.0861 4292 HTTP - ok
21:43:30.0893 4292 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:43:30.0894 4292 hwpolicy - ok
21:43:30.0917 4292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:43:30.0919 4292 i8042prt - ok
21:43:30.0952 4292 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:43:30.0955 4292 iaStorV - ok
21:43:30.0996 4292 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:43:30.0998 4292 IDriverT - ok
21:43:31.0062 4292 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:43:31.0070 4292 idsvc - ok
21:43:31.0130 4292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:43:31.0132 4292 iirsp - ok
21:43:31.0160 4292 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:43:31.0167 4292 IKEEXT - ok
21:43:31.0200 4292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:43:31.0201 4292 intelide - ok
21:43:31.0231 4292 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:43:31.0232 4292 intelppm - ok
21:43:31.0269 4292 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:43:31.0271 4292 IPBusEnum - ok
21:43:31.0292 4292 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:43:31.0294 4292 IpFilterDriver - ok
21:43:31.0346 4292 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:43:31.0351 4292 iphlpsvc - ok
21:43:31.0373 4292 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:43:31.0375 4292 IPMIDRV - ok
21:43:31.0388 4292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:43:31.0390 4292 IPNAT - ok
21:43:31.0468 4292 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
21:43:31.0475 4292 iPod Service - ok
21:43:31.0496 4292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:43:31.0498 4292 IRENUM - ok
21:43:31.0514 4292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:43:31.0515 4292 isapnp - ok
21:43:31.0527 4292 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:43:31.0530 4292 iScsiPrt - ok
21:43:31.0581 4292 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
21:43:31.0582 4292 JRAID - ok
21:43:31.0597 4292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:43:31.0598 4292 kbdclass - ok
21:43:31.0607 4292 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:43:31.0608 4292 kbdhid - ok
21:43:31.0628 4292 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:43:31.0629 4292 KeyIso - ok
21:43:31.0651 4292 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:43:31.0652 4292 KSecDD - ok
21:43:31.0660 4292 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:43:31.0662 4292 KSecPkg - ok
21:43:31.0670 4292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:43:31.0671 4292 ksthunk - ok
21:43:31.0708 4292 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:43:31.0712 4292 KtmRm - ok
21:43:31.0731 4292 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:43:31.0734 4292 LanmanServer - ok
21:43:31.0760 4292 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:43:31.0762 4292 LanmanWorkstation - ok
21:43:31.0838 4292 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:43:31.0841 4292 LBTServ - ok
21:43:31.0870 4292 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
21:43:31.0871 4292 LEqdUsb - ok
21:43:31.0899 4292 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
21:43:31.0900 4292 LGBusEnum - ok
21:43:31.0914 4292 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
21:43:31.0915 4292 LGVirHid - ok
21:43:31.0929 4292 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
21:43:31.0930 4292 LHidEqd - ok
21:43:31.0934 4292 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:43:31.0936 4292 LHidFilt - ok
21:43:32.0004 4292 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:43:32.0005 4292 LightScribeService - ok
21:43:32.0014 4292 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:43:32.0016 4292 lltdio - ok
21:43:32.0033 4292 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:43:32.0037 4292 lltdsvc - ok
21:43:32.0044 4292 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:43:32.0045 4292 lmhosts - ok
21:43:32.0052 4292 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:43:32.0053 4292 LMouFilt - ok
21:43:32.0072 4292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:43:32.0073 4292 LSI_FC - ok
21:43:32.0078 4292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:43:32.0080 4292 LSI_SAS - ok
21:43:32.0089 4292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:43:32.0091 4292 LSI_SAS2 - ok
21:43:32.0100 4292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:43:32.0101 4292 LSI_SCSI - ok
21:43:32.0123 4292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:43:32.0124 4292 luafv - ok
21:43:32.0155 4292 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:43:32.0158 4292 LVRS64 - ok
21:43:32.0283 4292 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:43:32.0368 4292 LVUVC64 - ok
21:43:32.0430 4292 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:43:32.0432 4292 Mcx2Svc - ok
21:43:32.0452 4292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:43:32.0453 4292 megasas - ok
21:43:32.0472 4292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:43:32.0475 4292 MegaSR - ok
21:43:32.0492 4292 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:43:32.0494 4292 MMCSS - ok
21:43:32.0505 4292 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:43:32.0507 4292 Modem - ok
21:43:32.0542 4292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:43:32.0543 4292 monitor - ok
21:43:32.0561 4292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:43:32.0562 4292 mouclass - ok
21:43:32.0580 4292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:43:32.0581 4292 mouhid - ok
21:43:32.0598 4292 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:43:32.0599 4292 mountmgr - ok
21:43:32.0611 4292 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:43:32.0613 4292 mpio - ok
21:43:32.0626 4292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:43:32.0627 4292 mpsdrv - ok
21:43:32.0645 4292 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:43:32.0647 4292 MRxDAV - ok
21:43:32.0667 4292 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:43:32.0668 4292 mrxsmb - ok
21:43:32.0683 4292 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:43:32.0685 4292 mrxsmb10 - ok
21:43:32.0696 4292 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:43:32.0697 4292 mrxsmb20 - ok
21:43:32.0716 4292 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:43:32.0717 4292 msahci - ok
21:43:32.0725 4292 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:43:32.0727 4292 msdsm - ok
21:43:32.0738 4292 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:43:32.0740 4292 MSDTC - ok
21:43:32.0757 4292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:43:32.0758 4292 Msfs - ok
21:43:32.0770 4292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:43:32.0770 4292 mshidkmdf - ok
21:43:32.0782 4292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:43:32.0782 4292 msisadrv - ok
21:43:32.0810 4292 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:43:32.0813 4292 MSiSCSI - ok
21:43:32.0815 4292 msiserver - ok
21:43:32.0830 4292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:43:32.0832 4292 MSKSSRV - ok
21:43:32.0834 4292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:43:32.0834 4292 MSPCLOCK - ok
21:43:32.0847 4292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:43:32.0848 4292 MSPQM - ok
21:43:32.0872 4292 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:43:32.0875 4292 MsRPC - ok
21:43:32.0888 4292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:43:32.0888 4292 mssmbios - ok
21:43:32.0901 4292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:43:32.0901 4292 MSTEE - ok
21:43:32.0908 4292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:43:32.0909 4292 MTConfig - ok
21:43:32.0938 4292 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
21:43:32.0939 4292 MTsensor - ok
21:43:32.0954 4292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:43:32.0955 4292 Mup - ok
21:43:32.0971 4292 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:43:32.0976 4292 napagent - ok
21:43:33.0003 4292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:43:33.0006 4292 NativeWifiP - ok
21:43:33.0042 4292 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:43:33.0050 4292 NDIS - ok
21:43:33.0066 4292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:43:33.0067 4292 NdisCap - ok
21:43:33.0080 4292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:43:33.0081 4292 NdisTapi - ok
21:43:33.0099 4292 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:43:33.0100 4292 Ndisuio - ok
21:43:33.0121 4292 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:43:33.0124 4292 NdisWan - ok
21:43:33.0137 4292 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:43:33.0138 4292 NDProxy - ok
21:43:33.0175 4292 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
21:43:33.0176 4292 Net Driver HPZ12 - ok
21:43:33.0183 4292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:43:33.0183 4292 NetBIOS - ok
21:43:33.0201 4292 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:43:33.0203 4292 NetBT - ok
21:43:33.0218 4292 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:43:33.0219 4292 Netlogon - ok
21:43:33.0251 4292 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:43:33.0254 4292 Netman - ok
21:43:33.0266 4292 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:43:33.0270 4292 netprofm - ok
21:43:33.0322 4292 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:43:33.0323 4292 NetTcpPortSharing - ok
21:43:33.0332 4292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:43:33.0333 4292 nfrd960 - ok
21:43:33.0361 4292 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:43:33.0364 4292 NlaSvc - ok
21:43:33.0376 4292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:43:33.0376 4292 Npfs - ok
21:43:33.0379 4292 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:43:33.0380 4292 nsi - ok
21:43:33.0383 4292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:43:33.0383 4292 nsiproxy - ok
21:43:33.0438 4292 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:43:33.0466 4292 Ntfs - ok
21:43:33.0508 4292 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:43:33.0509 4292 Null - ok
21:43:33.0532 4292 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:43:33.0542 4292 nusb3hub - ok
21:43:33.0555 4292 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:43:33.0563 4292 nusb3xhc - ok
21:43:33.0604 4292 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
21:43:33.0607 4292 NVHDA - ok
21:43:34.0171 4292 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:43:34.0331 4292 nvlddmkm - ok
21:43:34.0429 4292 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:43:34.0431 4292 nvraid - ok
21:43:34.0437 4292 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:43:34.0439 4292 nvstor - ok
21:43:34.0480 4292 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
21:43:34.0488 4292 nvsvc - ok
21:43:34.0501 4292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:43:34.0503 4292 nv_agp - ok
21:43:34.0585 4292 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:43:34.0589 4292 odserv - ok
21:43:34.0599 4292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:43:34.0601 4292 ohci1394 - ok
21:43:34.0629 4292 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:43:34.0630 4292 ose - ok
21:43:34.0662 4292 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:43:34.0665 4292 p2pimsvc - ok
21:43:34.0690 4292 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:43:34.0695 4292 p2psvc - ok
21:43:34.0710 4292 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:43:34.0712 4292 Parport - ok
21:43:34.0727 4292 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:43:34.0728 4292 partmgr - ok
21:43:34.0774 4292 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:43:34.0775 4292 PassThru Service - ok
21:43:34.0784 4292 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:43:34.0787 4292 PcaSvc - ok
21:43:34.0798 4292 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:43:34.0799 4292 pci - ok
21:43:34.0811 4292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:43:34.0811 4292 pciide - ok
21:43:34.0824 4292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:43:34.0827 4292 pcmcia - ok
21:43:34.0839 4292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:43:34.0839 4292 pcw - ok
21:43:34.0859 4292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:43:34.0865 4292 PEAUTH - ok
21:43:34.0924 4292 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:43:34.0925 4292 PerfHost - ok
21:43:35.0005 4292 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:43:35.0026 4292 pla - ok
21:43:35.0052 4292 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:43:35.0057 4292 PlugPlay - ok
21:43:35.0116 4292 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
21:43:35.0117 4292 Pml Driver HPZ12 - ok
21:43:35.0119 4292 PnkBstrA - ok
21:43:35.0122 4292 PnkBstrB - ok
21:43:35.0134 4292 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:43:35.0136 4292 PNRPAutoReg - ok
21:43:35.0153 4292 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:43:35.0155 4292 PNRPsvc - ok
21:43:35.0175 4292 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:43:35.0179 4292 PolicyAgent - ok
21:43:35.0200 4292 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:43:35.0203 4292 Power - ok
21:43:35.0221 4292 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:43:35.0223 4292 PptpMiniport - ok
21:43:35.0249 4292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:43:35.0250 4292 Processor - ok
21:43:35.0274 4292 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:43:35.0278 4292 ProfSvc - ok
21:43:35.0291 4292 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:43:35.0292 4292 ProtectedStorage - ok
21:43:35.0321 4292 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:43:35.0323 4292 Psched - ok
21:43:35.0368 4292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:43:35.0387 4292 ql2300 - ok
21:43:35.0444 4292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:43:35.0446 4292 ql40xx - ok
21:43:35.0473 4292 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:43:35.0476 4292 QWAVE - ok
21:43:35.0485 4292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:43:35.0486 4292 QWAVEdrv - ok
21:43:35.0498 4292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:43:35.0500 4292 RasAcd - ok
21:43:35.0515 4292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:43:35.0516 4292 RasAgileVpn - ok
21:43:35.0526 4292 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:43:35.0528 4292 RasAuto - ok
21:43:35.0541 4292 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:43:35.0543 4292 Rasl2tp - ok
21:43:35.0562 4292 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:43:35.0566 4292 RasMan - ok
21:43:35.0583 4292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:43:35.0584 4292 RasPppoe - ok
21:43:35.0598 4292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:43:35.0600 4292 RasSstp - ok
21:43:35.0625 4292 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:43:35.0627 4292 rdbss - ok
21:43:35.0637 4292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:43:35.0638 4292 rdpbus - ok
21:43:35.0653 4292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:43:35.0654 4292 RDPCDD - ok
21:43:35.0672 4292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:43:35.0673 4292 RDPENCDD - ok
21:43:35.0686 4292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:43:35.0687 4292 RDPREFMP - ok
21:43:35.0713 4292 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:43:35.0722 4292 RDPWD - ok
21:43:35.0753 4292 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:43:35.0755 4292 rdyboost - ok
21:43:35.0778 4292 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:43:35.0781 4292 RemoteAccess - ok
21:43:35.0794 4292 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:43:35.0797 4292 RemoteRegistry - ok
21:43:35.0809 4292 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:43:35.0811 4292 RpcEptMapper - ok
21:43:35.0828 4292 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:43:35.0829 4292 RpcLocator - ok
21:43:35.0851 4292 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:43:35.0854 4292 RpcSs - ok
21:43:35.0869 4292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:43:35.0870 4292 rspndr - ok
21:43:35.0923 4292 RTCore64 (87d5781dff8ac2ef9bd41b60023bac50) D:\Programme\EVGA Precision X\RTCore64.sys
21:43:35.0923 4292 RTCore64 - ok
21:43:35.0981 4292 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:43:35.0982 4292 SamSs - ok
21:43:36.0000 4292 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:43:36.0001 4292 sbp2port - ok
21:43:36.0026 4292 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:43:36.0028 4292 SCardSvr - ok
21:43:36.0044 4292 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:43:36.0045 4292 scfilter - ok
