Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W7 Trjoan Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 TerTitt

TerTitt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 June 2012 - 05:26 AM

Hi Guys,
Am a Norwegian, that have this problem:
MSE started detecting win64/sirefef.y and it would reboot the computer after 1 minute. It keeps cycling like that in Safe mode as well. MSE detects it, tried to remove it, then it reboots. I can't run any tests or scans or disable it. I tried to use system restore, but it reboots the computer before I can kick start it.
Am have ran:

can result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 11:59:15
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12481128 2012-05-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TaskTray] [x]
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1240848 2012-06-20] (Simply Super Software)
HKLM-x32\...\Run: [Rapoo 9200] C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe [2622464 2010-12-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Shuttle stue\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-15] (Google Inc.)
HKU\Shuttle stue\...\Run: [EPSON96E3AA (Epson Stylus Photo PX720WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S3E95.tmp" /EF "HKCU" [224768 2011-04-04] (SEIKO EPSON CORPORATION)
HKU\Shuttle stue\...\Run: [Epson Stylus Photo PX720WD(Nettverk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S6F17.tmp" /EF "HKCU" [224768 2011-04-04] (SEIKO EPSON CORPORATION)
HKU\Shuttle stue\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\Shuttle stue\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
HKU\Shuttle stue\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 Autodata Limited License Service; "C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe" [72704 2011-07-20] (Autodata Limited)
2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-03] (DT Soft Ltd)
3 Ph3xIB64; C:\Windows\System32\Drivers\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
3 rp24msdrv; C:\Windows\System32\Drivers\rp24msdrv.sys [28416 2010-11-30] ()
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
4 bdselfpr; [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
4 vsserv; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 13:45 - 2012-06-25 13:45 - 00022649 ____A C:\Users\All Users\1340660733.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00185626 ____A C:\Users\All Users\1340660587.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Bitdefender
2012-06-25 13:42 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-06-25 13:18 - 2012-06-25 14:04 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\QuickScan
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-23 04:54 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-23 04:54 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-22 01:38 - 2012-06-22 01:38 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-06-22 01:37 - 2012-06-22 01:38 - 00000000 ____D C:\Program Files (x86)\LastPass
2012-06-21 11:35 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:35 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:35 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:34 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:34 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 07:03 - 2012-06-18 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 07:03 - 2012-05-15 09:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-18 07:03 - 2012-05-15 09:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-18 07:03 - 2012-05-04 09:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-18 07:02 - 2012-06-18 07:03 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-16 03:23 - 2012-06-16 03:28 - 15040914 ____A C:\Users\Shuttle stue\Downloads\DWL-G120_C1_Driver v3-00_050110.rar
2012-06-14 08:52 - 2012-06-14 08:58 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DeepBurner
2012-06-14 08:52 - 2012-06-14 08:52 - 00001081 ____A C:\Users\Shuttle stue\Desktop\DeepBurner.lnk
2012-06-14 08:52 - 2012-06-14 08:52 - 00000000 ____D C:\Program Files (x86)\Astonsoft
2012-06-14 07:33 - 2012-06-14 08:01 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (3)
2012-06-14 07:32 - 2012-06-14 08:46 - 445644800 ____A C:\Users\Shuttle stue\Downloads\ophcrack-xp-livecd-3.4.0.iso
2012-06-14 06:35 - 2012-06-14 06:35 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-14 06:34 - 2012-05-08 07:50 - 04033640 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-06-14 06:34 - 2012-05-08 01:21 - 00275965 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-06-14 06:34 - 2012-05-02 04:16 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-06-14 06:34 - 2012-04-25 06:03 - 00104552 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-06-14 06:34 - 2012-04-25 05:48 - 04924416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-06-14 06:34 - 2012-04-23 05:01 - 01261160 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-06-14 06:34 - 2012-04-17 07:21 - 02672744 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-06-14 06:34 - 2012-04-10 04:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-06-14 06:34 - 2012-04-03 08:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-06-14 06:34 - 2012-04-03 08:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-06-14 06:34 - 2012-03-08 01:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-06-14 06:34 - 2012-03-08 01:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-06-14 06:34 - 2012-03-07 01:09 - 00824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-06-14 06:34 - 2012-02-21 09:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-06-14 06:34 - 2012-02-17 05:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2012-06-14 06:34 - 2012-02-13 14:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2012-06-14 06:34 - 2012-01-30 01:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2012-06-14 06:34 - 2012-01-10 00:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2012-06-14 06:34 - 2011-12-20 05:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-06-14 06:34 - 2011-12-19 19:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2012-06-14 06:34 - 2011-12-18 07:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00137056 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00120160 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00075104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2012-06-14 06:34 - 2011-12-13 06:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-06-14 06:34 - 2011-11-22 06:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2012-06-14 06:34 - 2011-08-23 07:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2012-06-14 06:34 - 2011-03-17 02:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2012-06-14 06:34 - 2011-03-07 07:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-06-14 06:34 - 2010-11-03 08:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-06-14 06:34 - 2010-10-03 03:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2012-06-14 06:34 - 2010-09-26 23:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-06-14 06:34 - 2010-07-22 06:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-06-14 03:49 - 2012-06-14 03:50 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Fram