21:43:36.0091 4292 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:43:36.0107 4292 Schedule - ok
21:43:36.0133 4292 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:43:36.0133 4292 SCPolicySvc - ok
21:43:36.0166 4292 scramby (cdde0b41d4c739b8c85e81c39a595a1a) C:\Windows\system32\drivers\scramby.sys
21:43:36.0167 4292 scramby - ok
21:43:36.0175 4292 scramby_out (3c9a97573d3b8a8450f92636d9846a74) C:\Windows\system32\drivers\scramby_out.sys
21:43:36.0177 4292 scramby_out - ok
21:43:36.0194 4292 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:43:36.0197 4292 SDRSVC - ok
21:43:36.0226 4292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:43:36.0227 4292 secdrv - ok
21:43:36.0236 4292 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:43:36.0237 4292 seclogon - ok
21:43:36.0246 4292 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:43:36.0248 4292 SENS - ok
21:43:36.0256 4292 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:43:36.0258 4292 SensrSvc - ok
21:43:36.0271 4292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:43:36.0272 4292 Serenum - ok
21:43:36.0308 4292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:43:36.0310 4292 Serial - ok
21:43:36.0331 4292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:43:36.0332 4292 sermouse - ok
21:43:36.0365 4292 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:43:36.0367 4292 SessionEnv - ok
21:43:36.0393 4292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:43:36.0394 4292 sffdisk - ok
21:43:36.0404 4292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:43:36.0405 4292 sffp_mmc - ok
21:43:36.0407 4292 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:43:36.0408 4292 sffp_sd - ok
21:43:36.0419 4292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:43:36.0420 4292 sfloppy - ok
21:43:36.0447 4292 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:43:36.0451 4292 ShellHWDetection - ok
21:43:36.0463 4292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:43:36.0464 4292 SiSRaid2 - ok
21:43:36.0476 4292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:43:36.0478 4292 SiSRaid4 - ok
21:43:36.0600 4292 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:43:36.0639 4292 Skype C2C Service - ok
21:43:36.0714 4292 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:43:36.0716 4292 SkypeUpdate - ok
21:43:36.0770 4292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:43:36.0771 4292 Smb - ok
21:43:36.0793 4292 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:43:36.0794 4292 SNMPTRAP - ok
21:43:36.0803 4292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:43:36.0803 4292 spldr - ok
21:43:36.0843 4292 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:43:36.0849 4292 Spooler - ok
21:43:36.0933 4292 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:43:36.0975 4292 sppsvc - ok
21:43:37.0015 4292 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:43:37.0017 4292 sppuinotify - ok
21:43:37.0052 4292 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:43:37.0055 4292 srv - ok
21:43:37.0083 4292 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:43:37.0086 4292 srv2 - ok
21:43:37.0139 4292 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:43:37.0141 4292 srvnet - ok
21:43:37.0165 4292 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:43:37.0168 4292 SSDPSRV - ok
21:43:37.0175 4292 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:43:37.0177 4292 SstpSvc - ok
21:43:37.0186 4292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:43:37.0187 4292 stexstor - ok
21:43:37.0224 4292 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:43:37.0230 4292 stisvc - ok
21:43:37.0253 4292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:43:37.0254 4292 swenum - ok
21:43:37.0271 4292 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:43:37.0276 4292 swprv - ok
21:43:37.0333 4292 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:43:37.0360 4292 SysMain - ok
21:43:37.0411 4292 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:43:37.0413 4292 TabletInputService - ok
21:43:37.0443 4292 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:43:37.0444 4292 taphss - ok
21:43:37.0464 4292 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:43:37.0468 4292 TapiSrv - ok
21:43:37.0486 4292 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:43:37.0488 4292 TBS - ok
21:43:37.0542 4292 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:43:37.0566 4292 Tcpip - ok
21:43:37.0733 4292 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:43:37.0740 4292 TCPIP6 - ok
21:43:37.0790 4292 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:43:37.0791 4292 tcpipreg - ok
21:43:37.0802 4292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:43:37.0803 4292 TDPIPE - ok
21:43:37.0823 4292 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:43:37.0825 4292 TDTCP - ok
21:43:37.0843 4292 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:43:37.0844 4292 tdx - ok
21:43:37.0849 4292 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:43:37.0850 4292 TermDD - ok
21:43:37.0893 4292 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:43:37.0899 4292 TermService - ok
21:43:37.0913 4292 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:43:37.0915 4292 Themes - ok
21:43:37.0936 4292 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:43:37.0937 4292 THREADORDER - ok
21:43:37.0974 4292 ToolkitDisk (5c248e03921137e131ac5f1459fd42c9) C:\Windows\system32\Drivers\toolkitdisk.sys
21:43:37.0980 4292 ToolkitDisk - ok
21:43:37.0994 4292 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:43:37.0996 4292 TrkWks - ok
21:43:38.0022 4292 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:43:38.0024 4292 TrustedInstaller - ok
21:43:38.0041 4292 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:43:38.0042 4292 tssecsrv - ok
21:43:38.0068 4292 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:43:38.0070 4292 TsUsbFlt - ok
21:43:38.0119 4292 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:43:38.0120 4292 tunnel - ok
21:43:38.0136 4292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:43:38.0137 4292 uagp35 - ok
21:43:38.0155 4292 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:43:38.0158 4292 udfs - ok
21:43:38.0168 4292 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:43:38.0170 4292 UI0Detect - ok
21:43:38.0186 4292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:43:38.0187 4292 uliagpkx - ok
21:43:38.0202 4292 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:43:38.0203 4292 umbus - ok
21:43:38.0214 4292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:43:38.0215 4292 UmPass - ok
21:43:38.0273 4292 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:43:38.0275 4292 UMVPFSrv - ok
21:43:38.0294 4292 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:43:38.0298 4292 upnphost - ok
21:43:38.0305 4292 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:43:38.0306 4292 usbaudio - ok
21:43:38.0314 4292 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:43:38.0315 4292 usbccgp - ok
21:43:38.0352 4292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:43:38.0354 4292 usbcir - ok
21:43:38.0367 4292 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:43:38.0368 4292 usbehci - ok
21:43:38.0388 4292 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:43:38.0392 4292 usbhub - ok
21:43:38.0403 4292 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:43:38.0404 4292 usbohci - ok
21:43:38.0424 4292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:43:38.0425 4292 usbprint - ok
21:43:38.0445 4292 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:43:38.0447 4292 usbscan - ok
21:43:38.0461 4292 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:43:38.0462 4292 USBSTOR - ok
21:43:38.0477 4292 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:43:38.0478 4292 usbuhci - ok
21:43:38.0492 4292 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:43:38.0493 4292 usb_rndisx - ok
21:43:38.0507 4292 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:43:38.0509 4292 UxSms - ok
21:43:38.0529 4292 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:43:38.0530 4292 VaultSvc - ok
21:43:38.0556 4292 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
21:43:38.0561 4292 VCSVADHWSer - ok
21:43:38.0573 4292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:43:38.0574 4292 vdrvroot - ok
21:43:38.0606 4292 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:43:38.0612 4292 vds - ok
21:43:38.0625 4292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:43:38.0627 4292 vga - ok
21:43:38.0635 4292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:43:38.0636 4292 VgaSave - ok
21:43:38.0648 4292 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:43:38.0651 4292 vhdmp - ok
21:43:38.0719 4292 VIAHdAudAddService (d928c90cc759499e916b8fb5b8f32ddc) C:\Windows\system32\drivers\viahduaa.sys
21:43:38.0751 4292 VIAHdAudAddService - ok
21:43:38.0809 4292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:43:38.0810 4292 viaide - ok
21:43:38.0820 4292 VIAKaraokeService (224153c26fabe55cd6d751bfdf94fd3b) C:\Windows\system32\viakaraokesrv.exe
21:43:38.0822 4292 VIAKaraokeService - ok
21:43:38.0841 4292 VMfilt (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
21:43:38.0842 4292 VMfilt - ok
21:43:38.0848 4292 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:43:38.0849 4292 volmgr - ok
21:43:38.0874 4292 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:43:38.0877 4292 volmgrx - ok
21:43:38.0892 4292 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:43:38.0895 4292 volsnap - ok
21:43:38.0913 4292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:43:38.0915 4292 vsmraid - ok
21:43:38.0970 4292 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:43:38.0997 4292 VSS - ok
21:43:39.0010 4292 vtany - ok
21:43:39.0047 4292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:43:39.0048 4292 vwifibus - ok
21:43:39.0078 4292 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:43:39.0082 4292 W32Time - ok
21:43:39.0097 4292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:43:39.0098 4292 WacomPen - ok
21:43:39.0119 4292 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:43:39.0120 4292 WANARP - ok
21:43:39.0122 4292 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:43:39.0123 4292 Wanarpv6 - ok
21:43:39.0172 4292 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:43:39.0199 4292 wbengine - ok
21:43:39.0277 4292 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:43:39.0280 4292 WbioSrvc - ok
21:43:39.0310 4292 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:43:39.0314 4292 wcncsvc - ok
21:43:39.0325 4292 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:43:39.0327 4292 WcsPlugInService - ok
21:43:39.0340 4292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:43:39.0342 4292 Wd - ok
21:43:39.0366 4292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:43:39.0371 4292 Wdf01000 - ok
21:43:39.0385 4292 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:43:39.0387 4292 WdiServiceHost - ok
21:43:39.0389 4292 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:43:39.0391 4292 WdiSystemHost - ok
21:43:39.0404 4292 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:43:39.0408 4292 WebClient - ok
21:43:39.0426 4292 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:43:39.0429 4292 Wecsvc - ok
21:43:39.0439 4292 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:43:39.0441 4292 wercplsupport - ok
21:43:39.0460 4292 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:43:39.0462 4292 WerSvc - ok
21:43:39.0472 4292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:43:39.0473 4292 WfpLwf - ok
21:43:39.0483 4292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:43:39.0484 4292 WIMMount - ok
21:43:39.0508 4292 WinDefend - ok
21:43:39.0512 4292 WinHttpAutoProxySvc - ok
21:43:39.0560 4292 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:43:39.0562 4292 Winmgmt - ok
21:43:39.0612 4292 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:43:39.0646 4292 WinRM - ok
21:43:39.0716 4292 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:43:39.0724 4292 Wlansvc - ok
21:43:39.0824 4292 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:43:39.0853 4292 wlidsvc - ok
21:43:39.0890 4292 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:43:39.0891 4292 WmBEnum - ok
21:43:39.0913 4292 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:43:39.0914 4292 WmFilter - ok
21:43:39.0920 4292 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
21:43:39.0921 4292 WmHidLo - ok
21:43:39.0932 4292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:43:39.0932 4292 WmiAcpi - ok
21:43:39.0948 4292 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:43:39.0950 4292 wmiApSrv - ok
21:43:39.0953 4292 WMPNetworkSvc - ok
21:43:39.0957 4292 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:43:39.0958 4292 WmVirHid - ok
21:43:39.0982 4292 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:43:39.0983 4292 WmXlCore - ok
21:43:39.0993 4292 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:43:39.0995 4292 WPCSvc - ok
21:43:40.0016 4292 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:43:40.0018 4292 WPDBusEnum - ok
21:43:40.0032 4292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:43:40.0032 4292 ws2ifsl - ok
21:43:40.0051 4292 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:43:40.0054 4292 wscsvc - ok
21:43:40.0055 4292 WSearch - ok
21:43:40.0123 4292 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:43:40.0153 4292 wuauserv - ok
21:43:40.0225 4292 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:43:40.0226 4292 WudfPf - ok
21:43:40.0247 4292 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:43:40.0250 4292 WUDFRd - ok
21:43:40.0261 4292 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:43:40.0263 4292 wudfsvc - ok
21:43:40.0277 4292 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:43:40.0281 4292 WwanSvc - ok
21:43:40.0301 4292 xsherlock - ok
21:43:40.0329 4292 yukonw7 (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
21:43:40.0332 4292 yukonw7 - ok
21:43:40.0361 4292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:43:40.0550 4292 \Device\Harddisk0\DR0 - ok
21:43:40.0553 4292 Boot (0x1200) (f667e5182b82f34498a106e880985fd1) \Device\Harddisk0\DR0\Partition0
21:43:40.0555 4292 \Device\Harddisk0\DR0\Partition0 - ok
21:43:40.0569 4292 Boot (0x1200) (5034d33a89e4491c9000d4a13b85280a) \Device\Harddisk0\DR0\Partition1
21:43:40.0570 4292 \Device\Harddisk0\DR0\Partition1 - ok
21:43:40.0570 4292 ============================================================
21:43:40.0570 4292 Scan finished
21:43:40.0570 4292 ============================================================
21:43:40.0576 5392 Detected object count: 0
21:43:40.0576 5392 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 21:45:25
-----------------------------
21:45:25.326 OS Version: Windows x64 6.1.7601 Service Pack 1
21:45:25.326 Number of processors: 6 586 0xA00
21:45:25.327 ComputerName: GAMING-PC UserName: Philipp
21:45:28.945 Initialize success
21:49:30.398 AVAST engine defs: 12062001
21:49:39.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
21:49:39.612 Disk 0 Vendor: ST3750528AS CC38 Size: 715404MB BusType: 3
21:49:39.636 Disk 0 MBR read successfully
21:49:39.637 Disk 0 MBR scan
21:49:39.639 Disk 0 Windows 7 default MBR code
21:49:39.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51200 MB offset 206848
21:49:39.660 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 664102 MB offset 105064448
21:49:39.688 Disk 0 scanning C:\Windows\system32\drivers
21:49:48.260 Service scanning
21:50:01.899 Modules scanning
21:50:01.903 Disk 0 trace - called modules:
21:50:01.921 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:50:01.923 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077e8060]
21:50:01.926 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> [0xfffffa800717f580]
21:50:01.928 5 ACPI.sys[fffff88000e847a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8006823680]
21:50:03.318 AVAST engine scan C:\Windows
21:50:04.669 AVAST engine scan C:\Windows\system32
21:51:26.957 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:51:28.401 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:52:26.135 AVAST engine scan C:\Windows\system32\drivers
21:52:35.501 AVAST engine scan C:\Users\Philipp
21:55:57.885 File: C:\Users\Philipp\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:Kryptik-IYV [Trj]
21:57:02.532 AVAST engine scan C:\ProgramData
21:58:20.563 Scan finished successfully
22:00:37.807 Disk 0 MBR has been saved successfully to "C:\Users\Philipp\Desktop\MBR.dat"
22:00:37.811 The log file has been saved successfully to "C:\Users\Philipp\Desktop\aswMBR.txt"