2012-06-13 23:44 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 23:44 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 23:44 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 23:44 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 23:44 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 23:44 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 23:44 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 23:44 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 23:44 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 23:44 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 23:44 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 23:44 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 23:44 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 23:44 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 23:44 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 23:44 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 23:44 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 23:44 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 23:44 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 23:44 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 23:44 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 23:44 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 23:44 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 23:44 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 23:44 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 23:44 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 23:44 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 23:44 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 23:43 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 23:43 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 23:29 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 23:29 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 23:29 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 23:29 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 23:29 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 23:29 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 23:29 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 23:29 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 23:29 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 23:29 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 23:29 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 23:29 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 23:29 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 23:29 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 23:29 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files and Folders =============

2012-06-27 11:59 - 2012-06-27 11:59 - 00000000 ____D C:\FRST
2012-06-26 13:56 - 2012-01-11 01:22 - 00000000 __SHD C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
2012-06-26 13:56 - 2011-03-13 08:33 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Dropbox
2012-06-26 13:56 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-26 13:55 - 2011-03-15 01:05 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-26 13:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 13:55 - 2009-07-13 20:51 - 00083660 ____A C:\Windows\setupact.log
2012-06-26 13:47 - 2011-03-15 01:05 - 00001004 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:19 - 2011-03-13 08:35 - 00000000 ___RD C:\Users\Shuttle stue\Dropbox
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-26 13:04 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 13:04 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 13:00 - 2011-03-12 06:27 - 01340147 ____A C:\Windows\WindowsUpdate.log
2012-06-26 12:59 - 2011-10-30 05:27 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-26 12:58 - 2011-10-30 05:27 - 01282328 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-26 12:58 - 2009-07-14 01:16 - 00461486 ____A C:\Windows\System32\perfh014.dat
2012-06-26 12:58 - 2009-07-14 01:16 - 00079246 ____A C:\Windows\System32\perfc014.dat
2012-06-26 12:49 - 2012-04-09 10:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 14:04 - 2012-06-25 13:18 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\QuickScan
2012-06-25 13:48 - 2011-04-27 04:46 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\CrashDumps
2012-06-25 13:46 - 2011-03-12 08:19 - 01048448 ____A C:\Windows\PFRO.log
2012-06-25 13:45 - 2012-06-25 13:45 - 00022649 ____A C:\Users\All Users\1340660733.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00185626 ____A C:\Users\All Users\1340660587.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Bitdefender
2012-06-25 13:44 - 2012-06-25 13:42 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-25 07:15 - 2011-07-22 03:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-06-25 07:14 - 2011-07-22 03:22 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Garmin
2012-06-25 07:12 - 2011-03-12 09:01 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\uTorrent
2012-06-25 06:38 - 2011-03-12 05:53 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Pack Out
2012-06-25 05:45 - 2009-07-13 21:13 - 01263258 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 01:36 - 2011-03-12 07:50 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\vlc
2012-06-25 00:49 - 2011-03-13 06:25 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\dvdcss
2012-06-24 03:51 - 2011-07-19 02:37 - 00000000 ____D C:\Users\Shuttle stue\Documents\Outlook-filer