AVG Free Edition 2012 reports that my computer is infected with the virus: patched_c.lxt
The file which is infected is located at: C:/Windows/system32/services.exe and can't be deleted

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 20 June 2012 - 08:33 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 23 June 2012 - 07:03 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 23 June 2012 - 11:31 AM

I can't get into the System Recovery Options.

If i enter it via Windows installation disc, i can only choose Startup repair, nothing else :(

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 23 June 2012 - 12:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 June 2012 - 03:00 AM

I can't run Combofix, the computer restarts, but when Combofix starts an error appears: ! Incompatible O/S. Combofix only works for workstations with Windows 2000 and XP.

I'm running it at Windows 7 64-bit.


Now here's the log of FRST.

Scan result of Farbar Recovery Scan Tool Version: 21-06-2012
Ran by SYSTEM at 24-06-2012 10:13:29
Running from F:\
Windows 7 Home Premium (X64) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [EvtMgr6] D:\Programme\Logitech\SetPoint\SetPointP\SetPoint.exe /launchGaming [x]
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [3019376 2011-03-07] (VIA)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [RemoteControl9] d:\Programme\Cyberlink\PowerDVD9\PDVD9Serv.exe [x]
HKLM-x32\...\Run: [EVTUNE] D:\Programme\EVGA Precision X\Bundle\EVTune\EVTune.exe -silent [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\aquasuite.lnk
ShortcutTarget: aquasuite.lnk -> C:\Programme\Aqua Computer\aquasuite\aquasuite.exe (No File)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-03] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 VIAKaraokeService; C:\Windows\System32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
2 CLKMSVC10_BB1DDEDD; "C:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [x]