2012-06-22 15:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 09:07 - 2011-03-13 11:57 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\Microsoft Games
2012-06-22 01:38 - 2012-06-22 01:38 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-06-22 01:38 - 2012-06-22 01:37 - 00000000 ____D C:\Program Files (x86)\LastPass
2012-06-20 01:56 - 2011-06-28 02:56 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-06-19 08:21 - 2011-03-12 10:32 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DAEMON Tools Lite
2012-06-18 07:03 - 2012-06-18 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 07:03 - 2012-06-18 07:02 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-18 07:03 - 2012-02-16 13:18 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-16 05:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-16 03:28 - 2012-06-16 03:23 - 15040914 ____A C:\Users\Shuttle stue\Downloads\DWL-G120_C1_Driver v3-00_050110.rar
2012-06-16 03:17 - 2012-04-09 10:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 03:17 - 2011-06-04 23:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 08:58 - 2012-06-14 08:52 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DeepBurner
2012-06-14 08:52 - 2012-06-14 08:52 - 00001081 ____A C:\Users\Shuttle stue\Desktop\DeepBurner.lnk
2012-06-14 08:52 - 2012-06-14 08:52 - 00000000 ____D C:\Program Files (x86)\Astonsoft
2012-06-14 08:46 - 2012-06-14 07:32 - 445644800 ____A C:\Users\Shuttle stue\Downloads\ophcrack-xp-livecd-3.4.0.iso
2012-06-14 08:01 - 2012-06-14 07:33 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (3)
2012-06-14 07:57 - 2011-03-15 15:35 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\DVD Profiler
2012-06-14 06:35 - 2012-06-14 06:35 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-14 06:34 - 2011-03-12 08:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-14 06:29 - 2011-03-12 09:02 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-14 03:50 - 2012-06-14 03:49 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Fram
2012-06-14 01:53 - 2011-03-12 08:10 - 00000000 ____D C:\Users\Shuttle stue\Documents\DriverGenius
2012-06-14 01:23 - 2011-05-11 01:45 - 00001862 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-06-13 23:59 - 2009-07-13 20:45 - 00415280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 23:50 - 2011-03-12 08:39 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 23:45 - 2011-03-12 07:57 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-04 06:54 - 2011-03-13 08:35 - 00001044 ____A C:\Users\Shuttle stue\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-21 11:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 11:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 11:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 23:38 - 2011-07-26 07:26 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-22 21:25 - 2012-05-19 09:22 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (2)
2012-05-22 08:08 - 2012-05-10 03:34 - 00001901 ____A C:\Users\Shuttle stue\Desktop\Kies Air Discovery Service.lnk
2012-05-21 02:53 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-21 00:15 - 2012-04-15 14:49 - 00000000 ____D C:\Users\Shuttle stue\Documents\Cleopatra 33 FB
2012-05-20 18:09 - 2012-06-23 04:54 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-06-23 04:54 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-17 18:47 - 2012-06-13 23:44 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 23:44 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 23:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 23:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 23:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 23:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 23:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 23:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 23:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 23:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 23:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 23:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 23:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 23:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 23:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 23:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 23:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 23:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 23:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 23:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 23:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 23:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 23:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 23:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 23:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 23:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 23:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 09:06 - 2012-06-18 07:03 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 09:06 - 2012-06-18 07:03 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-15 07:55 - 2012-04-10 11:33 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe
2012-05-15 01:33 - 2012-05-15 01:33 - 00000000 ____D C:\Users\Shuttle stue\.DigiBilder
2012-05-15 01:33 - 2011-03-12 07:11 - 00000000 ____D C:\users\Shuttle stue
2012-05-14 17:32 - 2012-06-13 23:29 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 07:59 - 2012-02-16 04:57 - 00000000 ____D C:\winturbo
2012-05-13 02:25 - 2012-03-28 08:54 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Toshiba Pc
2012-05-10 03:15 - 2011-09-16 16:11 - 00000000 ____D C:\Users\Shuttle stue\Documents\SelfMV
2012-05-09 23:04 - 2012-02-12 11:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 23:04 - 2012-02-12 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 12:35 - 2009-07-14 01:54 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 07:50 - 2012-06-14 06:34 - 04033640 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-05-08 01:21 - 2012-06-14 06:34 - 00275965 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-05-06 23:48 - 2012-05-06 23:48 - 00003952 ____A C:\Users\Shuttle stue\.TransferManager.db
2012-05-06 23:11 - 2012-05-06 23:11 - 00000897 ____A C:\Users\Shuttle stue\Downloads\sd.jnlp
2012-05-06 23:11 - 2012-05-06 23:11 - 00000000 ____D C:\Users\Shuttle stue\Documents\Tlf bilder
2012-05-05 09:49 - 2012-04-13 23:49 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 09:29 - 2012-06-18 07:03 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 09:29 - 2012-05-19 09:43 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 09:29 - 2011-11-24 03:37 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-13 23:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 23:43 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 23:29 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 23:29 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 23:43 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Users\All Users\ATI
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-05-03 07:34 - 2012-03-24 07:54 - 00000000 ____D C:\Users\All Users\AMD
2012-05-03 07:34 - 2011-03-12 08:07 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-02 04:16 - 2012-06-14 06:34 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-04-30 21:40 - 2012-06-13 23:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 21:32 - 2012-06-13 23:29 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-13 23:29 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 23:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 23:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 23:29 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 06:03 - 2012-06-14 06:34 - 00104552 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-04-25 05:48 - 2012-06-14 06:34 - 04924416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-04-23 21:37 - 2012-06-13 23:29 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 23:29 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 23:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 05:01 - 2012-06-14 06:34 - 01261160 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-04-17 07:21 - 2012-06-14 06:34 - 02672744 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-04-16 13:31 - 2012-04-16 13:31 - 00000000 ____D C:\Users\Shuttle stue\Tracing
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Users\All Users\SweetIM
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\SweetIM
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\fbphotozoom
2012-04-16 13:30 - 2012-04-16 13:29 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-04-16 13:30 - 2011-05-11 00:13 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\Windows Live
2012-04-16 13:30 - 2011-03-16 01:18 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Mozilla
2012-04-15 14:48 - 2012-04-15 14:47 - 03171025 ____A C:\Users\Shuttle stue\Downloads\Volvo_280_290_service.zip
2012-04-12 22:48 - 2012-01-12 09:15 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-12 09:18 - 2011-11-28 04:22 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\ZoomBrowser EX
2012-04-11 20:04 - 2009-07-13 18:34 - 00000551 ____A C:\Windows\win.ini
2012-04-11 20:02 - 2012-04-11 20:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 20:02 - 2012-04-11 20:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 04:40 - 2012-06-14 06:34 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-04-07 04:31 - 2012-06-13 23:29 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 23:29 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2011-07-28 13:40 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2010-09-28 17:54 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2010-09-28 17:23 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2010-09-28 17:37 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2011-07-28 13:09 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2010-09-28 17:30 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2010-09-28 17:21 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2011-07-28 13:03 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2011-07-07 18:45 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2010-09-28 17:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2010-09-28 17:13 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 12:34 - 2012-04-05 12:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 12:34 - 2012-04-05 12:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 12:34 - 2012-04-05 12:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 12:32 - 2012-04-05 12:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-03 08:42 - 2012-06-14 06:34 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-04-03 08:42 - 2012-06-14 06:34 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-03-30 03:35 - 2012-05-09 12:34 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@

ZeroAccess:
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3455.46 MB
Total Pagefile: 4092.33 MB
Available Pagefile: 3449.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:191.95 GB) (Free:18.98 GB) NTFS
2 Drive d: (Mp3 Musikk) (Fixed) (Total:698.63 GB) (Free:77.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Xbox) (Fixed) (Total:683.59 GB) (Free:361.97 GB) NTFS
5 Drive h: (KINGSTON) (Removable) (Total:7.46 GB) (Free:7.4 GB) FAT32
6 Drive i: (LaCie) (Fixed) (Total:1863.01 GB) (Free:5.36 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 698 GB 0 B
Disk 2 Online 7656 MB 0 B
Disk 3 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 683 GB 31 KB
Partition 2 Primary 100 MB 683 GB
Partition 3 Primary 191 GB 683 GB
Partition 0 Extended 55 GB 875 GB
Partition 4 Logical 55 GB 875 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Xbox NTFS Partition 683 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 191 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Mp3 Musikk NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7654 MB 1116 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 7654 MB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I LaCie NTFS Partition 1863 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-19 09:23

======================= End Of Log ==========================

So what am can see, that am need lika a text file ore somthing.
Can some nice pepole out here help me out with this??????

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 27 June 2012 - 08:37 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-26 13:56 - 2012-01-11 01:22 - 00000000 __SHD C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@
Folder: C:\Users\Shuttle stue\AppData\Roaming\QuickScan
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:

Running Search in FRST
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Fixlog.txt log file.