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [115824 2009-10-29] (JMicron Technology Corp.)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.sys [76056 2011-09-02] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.sys [15128 2011-09-02] (Logitech, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
3 scramby; C:\Windows\System32\Drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
3 scramby_out; C:\Windows\System32\Drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
3 ToolkitDisk; C:\Windows\System32\Drivers\ToolkitDisk.sys [62552 2011-09-12] (Toolkit Development, Ltd.)
3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
3 AIDA64Driver; \??\D:\Programme\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
3 RTCore64; \??\D:\Programme\EVGA Precision X\RTCore64.sys [x]
3 vtany; \??\C:\Windows\vtany.sys [x]
3 xsherlock; C:\Windows\system32\xsherlock.xem [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 08:45 - 2012-06-24 08:46 - 04566424 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2012-06-24 08:40 - 2012-06-24 08:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2C58E7BE-1434-4901-8AF1-10D6D7377931}
2012-06-23 08:59 - 2012-06-23 08:59 - 00000000 ____D C:\Users\Philipp\AppData\Local\{22FEB303-B1B4-4B95-9319-6FBEAAA4D93D}
2012-06-23 08:58 - 2012-06-23 08:59 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D205231F-D080-4081-A370-2786313FBF41}
2012-06-22 17:21 - 2012-06-22 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0CAEFC6B-A33F-4563-A082-468168E02BBC}
2012-06-22 17:20 - 2012-06-22 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\{02D2E351-AFCB-4D00-95D1-3C7C1269A266}
2012-06-22 13:11 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 13:11 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 13:11 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 13:11 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 13:11 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 13:11 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 13:11 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 13:10 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 13:10 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 13:08 - 2012-06-22 13:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F2DB0306-2A16-4B86-8096-F9DFF8138F4D}
2012-06-21 16:26 - 2012-06-21 16:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9AD37C80-D986-45DC-AEE1-CA4E9F2E5989}
2012-06-21 16:16 - 2012-06-21 16:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{489DF24A-6F7D-4762-8D1D-4176FBFDD3F4}
2012-06-20 21:38 - 2012-06-20 21:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{843D704C-B567-4A68-A5BC-CA4262367FA0}
2012-06-20 21:37 - 2012-06-20 21:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{BF8A482D-8885-4BEF-BC95-256B61F27E7B}
2012-06-20 16:16 - 2012-06-24 08:51 - 00000000 __SDC C:\32788R22FWJFW
2012-06-20 16:16 - 2012-06-24 08:50 - 00000000 ___DC C:\Qoobox
2012-06-20 16:16 - 2012-06-20 16:16 - 00000000 ____D C:\Windows\erdnt
2012-06-19 15:46 - 2012-06-19 15:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{EB4C4B95-94D2-4A97-9F56-1714A5EC9878}
2012-06-19 15:45 - 2012-06-19 15:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{588656FA-6609-4F0D-A708-3AF111F0136A}
2012-06-18 15:43 - 2012-06-18 15:43 - 00000000 ____D C:\Users\Philipp\AppData\Local\{8D1507C6-EEC1-4363-9255-B04A01BD11DD}
2012-06-17 17:00 - 2012-06-17 17:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F7CC23A1-4454-42D2-A977-EA094798FDFA}
2012-06-17 11:59 - 2012-06-17 11:59 - 00000000 ____A C:\Users\Philipp\defogger_reenable
2012-06-17 10:58 - 2012-06-17 10:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FD05BD94-B2D8-4E46-9644-BBE158B11FD6}
2012-06-17 10:34 - 2012-06-17 10:34 - 00000000 ____D C:\Windows\sysnative
2012-06-17 10:30 - 2009-07-14 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-17 09:51 - 2012-06-17 09:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DCB15CC7-CD53-4538-92A8-7C0D022558D5}
2012-06-16 20:36 - 2012-06-16 20:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-16 15:55 - 2012-06-16 15:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D773507D-C982-4278-B79F-7DD959245AC8}
2012-06-16 13:25 - 2012-06-16 13:25 - 00000000 ____D C:\Users\Philipp\AppData\Local\{ED4A5D3F-FF6F-47A4-AF85-1CF115C10A52}
2012-06-15 13:13 - 2012-06-15 13:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{759FDABA-564A-4DF9-8753-B14CF937B478}
2012-06-14 16:45 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-14 16:45 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-14 15:16 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 15:16 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 15:16 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 15:16 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 15:16 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 15:16 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 15:16 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 15:16 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 15:16 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 15:16 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 15:16 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 15:16 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 15:16 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 15:16 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 15:16 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 15:16 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 15:16 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 15:09 - 2012-06-14 15:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D5358912-E3FD-4E15-A5E5-E69EC5E1F048}
2012-06-14 15:09 - 2012-06-14 15:09 - 00000000 ____D C:\Users\Philipp\AppData\Local\{249EE2E3-852A-4183-991B-DA049A712777}
2012-06-13 16:14 - 2012-06-13 16:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DFC2F76D-8692-4921-AF40-5C80176E4D5B}
2012-06-13 16:14 - 2012-06-13 16:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A709C51-3AF8-4748-A343-43F5B64F24EF}
2012-06-12 16:08 - 2012-06-12 16:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C82DF501-AB3C-427A-87FF-0E38E27F4617}
2012-06-12 16:08 - 2012-06-12 16:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AEE0D567-53CF-457E-95AD-BC91B08B587A}
2012-06-11 15:45 - 2012-06-11 15:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A64403A-2CF5-4F2D-9EC6-1C30049264C7}
2012-06-11 15:44 - 2012-06-11 15:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D8E95872-AF46-45EB-9B08-32CB208B57CC}
2012-06-10 21:50 - 2012-06-10 21:50 - 00000000 ____D C:\Users\Philipp\Desktop\Hochzeit Fabian
2012-06-10 10:20 - 2012-06-10 10:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{349CBE51-7012-4083-B381-9A0B9E780031}
2012-06-10 10:20 - 2012-06-10 10:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{27C96A4C-2480-45D7-ADC2-61CA585439CE}
2012-06-09 18:14 - 2012-06-09 18:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F4ED7356-9989-4C6A-B4ED-822A4B0B7B19}
2012-06-09 18:14 - 2012-06-09 18:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A752BB94-C0BE-4771-973B-7BBA423DF02E}
2012-06-07 14:34 - 2012-06-07 14:34 - 00000000 ____D C:\Users\Philipp\AppData\Local\{25427C8A-EAB8-450F-B018-F366EB528D02}
2012-06-07 11:30 - 2012-06-07 11:30 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C02CB438-3904-404A-A225-5273264AF9C6}
2012-06-06 16:00 - 2012-06-06 16:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\{04FA8CC4-4704-4B39-8987-336AB9036865}
2012-06-06 16:00 - 2012-06-06 16:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D343BCA0-219D-4075-84B3-E8394543ED95}
2012-06-05 15:37 - 2012-06-05 15:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{79C998A0-C349-487A-9F98-4179366A4D69}
2012-06-05 15:36 - 2012-06-05 15:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9FEC4D8F-1019-4241-A0E7-81E70E91986E}
2012-06-04 15:48 - 2012-06-04 15:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9ABFB77B-8753-4993-8E46-C5B1263A3854}
2012-06-04 15:47 - 2012-06-04 15:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C2237B20-6A96-4DBE-8590-5CD8EFBA3A7A}
2012-06-03 13:07 - 2012-06-03 13:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F206A6E3-9D56-4B75-855A-34E4522134FE}
2012-06-03 13:07 - 2012-06-03 13:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{86452CC2-D3CD-4CBE-A3C8-171702A130CB}
2012-06-03 08:49 - 2012-06-03 08:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4F135D04-D6EF-4DBB-B9BB-5EB4A867D21C}
2012-06-02 23:44 - 2012-06-02 23:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E424C5EF-5D0B-43DC-BEC7-962E1519D435}
2012-06-02 23:44 - 2012-06-02 23:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{848FC7D8-C169-4FC3-8644-93901B908F28}
2012-06-02 12:34 - 2012-06-02 12:34 - 00000000 ____D C:\Program Files (x86)\WB Games
2012-06-02 11:26 - 2012-06-02 11:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E274CCCB-8C58-43D8-A5F7-F48E44BB3076}
2012-06-02 11:26 - 2012-06-02 11:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C4200986-86E5-4C35-9B99-8671505FB6F8}
2012-06-02 10:29 - 2012-06-02 10:29 - 00000000 ____D C:\Users\Philipp\Documents\WBGames
2012-06-02 10:23 - 2012-06-02 10:23 - 00000000 ____D C:\Users\Public\Documents\WBGames
2012-06-01 20:27 - 2012-06-01 20:27 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Day 1 Studios
2012-06-01 20:27 - 2012-06-01 20:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\ALI213
2012-06-01 16:11 - 2012-06-01 16:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{246626B6-8995-4385-AE85-944BF07036B2}
2012-06-01 16:11 - 2012-06-01 16:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3A9FEC7F-4ECE-4E38-86CB-25574AA61FF1}
2012-05-31 12:40 - 2012-05-31 12:41 - 00000000 ____D C:\Users\Philipp\AppData\Local\{876DC575-B0F3-4A30-B535-39C6151D6B7B}
2012-05-31 12:40 - 2012-05-31 12:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A9E0A7B-E4FF-46CC-9121-C0167A0AF92C}
2012-05-30 17:56 - 2012-05-30 17:56 - 00000000 ____D C:\Users\Philipp\Documents\4A Games
2012-05-30 13:15 - 2012-06-20 21:13 - 00000000 ____D C:\Users\Philipp\Documents\Vegas Movie Studio HD Platinum 11.0 Projekte
2012-05-30 13:05 - 2012-05-30 13:06 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6B4E5AF6-6D7F-4834-9412-750217FE3FC0}
2012-05-30 13:05 - 2012-05-30 13:05 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DB0B308F-D9D6-4F27-A36E-B63CBC59A221}
2012-05-29 22:34 - 2012-05-29 22:34 - 00000000 __RHD C:\Users\Philipp\AppData\Roaming\SecuROM
2012-05-29 21:12 - 2012-05-29 21:12 - 00226304 ____A (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2012-05-29 19:40 - 2012-05-30 17:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\4A Games
2012-05-29 08:13 - 2012-05-29 08:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C6D1EFFD-7F0C-42A3-BA81-30906BD320A6}
2012-05-29 08:13 - 2012-05-29 08:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6F2B4461-DB8D-46A8-8DF6-20C6A16A4794}
2012-05-28 11:38 - 2012-05-28 11:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5A08494B-395E-4339-93AB-25E90A705603}
2012-05-28 11:37 - 2012-05-28 11:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D468875F-6430-4226-A844-EBC8B11886D7}
2012-05-27 17:07 - 2012-05-27 17:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F5C159BD-FC37-4196-8C1F-B7713CF5ADA3}
2012-05-27 17:07 - 2012-05-27 17:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A6AC8DD5-EEAB-48D4-951E-D57E5BC60ADB}
2012-05-27 12:12 - 2012-05-27 12:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D962E5D3-9353-4AFC-A68B-1074B6244DBE}
2012-05-27 09:11 - 2012-05-27 09:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CEAE300E-8DFF-471B-BC82-A2F7BFD19363}
2012-05-26 14:58 - 2012-05-26 14:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{87C7BDEB-92F0-4448-A3AE-B18A7839EDDA}
2012-05-26 14:57 - 2012-05-26 14:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2EACDB52-280A-4918-A2BA-B9C3BB758945}
2012-05-26 13:10 - 2012-05-26 13:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CE55209F-689C-412E-AFD5-C35BFAFC36C9}
2012-05-25 23:03 - 2012-05-25 23:04 - 00000000 ____D C:\Users\Philipp\AppData\Local\{40E07E90-F95A-41F9-9769-C9F8EA3C6A2A}
2012-05-25 23:03 - 2012-05-25 23:03 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B85C1DAB-1983-4DB1-AA92-97747A9D4B7A}
2012-05-25 09:27 - 2012-05-25 09:28 - 00000000 ____D C:\Users\Philipp\AppData\Local\{354651F1-E548-4072-9E88-589AAAED6076}
2012-05-25 09:27 - 2012-05-25 09:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DC9BB43E-DABE-40F7-8A25-D472CFAAD3B8}