3. Search.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 TerTitt

TerTitt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 June 2012 - 01:41 PM

THX.
Here is the Search log:
Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 2012-06-27 20:22:49
Running from H:\

================== Search: "SERVICES.EXE" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-06-27 02:04] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Then you have the FRST.Txt:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 20:05:00
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12481128 2012-05-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TaskTray] [x]
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1240848 2012-06-20] (Simply Super Software)
HKLM-x32\...\Run: [Rapoo 9200] C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe [2622464 2010-12-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Shuttle stue\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-15] (Google Inc.)
HKU\Shuttle stue\...\Run: [EPSON96E3AA (Epson Stylus Photo PX720WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S3E95.tmp" /EF "HKCU" [224768 2011-04-04] (SEIKO EPSON CORPORATION)
HKU\Shuttle stue\...\Run: [Epson Stylus Photo PX720WD(Nettverk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S6F17.tmp" /EF "HKCU" [224768 2011-04-04] (SEIKO EPSON CORPORATION)
HKU\Shuttle stue\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\Shuttle stue\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
HKU\Shuttle stue\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 Autodata Limited License Service; "C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe" [72704 2011-07-20] (Autodata Limited)
2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-03] (DT Soft Ltd)
3 Ph3xIB64; C:\Windows\System32\Drivers\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
3 rp24msdrv; C:\Windows\System32\Drivers\rp24msdrv.sys [28416 2010-11-30] ()
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
4 bdselfpr; [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
4 vsserv; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 13:45 - 2012-06-25 13:45 - 00022649 ____A C:\Users\All Users\1340660733.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00185626 ____A C:\Users\All Users\1340660587.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Bitdefender
2012-06-25 13:42 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-06-25 13:18 - 2012-06-25 14:04 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\QuickScan
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-23 04:54 - 2012-05-20 18:09 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-23 04:54 - 2012-05-20 18:09 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-22 01:38 - 2012-06-22 01:38 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-06-22 01:37 - 2012-06-22 01:38 - 00000000 ____D C:\Program Files (x86)\LastPass
2012-06-21 11:35 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:35 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:35 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:34 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:34 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 07:03 - 2012-06-18 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 07:03 - 2012-05-15 09:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-18 07:03 - 2012-05-15 09:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-18 07:03 - 2012-05-04 09:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-18 07:02 - 2012-06-18 07:03 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-16 03:23 - 2012-06-16 03:28 - 15040914 ____A C:\Users\Shuttle stue\Downloads\DWL-G120_C1_Driver v3-00_050110.rar
2012-06-14 08:52 - 2012-06-14 08:58 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DeepBurner
2012-06-14 08:52 - 2012-06-14 08:52 - 00001081 ____A C:\Users\Shuttle stue\Desktop\DeepBurner.lnk
2012-06-14 08:52 - 2012-06-14 08:52 - 00000000 ____D C:\Program Files (x86)\Astonsoft
2012-06-14 07:33 - 2012-06-14 08:01 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (3)
2012-06-14 07:32 - 2012-06-14 08:46 - 445644800 ____A C:\Users\Shuttle stue\Downloads\ophcrack-xp-livecd-3.4.0.iso
2012-06-14 06:35 - 2012-06-14 06:35 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-14 06:34 - 2012-05-08 07:50 - 04033640 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-06-14 06:34 - 2012-05-08 01:21 - 00275965 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-06-14 06:34 - 2012-05-02 04:16 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-06-14 06:34 - 2012-04-25 06:03 - 00104552 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-06-14 06:34 - 2012-04-25 05:48 - 04924416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-06-14 06:34 - 2012-04-23 05:01 - 01261160 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-06-14 06:34 - 2012-04-17 07:21 - 02672744 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-06-14 06:34 - 2012-04-10 04:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-06-14 06:34 - 2012-04-03 08:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-06-14 06:34 - 2012-04-03 08:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-06-14 06:34 - 2012-03-08 01:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-06-14 06:34 - 2012-03-08 01:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-06-14 06:34 - 2012-03-07 01:09 - 00824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-06-14 06:34 - 2012-02-21 09:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-06-14 06:34 - 2012-02-17 05:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2012-06-14 06:34 - 2012-02-13 14:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2012-06-14 06:34 - 2012-01-30 01:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2012-06-14 06:34 - 2012-01-23 12:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2012-06-14 06:34 - 2012-01-10 00:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2012-06-14 06:34 - 2011-12-20 05:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-06-14 06:34 - 2011-12-19 19:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2012-06-14 06:34 - 2011-12-18 07:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00137056 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00120160 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2012-06-14 06:34 - 2011-12-15 03:16 - 00075104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2012-06-14 06:34 - 2011-12-13 06:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-06-14 06:34 - 2011-11-22 06:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2012-06-14 06:34 - 2011-09-02 04:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2012-06-14 06:34 - 2011-08-23 07:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2012-06-14 06:34 - 2011-05-30 23:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2012-06-14 06:34 - 2011-03-17 02:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2012-06-14 06:34 - 2011-03-07 07:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-06-14 06:34 - 2010-11-07 21:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-06-14 06:34 - 2010-11-03 08:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-06-14 06:34 - 2010-10-03 03:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2012-06-14 06:34 - 2010-09-26 23:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-06-14 06:34 - 2010-07-22 06:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-06-14 06:34 - 2009-11-23 23:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-06-14 03:49 - 2012-06-14 03:50 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Fram
2012-06-13 23:44 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 23:44 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 23:44 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 23:44 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 23:44 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 23:44 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 23:44 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 23:44 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 23:44 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 23:44 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 23:44 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 23:44 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 23:44 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 23:44 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 23:44 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 23:44 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 23:44 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 23:44 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 23:44 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 23:44 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 23:44 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 23:44 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 23:44 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 23:44 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 23:44 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 23:44 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 23:44 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 23:44 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 23:43 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-13 23:43 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-13 23:29 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 23:29 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 23:29 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 23:29 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 23:29 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 23:29 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 23:29 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 23:29 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 23:29 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll2012-06-13 23:29 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 23:29 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 23:29 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 23:29 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 23:29 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 23:29 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 23:29 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files and Folders =============

2012-06-27 20:05 - 2012-06-27 11:59 - 00000000 ____D C:\FRST
2012-06-27 02:04 - 2012-01-11 01:22 - 00000000 __SHD C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
2012-06-27 02:04 - 2011-04-27 04:46 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\CrashDumps
2012-06-27 02:04 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-27 02:03 - 2011-03-15 01:05 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-27 02:03 - 2011-03-13 08:33 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Dropbox
2012-06-27 02:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-27 02:03 - 2009-07-13 20:51 - 00083716 ____A C:\Windows\setupact.log
2012-06-26 13:47 - 2011-03-15 01:05 - 00001004 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:44 - 2011-03-12 06:27 - 01340147 ____A C:\Windows\WindowsUpdate.log
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:19 - 2011-03-13 08:35 - 00000000 ___RD C:\Users\Shuttle stue\Dropbox
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-26 13:04 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 13:04 - 2009-07-13 20:45 - 00014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 12:59 - 2011-10-30 05:27 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-26 12:58 - 2012-06-26 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-26 12:58 - 2011-10-30 05:27 - 01282328 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-26 12:58 - 2009-07-14 01:16 - 00461486 ____A C:\Windows\System32\perfh014.dat
2012-06-26 12:58 - 2009-07-14 01:16 - 00079246 ____A C:\Windows\System32\perfc014.dat
2012-06-26 12:49 - 2012-04-09 10:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 14:04 - 2012-06-25 13:18 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\QuickScan
2012-06-25 13:46 - 2011-03-12 08:19 - 01048448 ____A C:\Windows\PFRO.log
2012-06-25 13:45 - 2012-06-25 13:45 - 00022649 ____A C:\Users\All Users\1340660733.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00185626 ____A C:\Users\All Users\1340660587.bdinstall.bin
2012-06-25 13:44 - 2012-06-25 13:44 - 00000000 ____D C:\Program Files\Bitdefender