============ 3 Months Modified Files and Folders =============

2012-06-24 10:13 - 2012-06-24 10:13 - 00000000 ___DC C:\FRST
2012-06-24 09:09 - 2011-10-13 21:46 - 01494883 ____A C:\Windows\WindowsUpdate.log
2012-06-24 09:00 - 2009-07-14 05:45 - 00015600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 09:00 - 2009-07-14 05:45 - 00015600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 08:57 - 2009-07-14 18:58 - 00654150 ____A C:\Windows\System32\perfh007.dat
2012-06-24 08:57 - 2009-07-14 18:58 - 00130022 ____A C:\Windows\System32\perfc007.dat
2012-06-24 08:57 - 2009-07-14 06:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 08:54 - 2012-01-04 16:54 - 00000000 ____D C:\Program Files (x86)\ToolKitService
2012-06-24 08:53 - 2011-10-25 11:06 - 00068897 ____A C:\Windows\setupact.log
2012-06-24 08:53 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 08:51 - 2012-06-20 16:16 - 00000000 __SDC C:\32788R22FWJFW
2012-06-24 08:50 - 2012-06-20 16:16 - 00000000 ___DC C:\Qoobox
2012-06-24 08:46 - 2012-06-24 08:45 - 04566424 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2012-06-24 08:45 - 2011-10-14 15:36 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-24 08:45 - 2011-10-14 15:28 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-24 08:40 - 2012-06-24 08:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2C58E7BE-1434-4901-8AF1-10D6D7377931}
2012-06-23 23:38 - 2011-10-14 20:36 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Skype
2012-06-23 22:33 - 2011-10-15 12:51 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-23 22:33 - 2011-10-15 11:38 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-23 22:33 - 2011-10-15 11:38 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-23 08:59 - 2012-06-23 08:59 - 00000000 ____D C:\Users\Philipp\AppData\Local\{22FEB303-B1B4-4B95-9319-6FBEAAA4D93D}
2012-06-23 08:59 - 2012-06-23 08:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D205231F-D080-4081-A370-2786313FBF41}
2012-06-23 08:59 - 2011-10-13 19:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\Windows Live
2012-06-22 17:21 - 2012-06-22 17:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0CAEFC6B-A33F-4563-A082-468168E02BBC}
2012-06-22 17:21 - 2012-06-22 17:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{02D2E351-AFCB-4D00-95D1-3C7C1269A266}
2012-06-22 17:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 13:08 - 2012-06-22 13:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F2DB0306-2A16-4B86-8096-F9DFF8138F4D}
2012-06-21 16:26 - 2012-06-21 16:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9AD37C80-D986-45DC-AEE1-CA4E9F2E5989}
2012-06-21 16:16 - 2012-06-21 16:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{489DF24A-6F7D-4762-8D1D-4176FBFDD3F4}
2012-06-20 21:38 - 2012-06-20 21:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{843D704C-B567-4A68-A5BC-CA4262367FA0}
2012-06-20 21:38 - 2012-06-20 21:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{BF8A482D-8885-4BEF-BC95-256B61F27E7B}
2012-06-20 21:13 - 2012-05-30 13:15 - 00000000 ____D C:\Users\Philipp\Documents\Vegas Movie Studio HD Platinum 11.0 Projekte
2012-06-20 16:16 - 2012-06-20 16:16 - 00000000 ____D C:\Windows\erdnt
2012-06-19 15:46 - 2012-06-19 15:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{EB4C4B95-94D2-4A97-9F56-1714A5EC9878}
2012-06-19 15:46 - 2012-06-19 15:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\{588656FA-6609-4F0D-A708-3AF111F0136A}
2012-06-18 15:43 - 2012-06-18 15:43 - 00000000 ____D C:\Users\Philipp\AppData\Local\{8D1507C6-EEC1-4363-9255-B04A01BD11DD}
2012-06-17 17:00 - 2012-06-17 17:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F7CC23A1-4454-42D2-A977-EA094798FDFA}
2012-06-17 11:59 - 2012-06-17 11:59 - 00000000 ____A C:\Users\Philipp\defogger_reenable
2012-06-17 11:59 - 2011-10-13 21:46 - 00000000 ____D C:\users\Philipp
2012-06-17 11:54 - 2011-10-28 14:48 - 00000000 ____D C:\Users\All Users\Origin
2012-06-17 11:54 - 2011-10-14 15:36 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-17 11:54 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-17 11:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-06-17 11:02 - 2011-10-15 12:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\Paint.NET
2012-06-17 10:58 - 2012-06-17 10:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FD05BD94-B2D8-4E46-9644-BBE158B11FD6}
2012-06-17 10:34 - 2012-06-17 10:34 - 00000000 ____D C:\Windows\sysnative
2012-06-17 09:51 - 2012-06-17 09:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DCB15CC7-CD53-4538-92A8-7C0D022558D5}
2012-06-16 21:19 - 2012-01-11 11:19 - 00000000 __SHD C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}
2012-06-16 20:36 - 2012-06-16 20:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-16 15:55 - 2012-06-16 15:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D773507D-C982-4278-B79F-7DD959245AC8}
2012-06-16 13:25 - 2012-06-16 13:25 - 00000000 ____D C:\Users\Philipp\AppData\Local\{ED4A5D3F-FF6F-47A4-AF85-1CF115C10A52}
2012-06-15 15:15 - 2011-10-28 09:55 - 00006999 ____A C:\Windows\LkmdfCoInst.log
2012-06-15 15:15 - 2011-10-15 11:01 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-15 13:13 - 2012-06-15 13:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{759FDABA-564A-4DF9-8753-B14CF937B478}
2012-06-14 18:37 - 2009-07-14 05:45 - 00352248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 16:51 - 2011-10-23 15:07 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 16:48 - 2011-10-15 13:07 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 15:10 - 2012-06-14 15:09 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D5358912-E3FD-4E15-A5E5-E69EC5E1F048}
2012-06-14 15:09 - 2012-06-14 15:09 - 00000000 ____D C:\Users\Philipp\AppData\Local\{249EE2E3-852A-4183-991B-DA049A712777}
2012-06-13 16:14 - 2012-06-13 16:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DFC2F76D-8692-4921-AF40-5C80176E4D5B}
2012-06-13 16:14 - 2012-06-13 16:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A709C51-3AF8-4748-A343-43F5B64F24EF}
2012-06-12 16:08 - 2012-06-12 16:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C82DF501-AB3C-427A-87FF-0E38E27F4617}
2012-06-12 16:08 - 2012-06-12 16:08 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AEE0D567-53CF-457E-95AD-BC91B08B587A}
2012-06-11 15:45 - 2012-06-11 15:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A64403A-2CF5-4F2D-9EC6-1C30049264C7}
2012-06-11 15:45 - 2012-06-11 15:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D8E95872-AF46-45EB-9B08-32CB208B57CC}
2012-06-10 21:50 - 2012-06-10 21:50 - 00000000 ____D C:\Users\Philipp\Desktop\Hochzeit Fabian
2012-06-10 10:20 - 2012-06-10 10:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{349CBE51-7012-4083-B381-9A0B9E780031}
2012-06-10 10:20 - 2012-06-10 10:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{27C96A4C-2480-45D7-ADC2-61CA585439CE}
2012-06-09 18:15 - 2011-10-14 20:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-09 18:15 - 2011-10-14 20:36 - 00000000 ____D C:\Users\All Users\Skype
2012-06-09 18:14 - 2012-06-09 18:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F4ED7356-9989-4C6A-B4ED-822A4B0B7B19}
2012-06-09 18:14 - 2012-06-09 18:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A752BB94-C0BE-4771-973B-7BBA423DF02E}
2012-06-07 14:34 - 2012-06-07 14:34 - 00000000 ____D C:\Users\Philipp\AppData\Local\{25427C8A-EAB8-450F-B018-F366EB528D02}
2012-06-07 11:30 - 2012-06-07 11:30 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C02CB438-3904-404A-A225-5273264AF9C6}
2012-06-06 16:01 - 2012-06-06 16:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{04FA8CC4-4704-4B39-8987-336AB9036865}
2012-06-06 16:00 - 2012-06-06 16:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D343BCA0-219D-4075-84B3-E8394543ED95}
2012-06-05 15:43 - 2011-10-29 19:05 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-06-05 15:37 - 2012-06-05 15:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{79C998A0-C349-487A-9F98-4179366A4D69}
2012-06-05 15:37 - 2012-06-05 15:36 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9FEC4D8F-1019-4241-A0E7-81E70E91986E}
2012-06-04 15:48 - 2012-06-04 15:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9ABFB77B-8753-4993-8E46-C5B1263A3854}
2012-06-04 15:48 - 2012-06-04 15:47 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C2237B20-6A96-4DBE-8590-5CD8EFBA3A7A}
2012-06-04 15:45 - 2011-10-15 18:53 - 00009129 ____A C:\Windows\System32\lvcoinst.log
2012-06-03 21:20 - 2011-10-15 10:56 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2012-06-03 13:08 - 2012-06-03 13:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F206A6E3-9D56-4B75-855A-34E4522134FE}
2012-06-03 13:07 - 2012-06-03 13:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{86452CC2-D3CD-4CBE-A3C8-171702A130CB}
2012-06-03 08:49 - 2012-06-03 08:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4F135D04-D6EF-4DBB-B9BB-5EB4A867D21C}
2012-06-02 23:44 - 2012-06-02 23:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E424C5EF-5D0B-43DC-BEC7-962E1519D435}
2012-06-02 23:44 - 2012-06-02 23:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{848FC7D8-C169-4FC3-8644-93901B908F28}
2012-06-02 23:19 - 2012-06-22 13:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-22 13:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-22 13:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-22 13:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-22 13:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-22 13:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-22 13:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 13:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 13:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:25 - 2011-10-15 12:31 - 00000000 __RHD C:\Users\Philipp\Desktop\Games
2012-06-02 12:40 - 2011-10-13 22:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-02 12:34 - 2012-06-02 12:34 - 00000000 ____D C:\Program Files (x86)\WB Games
2012-06-02 11:26 - 2012-06-02 11:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E274CCCB-8C58-43D8-A5F7-F48E44BB3076}
2012-06-02 11:26 - 2012-06-02 11:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C4200986-86E5-4C35-9B99-8671505FB6F8}
2012-06-02 10:29 - 2012-06-02 10:29 - 00000000 ____D C:\Users\Philipp\Documents\WBGames
2012-06-02 10:23 - 2012-06-02 10:23 - 00000000 ____D C:\Users\Public\Documents\WBGames
2012-06-01 20:27 - 2012-06-01 20:27 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Day 1 Studios
2012-06-01 20:27 - 2012-06-01 20:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\ALI213
2012-06-01 20:17 - 2011-10-28 09:05 - 00424382 ____A C:\Windows\DirectX.log
2012-06-01 16:12 - 2012-06-01 16:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{246626B6-8995-4385-AE85-944BF07036B2}
2012-06-01 16:11 - 2012-06-01 16:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3A9FEC7F-4ECE-4E38-86CB-25574AA61FF1}
2012-05-31 12:41 - 2012-05-31 12:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\{876DC575-B0F3-4A30-B535-39C6151D6B7B}
2012-05-31 12:40 - 2012-05-31 12:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0A9E0A7B-E4FF-46CC-9121-C0167A0AF92C}
2012-05-30 17:56 - 2012-05-30 17:56 - 00000000 ____D C:\Users\Philipp\Documents\4A Games
2012-05-30 17:53 - 2012-05-29 19:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\4A Games
2012-05-30 13:06 - 2012-05-30 13:05 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6B4E5AF6-6D7F-4834-9412-750217FE3FC0}
2012-05-30 13:05 - 2012-05-30 13:05 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DB0B308F-D9D6-4F27-A36E-B63CBC59A221}
2012-05-29 22:34 - 2012-05-29 22:34 - 00000000 __RHD C:\Users\Philipp\AppData\Roaming\SecuROM
2012-05-29 21:12 - 2012-05-29 21:12 - 00226304 ____A (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2012-05-29 08:13 - 2012-05-29 08:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C6D1EFFD-7F0C-42A3-BA81-30906BD320A6}