2012-06-25 13:44 - 2012-06-25 13:42 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-25 07:15 - 2011-07-22 03:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-06-25 07:14 - 2011-07-22 03:22 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Garmin
2012-06-25 07:12 - 2011-03-12 09:01 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\uTorrent
2012-06-25 06:38 - 2011-03-12 05:53 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Pack Out
2012-06-25 05:45 - 2009-07-13 21:13 - 01263258 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 01:36 - 2011-03-12 07:50 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\vlc
2012-06-25 00:49 - 2011-03-13 06:25 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\dvdcss
2012-06-24 03:51 - 2011-07-19 02:37 - 00000000 ____D C:\Users\Shuttle stue\Documents\Outlook-filer
2012-06-22 15:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 09:07 - 2011-03-13 11:57 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\Microsoft Games
2012-06-22 01:38 - 2012-06-22 01:38 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-06-22 01:38 - 2012-06-22 01:37 - 00000000 ____D C:\Program Files (x86)\LastPass
2012-06-20 01:56 - 2011-06-28 02:56 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-06-19 08:21 - 2011-03-12 10:32 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DAEMON Tools Lite
2012-06-18 07:03 - 2012-06-18 07:03 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 07:03 - 2012-06-18 07:02 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-18 07:03 - 2012-02-16 13:18 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-16 05:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-16 03:28 - 2012-06-16 03:23 - 15040914 ____A C:\Users\Shuttle stue\Downloads\DWL-G120_C1_Driver v3-00_050110.rar
2012-06-16 03:17 - 2012-04-09 10:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 03:17 - 2011-06-04 23:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 08:58 - 2012-06-14 08:52 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\DeepBurner
2012-06-14 08:52 - 2012-06-14 08:52 - 00001081 ____A C:\Users\Shuttle stue\Desktop\DeepBurner.lnk
2012-06-14 08:52 - 2012-06-14 08:52 - 00000000 ____D C:\Program Files (x86)\Astonsoft
2012-06-14 08:46 - 2012-06-14 07:32 - 445644800 ____A C:\Users\Shuttle stue\Downloads\ophcrack-xp-livecd-3.4.0.iso
2012-06-14 08:01 - 2012-06-14 07:33 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (3)
2012-06-14 07:57 - 2011-03-15 15:35 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\DVD Profiler
2012-06-14 06:35 - 2012-06-14 06:35 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-14 06:34 - 2011-03-12 08:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-14 06:29 - 2011-03-12 09:02 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-14 03:50 - 2012-06-14 03:49 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Fram
2012-06-14 01:53 - 2011-03-12 08:10 - 00000000 ____D C:\Users\Shuttle stue\Documents\DriverGenius
2012-06-14 01:23 - 2011-05-11 01:45 - 00001862 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-06-13 23:59 - 2009-07-13 20:45 - 00415280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 23:50 - 2011-03-12 08:39 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 23:45 - 2011-03-12 07:57 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-04 06:54 - 2011-03-13 08:35 - 00001044 ____A C:\Users\Shuttle stue\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-21 11:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 11:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 11:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 23:38 - 2011-07-26 07:26 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-22 21:25 - 2012-05-19 09:22 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe (2)
2012-05-22 08:08 - 2012-05-10 03:34 - 00001901 ____A C:\Users\Shuttle stue\Desktop\Kies Air Discovery Service.lnk
2012-05-21 02:53 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-21 00:15 - 2012-04-15 14:49 - 00000000 ____D C:\Users\Shuttle stue\Documents\Cleopatra 33 FB
2012-05-20 18:09 - 2012-06-23 04:54 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-05-20 18:09 - 2012-06-23 04:54 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-05-17 18:47 - 2012-06-13 23:44 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 23:44 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 23:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 23:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 23:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 23:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 23:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 23:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 23:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 23:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 23:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 23:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 23:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 23:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 23:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 23:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 23:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 23:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 23:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 23:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 23:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 23:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 23:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 23:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 23:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 23:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 23:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 09:06 - 2012-06-18 07:03 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 09:06 - 2012-06-18 07:03 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-15 07:55 - 2012-04-10 11:33 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Ny mappe
2012-05-15 01:33 - 2012-05-15 01:33 - 00000000 ____D C:\Users\Shuttle stue\.DigiBilder
2012-05-15 01:33 - 2011-03-12 07:11 - 00000000 ____D C:\users\Shuttle stue
2012-05-14 17:32 - 2012-06-13 23:29 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 07:59 - 2012-02-16 04:57 - 00000000 ____D C:\winturbo