2012-05-29 08:13 - 2012-05-29 08:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6F2B4461-DB8D-46A8-8DF6-20C6A16A4794}
2012-05-28 11:38 - 2012-05-28 11:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5A08494B-395E-4339-93AB-25E90A705603}
2012-05-28 11:38 - 2012-05-28 11:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D468875F-6430-4226-A844-EBC8B11886D7}
2012-05-27 17:07 - 2012-05-27 17:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F5C159BD-FC37-4196-8C1F-B7713CF5ADA3}
2012-05-27 17:07 - 2012-05-27 17:07 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A6AC8DD5-EEAB-48D4-951E-D57E5BC60ADB}
2012-05-27 12:12 - 2012-05-27 12:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D962E5D3-9353-4AFC-A68B-1074B6244DBE}
2012-05-27 09:11 - 2012-05-27 09:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CEAE300E-8DFF-471B-BC82-A2F7BFD19363}
2012-05-26 14:58 - 2012-05-26 14:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{87C7BDEB-92F0-4448-A3AE-B18A7839EDDA}
2012-05-26 14:58 - 2012-05-26 14:57 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2EACDB52-280A-4918-A2BA-B9C3BB758945}
2012-05-26 13:10 - 2012-05-26 13:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CE55209F-689C-412E-AFD5-C35BFAFC36C9}
2012-05-25 23:04 - 2012-05-25 23:03 - 00000000 ____D C:\Users\Philipp\AppData\Local\{40E07E90-F95A-41F9-9769-C9F8EA3C6A2A}
2012-05-25 23:03 - 2012-05-25 23:03 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B85C1DAB-1983-4DB1-AA92-97747A9D4B7A}
2012-05-25 09:28 - 2012-05-25 09:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{354651F1-E548-4072-9E88-589AAAED6076}
2012-05-25 09:27 - 2012-05-25 09:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DC9BB43E-DABE-40F7-8A25-D472CFAAD3B8}
2012-05-24 16:58 - 2012-05-24 16:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E11ED031-3DAF-4478-AD31-4157AC1AF337}
2012-05-24 16:58 - 2012-05-24 16:58 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5E6A0B89-FB30-4C2A-8489-00FA27C089F7}
2012-05-23 13:11 - 2012-05-23 13:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E198A47E-261B-4607-9D3F-BAD238E52019}
2012-05-23 13:11 - 2012-05-23 13:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2310AC77-A53E-467C-8776-30ABFEC1D595}
2012-05-22 20:13 - 2011-12-29 23:07 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\vlc
2012-05-22 14:30 - 2012-05-22 14:30 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DA4D514F-EFF9-4ACB-958A-E3CBF8CE7181}
2012-05-22 14:30 - 2012-05-22 14:30 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5E4393FE-987C-4CF2-B4CD-5A9016BBBED3}
2012-05-21 16:51 - 2012-05-21 16:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FEE8EB12-D31F-42DA-B8F8-2492DF3D3C8C}
2012-05-21 16:51 - 2012-05-21 16:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{74EE0807-224C-4739-A42A-A5698D2C4002}
2012-05-21 16:35 - 2012-05-21 16:35 - 00000000 ____D C:\Users\Philipp\Documents\EA Games
2012-05-21 16:33 - 2012-05-21 16:33 - 00000000 ____D C:\Users\Philipp\AppData\Local\EA Games
2012-05-21 16:33 - 2012-05-21 16:32 - 00000000 ____D C:\Users\All Users\Solidshield
2012-05-20 16:01 - 2012-05-20 16:01 - 00000000 ____D C:\Users\Philipp\Documents\Nexus Mod Manager
2012-05-20 15:51 - 2012-05-20 15:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D1448B03-FC93-4633-9817-CC09A681B889}
2012-05-20 15:51 - 2012-05-20 15:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4B08D385-4E52-416A-A720-301ACCFFE67F}
2012-05-19 20:31 - 2012-05-19 20:31 - 00000000 ____D C:\Users\Philipp\AppData\Local\Black_Tree_Gaming
2012-05-19 14:13 - 2012-05-19 14:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{929A4D5A-DA87-4265-9621-7867F687E9E7}
2012-05-19 14:12 - 2012-05-19 14:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{77A922D3-7EB4-4136-B1CA-15B1CFB0780A}
2012-05-18 10:17 - 2012-05-18 10:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{72ADA7D6-5FB0-4600-9AE8-8691394EDDE5}
2012-05-18 10:16 - 2012-05-18 10:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{89C2BE76-4104-4234-8BD4-885D4A8B3D9D}
2012-05-18 07:10 - 2012-05-18 07:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E9422111-1358-43EA-BBEF-4AF595B5831F}
2012-05-18 06:27 - 2012-05-18 06:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{747967C8-AEB5-40F9-B870-53868FCC9157}
2012-05-17 16:12 - 2012-05-17 16:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{1CF16E1D-9D38-4FB4-BCBC-E9801D52D687}
2012-05-17 16:12 - 2012-05-17 16:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{00E3B5DE-1C6A-4936-B3CA-BBCDBDB0910D}
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A82B4FBB-3BBF-475F-97E1-19E8FB649E63}
2012-05-16 19:53 - 2012-05-16 19:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5533B88B-B7D3-4A4A-A4D8-19E29D366402}
2012-05-15 18:26 - 2012-05-15 18:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{7753B399-91BD-455E-8463-F7678B4AAAD2}
2012-05-15 16:03 - 2012-05-15 16:03 - 00000000 ____D C:\Users\Philipp\AppData\Local\{32DD00B7-41B5-45A9-89EF-1D3D1219C430}
2012-05-15 02:32 - 2012-06-14 15:16 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 16:00 - 2012-05-14 16:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{96F508E3-8730-4016-B42B-C558E88E1F6E}
2012-05-14 16:00 - 2012-05-14 16:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{31D27FDA-2D4F-4529-9F0D-56D26D451D7B}
2012-05-13 17:54 - 2012-05-13 17:54 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A90FD72F-0278-4AED-AB55-7BF6969FD195}
2012-05-13 17:54 - 2012-05-13 17:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5D31016A-CC73-4A96-8CE4-251E7D5FCBB4}
2012-05-13 10:00 - 2012-05-13 10:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{10CAE9EC-CB66-421B-BF4C-35E646AB62F3}
2012-05-12 18:33 - 2012-05-12 18:33 - 00000000 ____D C:\Users\Philipp\AppData\Local\{18C2853C-3113-4079-937D-D850B2CD96FA}
2012-05-12 18:33 - 2012-05-12 18:32 - 00000000 ____D C:\Users\Philipp\AppData\Local\{59A85269-800A-4CDE-8FC9-CF57B6BB7B1F}
2012-05-12 17:34 - 2012-05-12 17:34 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6346E97B-E46A-4577-9227-818A2C96D156}
2012-05-12 17:34 - 2012-05-12 17:33 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0573F407-746A-4707-9A95-76A95110400F}
2012-05-12 10:31 - 2012-05-12 10:31 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CDB74869-F837-4A11-8EB0-C74EBDFD6BF7}
2012-05-11 19:18 - 2012-05-11 19:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AF680A8E-917F-4F62-88B2-AED5838C2959}
2012-05-11 19:18 - 2012-05-11 19:17 - 00000000 ____D C:\Users\Philipp\AppData\Local\{BF948944-813B-4E35-87A3-225C395912DF}
2012-05-10 22:25 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 21:36 - 2012-05-10 21:36 - 00000000 ____D C:\Program Files\DivX
2012-05-10 21:36 - 2012-05-10 21:35 - 00000000 ____D C:\Program Files (x86)\DivX
2012-05-10 21:36 - 2012-05-10 21:34 - 00000000 ____D C:\Users\All Users\DivX
2012-05-10 17:17 - 2012-05-10 17:17 - 00000000 ____D C:\Users\Philipp\AppData\Local\{114EA068-AA7D-4480-9818-95F858AC45CC}
2012-05-10 17:17 - 2012-05-10 17:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C65D3B5C-027B-472D-918B-94F2F72F9C48}
2012-05-10 16:21 - 2012-05-10 16:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\{0DBEBD90-133C-4D50-8E97-C88F788B804E}
2012-05-09 20:23 - 2012-05-09 20:23 - 00000000 ____D C:\Users\Philipp\AppData\Local\{92BD273E-0288-4B12-9D59-40AB2DA4AFB5}
2012-05-09 20:23 - 2012-05-09 20:23 - 00000000 ____D C:\Users\Philipp\AppData\Local\{537C5BE1-1395-4B3D-9961-086FB5198D16}
2012-05-09 02:19 - 2012-05-09 02:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D099AB7F-357F-4CD1-BE32-7A71F94C9843}
2012-05-09 02:18 - 2012-05-09 02:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3661574E-3CCD-4338-A5CD-CB8FD3FE914A}
2012-05-08 11:13 - 2012-05-08 11:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FFBBAE4D-C04E-40A8-AD0E-AA8AD2009FF1}
2012-05-08 11:13 - 2012-05-08 11:13 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AD6A44DD-9621-42FE-89D0-29C6943052F4}
2012-05-07 16:25 - 2012-05-07 16:25 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4D5206D9-057C-452C-9B23-665624047C16}
2012-05-07 16:25 - 2012-05-07 16:24 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CA3D65E2-608B-47F7-89E5-9A8EB3CEC974}
2012-05-06 23:37 - 2012-05-06 23:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DFB2D926-A5C2-49CF-B5EF-5A65C1DEDC4D}
2012-05-06 23:37 - 2012-05-06 23:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4FE89199-F5E0-48DD-BFF9-1ED52F08222A}
2012-05-06 10:10 - 2012-05-06 10:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9EE7DAAF-69B9-41FA-B929-2D2594A00B77}
2012-05-06 10:10 - 2012-05-06 10:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{279D16F1-1F6B-4D69-BC07-9EE1919764E5}
2012-05-06 00:49 - 2012-05-06 00:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4CE865AB-16EE-4627-87AD-43813D46B304}
2012-05-06 00:38 - 2012-05-06 00:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{55AC623D-0838-47BB-A8DB-42FBB8E6C3EE}
2012-05-05 23:15 - 2012-05-05 23:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4C34FD2D-14F7-41C0-A60F-ECB91B7D95C7}
2012-05-05 09:57 - 2012-05-05 09:57 - 00000000 ____D C:\Users\Philipp\AppData\Local\{90DCCDC6-51E9-40E9-899A-EEE2895A9A33}
2012-05-05 09:57 - 2012-05-05 09:56 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C69186D5-08F8-4B6D-AA63-7B8DF4CB15A0}
2012-05-05 08:04 - 2012-05-05 08:04 - 00000000 ____D C:\Users\Philipp\AppData\Local\{BCA24AE4-0336-4DE8-BCDB-84413BE0F7C0}
2012-05-04 12:06 - 2012-06-14 15:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 12:00 - 2012-06-14 16:45 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 11:03 - 2012-06-14 15:16 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-14 15:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 10:59 - 2012-06-14 16:45 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-04 09:11 - 2012-05-04 09:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{054FEF25-A619-4444-842F-6E387D67D8C7}
2012-05-04 09:10 - 2012-05-04 09:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9CAA85C3-7E62-46E1-8C07-E9ECD3F36E85}
2012-05-03 19:36 - 2012-03-08 23:39 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Youtube Downloader HD
2012-05-03 11:14 - 2012-05-03 11:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B4D49049-2DB4-4F29-81F9-C20929D7CE28}
2012-05-03 11:14 - 2012-05-03 11:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6B29B48D-1E00-42ED-AF0A-E90432CFF439}
2012-05-03 10:25 - 2012-05-03 10:25 - 00000000 ____D C:\Users\Philipp\AppData\Local\{71CBD3D8-A4F2-4AE7-B56E-DBAA6B439505}
2012-05-02 11:09 - 2012-05-02 11:09 - 00000000 ____D C:\Users\Philipp\AppData\Local\{EB0642C6-B4D8-434F-96DE-B9088D88D5F9}
2012-05-02 11:09 - 2012-05-02 11:09 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B966FC27-4947-420C-B596-13CC5306236C}
2012-05-01 17:02 - 2012-05-01 17:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AE04E62E-1C72-4044-8EE6-89F4FCB8DB5E}
2012-05-01 17:01 - 2012-05-01 17:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B6C70CE0-7FAC-4879-AA47-B66C57F078B3}
2012-05-01 09:42 - 2012-05-01 09:42 - 00000000 ____D C:\Users\Philipp\AppData\Local\{1AFD31E6-955A-4DAF-BFA6-9A4587352FA7}
2012-05-01 06:40 - 2012-06-14 15:16 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 08:34 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-29 16:11 - 2012-04-29 16:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{4E39A795-8D02-47AB-8A2D-1BD1F66FD879}
2012-04-29 16:11 - 2012-04-29 16:10 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DA671965-6956-47F1-BAA1-78727B60603A}
2012-04-29 10:26 - 2011-10-13 18:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-29 10:25 - 2011-10-13 18:51 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-04-29 10:25 - 2011-10-13 18:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-29 10:25 - 2011-10-13 18:49 - 00000000 ____D C:\NVIDIA
2012-04-29 09:15 - 2012-04-29 09:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9B7E5685-7259-452D-8510-B9974E529D35}
2012-04-28 10:27 - 2012-04-28 10:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3924ED8C-59DE-46D4-A103-83BC57D33798}
2012-04-28 10:27 - 2012-04-28 10:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\{F8C4C9CA-0672-4F0F-AAD4-BE3AD059D9EF}
2012-04-28 09:18 - 2012-04-28 09:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\{228391AE-76A8-44B7-915A-58433C554B13}
2012-04-28 04:55 - 2012-06-14 15:16 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:55 - 2012-04-27 10:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A1C00F23-4E9F-4997-8EAA-09CEEF1E35B6}
2012-04-27 10:55 - 2012-04-27 10:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{977EF507-B371-4EDE-B96E-ADA72FC85151}
2012-04-27 10:05 - 2012-04-27 10:05 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B6D03A69-7632-448D-87C5-4D125ECE0717}
2012-04-26 15:42 - 2012-04-26 15:42 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AC9C2E58-AE26-42BE-B50E-7837724E7E84}
2012-04-26 15:42 - 2012-04-26 15:42 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3843CC1E-FADD-4711-B21D-3B0C7D297FDF}
2012-04-26 13:14 - 2012-04-26 13:14 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5DE8F5FF-545A-4B48-B039-44548C2BD40F}
2012-04-26 06:41 - 2012-06-14 15:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:41 - 2012-06-14 15:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:34 - 2012-06-14 15:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 16:28 - 2012-04-25 16:28 - 00000000 ____D C:\Users\Philipp\AppData\Local\{9AB583C2-ECCD-4260-B366-E9711DEA944B}
2012-04-25 16:28 - 2012-04-25 16:28 - 00000000 ____D C:\Users\Philipp\AppData\Local\{1BBE170E-B4E5-4032-B40C-ABB02DED265B}
2012-04-24 21:37 - 2012-04-24 21:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FAF158A3-3DFE-4570-8357-8106BA659A39}
2012-04-24 21:37 - 2012-04-24 21:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{95772775-D3DC-46F1-800C-F5C298BD44B9}
2012-04-24 20:54 - 2012-04-24 20:54 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D535127B-C0B3-4343-874B-D845E5FC5852}
2012-04-24 19:15 - 2012-04-24 19:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E4D7DF0F-2D53-4C06-83AA-DFE14DC667C3}
2012-04-24 18:44 - 2012-04-24 18:44 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6A936E3F-3A68-4F61-AC69-C5248DE02839}
2012-04-24 06:37 - 2012-06-14 15:16 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:37 - 2012-06-14 15:16 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:37 - 2012-06-14 15:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 05:36 - 2012-06-14 15:16 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 05:36 - 2012-06-14 15:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 05:36 - 2012-06-14 15:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 17:49 - 2012-04-23 17:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{994694EB-FFB7-4EA7-B0C4-AC0095D465F5}
2012-04-23 17:49 - 2012-04-23 17:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{451ED32F-F96F-442E-B1E7-C24967E9C0C7}
2012-04-23 16:57 - 2012-04-23 16:57 - 00000000 ____D C:\Users\Philipp\AppData\Local\{60904801-B326-41D8-BE10-4805AB047135}
2012-04-22 19:12 - 2012-04-22 19:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DB384CC2-1D6E-4E3E-939C-E93F6F2CAD84}
2012-04-22 19:11 - 2012-04-22 19:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5A568B47-F634-4F4A-9DE3-CD1DDE22E885}
2012-04-22 17:34 - 2012-04-22 17:34 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A23D9539-5E44-4C3A-B17B-63A84E7F2901}
2012-04-22 12:15 - 2012-04-22 12:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6CF5FFA1-4E4C-4346-834F-395505FA2681}
2012-04-22 09:46 - 2012-04-22 09:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D4708A83-5E88-4C02-A66C-E518F8926118}
2012-04-21 21:15 - 2012-04-21 21:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A8EB73B3-63D4-465D-8503-28075C7EF147}
2012-04-21 11:40 - 2012-04-21 11:40 - 00000000 ____D C:\Users\Philipp\Desktop\BMW M3
2012-04-21 11:40 - 2012-04-21 11:40 - 00000000 ____D C:\Users\Philipp\Desktop\2011
2012-04-21 11:40 - 2012-04-21 11:39 - 00000000 ____D C:\Users\Philipp\Desktop\Vogelsberg Rallye 2012
2012-04-21 08:16 - 2012-04-21 08:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{1A265365-9C3E-401B-8787-B19E77F5230B}
2012-04-21 08:15 - 2012-04-21 08:15 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5F8222F5-2D84-4071-AEFF-8F93447E8955}
2012-04-20 15:53 - 2012-04-20 15:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E103AC03-A356-4FAF-994D-618501BAAF26}
2012-04-20 15:53 - 2012-04-20 15:52 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5D7F46D8-A801-4958-A17C-7AB2EE308399}
2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{7B400078-23C4-4D31-BC4A-43F85696D8C3}
2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Philipp\AppData\Local\{7822D21B-C008-47C7-BE06-5C43C09A4E0C}
2012-04-17 20:50 - 2012-04-17 20:50 - 00000000 ____D C:\Users\Philipp\AppData\Local\{8A6AB6C6-EF10-4E8E-A174-4E7041D5230C}
2012-04-17 20:49 - 2012-04-17 20:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{02264BD6-D6A5-4712-8E94-6CA2D2804748}
2012-04-17 18:50 - 2012-04-17 18:50 - 00000000 ____D C:\Users\Philipp\AppData\Local\{8CCDC839-44A3-47B3-B238-712D0E973404}
2012-04-16 16:58 - 2012-03-03 10:05 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-15 18:12 - 2012-04-15 18:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{667E6416-D440-4F27-9315-DF7A09C6EFC3}
2012-04-15 18:12 - 2012-04-15 18:12 - 00000000 ____D C:\Users\Philipp\AppData\Local\{52DECE1C-180C-47FD-B745-F9926E99D2AD}
2012-04-15 08:39 - 2012-04-15 08:39 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B27CAFEB-F219-461E-95D5-03909856605C}
2012-04-15 08:39 - 2012-04-15 08:38 - 00000000 ____D C:\Users\Philipp\AppData\Local\{ACA60183-302D-44F7-A09A-8251B53361D5}
2012-04-14 23:53 - 2011-10-13 20:04 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-14 23:52 - 2012-04-14 23:52 - 00000000 ____D C:\Program Files\Windows Live
2012-04-14 23:51 - 2012-04-14 23:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DFF44BCB-BCA5-4953-828D-A18AB33F67A1}
2012-04-14 23:51 - 2012-04-14 23:51 - 00000000 ____D C:\Users\Philipp\AppData\Local\{CC99675D-7F70-4D11-8E5C-AC4C141D335B}
2012-04-14 22:55 - 2012-04-14 22:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{E49C48B6-6DD8-4973-A3E7-6FBEDCFD5E13}
2012-04-14 19:42 - 2012-04-14 19:42 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B72640B9-9E72-41AF-8F76-FD3CDFFAAB55}
2012-04-14 18:45 - 2012-04-14 18:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FC9B71CD-FA0F-45AC-A799-D3138FEA6BFD}
2012-04-14 13:56 - 2012-04-14 13:56 - 00000000 ____D C:\Users\Philipp\AppData\Local\{41513E38-8CA8-4045-B60D-3059C3D85018}
2012-04-14 11:21 - 2012-04-14 11:21 - 00000000 ____D C:\Users\Philipp\AppData\Local\{2F8A9F1A-736A-4809-94CC-1131AD12C926}
2012-04-14 11:21 - 2012-04-14 11:20 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FDB2B56B-33FA-4541-A56F-F472BB34D01E}
2012-04-12 19:58 - 2012-04-12 19:57 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D52743B6-D5C4-4010-9890-2AF38FAECC1A}
2012-04-12 13:16 - 2012-04-12 13:16 - 00000000 ____D C:\Users\Philipp\AppData\Local\{824ACBBF-B362-4FED-A54E-27EF88804D38}
2012-04-11 20:46 - 2012-04-11 20:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{5A0BCBB4-B234-47A0-90EC-811A0B35A818}
2012-04-11 19:47 - 2012-04-11 19:47 - 00000000 ____D C:\Users\Philipp\AppData\Local\{C6D9F97A-5DF4-41A3-A725-1A3796314943}
2012-04-11 10:05 - 2011-10-21 11:01 - 00000000 ____D C:\Windows\pss
2012-04-10 21:01 - 2012-04-10 21:01 - 00000000 ____D C:\Users\Philipp\Documents\My Games
2012-04-10 21:01 - 2012-04-10 21:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\Skyrim
2012-04-10 19:49 - 2012-04-10 19:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{76DB1F35-B683-425F-866D-6BCE8B400D38}
2012-04-09 14:37 - 2012-04-09 14:37 - 00000000 ____D C:\Users\Philipp\AppData\Local\{BA427327-A0F8-4E50-8F92-0972E55FBEB1}
2012-04-08 14:21 - 2012-04-08 14:21 - 00000000 ____D C:\Users\All Users\Aqua Computer GmbH & Co. KG
2012-04-08 14:20 - 2012-04-08 14:20 - 00000000 ____D C:\Users\All Users\Aqua Computer
2012-04-08 13:53 - 2012-04-08 13:53 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D97F6447-3A65-49D2-BBB0-9EC96F21B09D}
2012-04-07 13:31 - 2012-06-14 15:16 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 12:26 - 2012-06-14 15:16 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-07 00:50 - 2012-04-07 00:50 - 00000000 ____D C:\Users\Philipp\AppData\Local\{519DBD90-1DCE-4A58-ACF1-22E7118901C5}
2012-04-06 12:48 - 2012-04-06 12:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{6CF77E2A-8510-4F2B-A431-4F8AA69548E7}
2012-04-05 13:48 - 2012-04-05 13:47 - 00000000 ____D C:\Users\Philipp\AppData\Local\{EB21D448-BEDE-4726-B634-F165051E861C}
2012-04-04 22:51 - 2012-04-04 22:50 - 00000000 ____D C:\Users\Philipp\AppData\Local\{52D19FF8-1607-40EC-BFE3-7FFFD8B95695}
2012-04-04 10:05 - 2012-04-04 10:04 - 00000000 ____D C:\Users\Philipp\AppData\Local\{AF47B9B2-1605-42AD-8FDA-B5B39A7E4EE1}
2012-04-03 10:49 - 2012-04-03 10:49 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D2880162-747D-472C-A77A-7CE738176184}
2012-04-02 18:28 - 2012-04-02 18:28 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3810C763-2883-4A17-BED3-F8CF893A91FC}
2012-04-02 12:29 - 2012-04-02 12:29 - 00000000 ____D C:\Users\Philipp\AppData\Local\{FF2E993D-86C0-4983-93DB-7129D786B802}
2012-04-01 18:50 - 2012-04-01 18:50 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3D1B9E7C-A2E9-43C9-AFF3-D02A11AF34E1}
2012-04-01 18:48 - 2011-10-25 11:05 - 00013064 ____A C:\Windows\PFRO.log
2012-03-31 23:43 - 2012-03-31 23:43 - 00000000 ____D C:\Users\All Users\RapidSolution
2012-03-31 23:11 - 2012-03-31 23:03 - 00000000 ____D C:\Users\Philipp\AppData\Local\SkypeFx
2012-03-31 22:57 - 2012-03-31 22:57 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Avnex
2012-03-31 22:45 - 2012-03-31 22:45 - 00000000 ____D C:\Users\Philipp\AppData\Local\Logitech
2012-03-31 22:44 - 2011-10-15 10:56 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Logishrd
2012-03-31 21:48 - 2012-03-31 21:48 - 00000000 ____D C:\Users\Philipp\AppData\Local\{B2C90609-20C8-47F2-99BD-4E35A4835520}
2012-03-31 16:46 - 2012-03-31 16:46 - 00000000 ____D C:\Users\Philipp\AppData\Local\{849C15A4-17F9-4395-ACD3-3E9E598B0E25}
2012-03-31 10:30 - 2012-03-31 10:30 - 00000000 ____D C:\Users\Philipp\AppData\Local\{3B9265BC-E9A0-4A85-91CB-36DC76A7DA07}
2012-03-30 15:00 - 2012-03-30 15:00 - 00000000 ____D C:\Users\Philipp\AppData\Local\{23B66F84-DE6B-401B-95A2-CF445DCEC160}
2012-03-30 12:35 - 2012-05-10 21:41 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 08:19 - 2012-03-30 08:19 - 00000000 ____D C:\Users\Philipp\AppData\Local\{88B6C05F-D35E-404E-9233-E708C62504DA}
2012-03-29 11:56 - 2012-03-29 11:55 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A59C88D5-DC50-4DF4-BADB-E898618E9DEE}
2012-03-28 16:18 - 2012-03-28 16:18 - 00000000 ____D C:\Users\Philipp\AppData\Local\{D6BC9DEA-BDFC-4833-A7C5-32B5CAB35FA3}
2012-03-28 16:18 - 2012-03-28 16:17 - 00000000 ____D C:\Users\Philipp\AppData\Local\{345C472E-9328-4CBA-AD81-B02B7C395B89}
2012-03-27 15:29 - 2012-03-27 15:29 - 00000000 ____D C:\Users\Philipp\AppData\Local\{A1D88ACC-EE07-41F8-89B5-CBEBBEA43E70}
2012-03-27 15:29 - 2012-03-27 15:28 - 00000000 ____D C:\Users\Philipp\AppData\Local\{86FD0A3B-8D82-44A5-A7B9-1D000550D09B}
2012-03-27 14:27 - 2012-03-27 14:27 - 00000000 ____D C:\Users\Philipp\AppData\Local\{DB464B86-1D7F-4B68-956D-4CD49B2E37A7}
2012-03-27 11:31 - 2012-03-27 11:31 - 00000000 ____D C:\Users\Philipp\AppData\Local\{209B8716-0E2F-42A8-A3A7-E5D8A75A0A04}
2012-03-27 11:31 - 2012-03-27 11:31 - 00000000 ____D C:\Users\Philipp\AppData\Local\{1A909EBE-4D47-4D47-93FA-A89BC596E938}

ZeroAccess:
C:\Windows\Installer\{62d344d4-e3e2-fc94-403c-67303ae89b65}
C:\Windows\Installer\{62d344d4-e3e2-fc94-403c-67303ae89b65}\L
C:\Windows\Installer\{62d344d4-e3e2-fc94-403c-67303ae89b65}\U

ZeroAccess:
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}\@
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}\L
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8190.18 MB
Available physical RAM: 7414.07 MB
Total Pagefile: 8188.32 MB
Available Pagefile: 7404.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Win7) (Fixed) (Total:50 GB) (Free:6.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Festplatte) (Fixed) (Total:648.54 GB) (Free:498.01 GB) NTFS
4 Drive f: (EMTEC M400) (Removable) (Total:7.64 GB) (Free:7.64 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 698 GB 100 MB
Datentr„ger 1 Online 7840 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 50 GB 101 MB
Partition 2 Prim„r 648 GB 50 GB

======================================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Win7 NTFS Partition 50 GB Fehlerfre

======================================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Festplatte NTFS Partition 648 GB Fehlerfre

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 7840 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Typ : 0B
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F EMTEC M400 FAT32 Wechselmed 7840 MB Fehlerfre

======================================================================================================

==========================================================

Last Boot: 2012-06-18 16:24

======================= End Of Log ==========================

Edited by Renfan, 24 June 2012 - 03:20 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 24 June 2012 - 03:20 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 June 2012 - 06:42 AM

Error - Win32 only

Incompatible O/S. Combofix only works for workstations with Windows 2000 and XP.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 24 June 2012 - 09:26 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{62d344d4-e3e2-fc94-403c-67303ae89b65}
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Renfan

Renfan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 25 June 2012 - 10:33 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 17:29:19 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{62d344d4-e3e2-fc94-403c-67303ae89b65} moved successfully.
C:\Users\Philipp\AppData\Local\{62d344d4-e3e2-fc94-403c-67303ae89b65} moved successfully.

==== End of Fixlog ====

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 25 June 2012 - 12:44 PM

Greetings


Now I would like you to retry combofix again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users