2012-05-13 02:25 - 2012-03-28 08:54 - 00000000 ____D C:\Users\Shuttle stue\Desktop\Toshiba Pc
2012-05-10 03:15 - 2011-09-16 16:11 - 00000000 ____D C:\Users\Shuttle stue\Documents\SelfMV
2012-05-09 23:04 - 2012-02-12 11:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 23:04 - 2012-02-12 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 12:35 - 2009-07-14 01:54 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 07:50 - 2012-06-14 06:34 - 04033640 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-05-08 01:21 - 2012-06-14 06:34 - 00275965 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2012-05-06 23:48 - 2012-05-06 23:48 - 00003952 ____A C:\Users\Shuttle stue\.TransferManager.db
2012-05-06 23:11 - 2012-05-06 23:11 - 00000897 ____A C:\Users\Shuttle stue\Downloads\sd.jnlp
2012-05-06 23:11 - 2012-05-06 23:11 - 00000000 ____D C:\Users\Shuttle stue\Documents\Tlf bilder
2012-05-05 09:49 - 2012-04-13 23:49 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 09:29 - 2012-06-18 07:03 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 09:29 - 2012-05-19 09:43 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 09:29 - 2011-11-24 03:37 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-13 23:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-13 23:43 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 23:29 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 23:29 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-13 23:43 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Users\All Users\ATI
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-03 07:34 - 2012-05-03 07:34 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-05-03 07:34 - 2012-03-24 07:54 - 00000000 ____D C:\Users\All Users\AMD
2012-05-03 07:34 - 2011-03-12 08:07 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-02 04:16 - 2012-06-14 06:34 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-04-30 21:40 - 2012-06-13 23:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 21:32 - 2012-06-13 23:29 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-13 23:29 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 23:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 23:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 23:29 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 06:03 - 2012-06-14 06:34 - 00104552 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2012-04-25 05:48 - 2012-06-14 06:34 - 04924416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-04-23 21:37 - 2012-06-13 23:29 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 23:29 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 23:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 23:29 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 05:01 - 2012-06-14 06:34 - 01261160 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-04-17 07:21 - 2012-06-14 06:34 - 02672744 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-04-16 13:31 - 2012-04-16 13:31 - 00000000 ____D C:\Users\Shuttle stue\Tracing
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Users\All Users\SweetIM
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\SweetIM
2012-04-16 13:30 - 2012-04-16 13:30 - 00000000 ____D C:\Program Files (x86)\fbphotozoom
2012-04-16 13:30 - 2012-04-16 13:29 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-04-16 13:30 - 2011-05-11 00:13 - 00000000 ____D C:\Users\Shuttle stue\AppData\Local\Windows Live
2012-04-16 13:30 - 2011-03-16 01:18 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Mozilla
2012-04-15 14:48 - 2012-04-15 14:47 - 03171025 ____A C:\Users\Shuttle stue\Downloads\Volvo_280_290_service.zip
2012-04-12 22:48 - 2012-01-12 09:15 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-12 09:18 - 2011-11-28 04:22 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\ZoomBrowser EX
2012-04-11 20:04 - 2009-07-13 18:34 - 00000551 ____A C:\Windows\win.ini
2012-04-11 20:02 - 2012-04-11 20:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 20:02 - 2012-04-11 20:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 04:40 - 2012-06-14 06:34 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-04-07 04:31 - 2012-06-13 23:29 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 23:29 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2011-07-28 13:40 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2010-09-28 17:54 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2010-09-28 17:23 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2010-09-28 17:37 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2011-07-28 13:09 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2010-09-28 17:30 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2010-09-28 17:21 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2011-07-28 13:03 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2011-07-07 18:45 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2010-09-28 17:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2010-09-28 17:13 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 12:34 - 2012-04-05 12:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 12:34 - 2012-04-05 12:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 12:34 - 2012-04-05 12:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 12:33 - 2012-04-05 12:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 12:32 - 2012-04-05 12:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-03 08:42 - 2012-06-14 06:34 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2012-04-03 08:42 - 2012-06-14 06:34 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2012-03-30 03:35 - 2012-05-09 12:34 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@

ZeroAccess:
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3447.13 MB
Total Pagefile: 4092.33 MB
Available Pagefile: 3440.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:191.95 GB) (Free:18.91 GB) NTFS
2 Drive d: (Mp3 Musikk) (Fixed) (Total:698.63 GB) (Free:77.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Xbox) (Fixed) (Total:683.59 GB) (Free:361.97 GB) NTFS
5 Drive h: (KINGSTON) (Removable) (Total:7.46 GB) (Free:7.4 GB) FAT32
6 Drive i: (LaCie) (Fixed) (Total:1863.01 GB) (Free:5.36 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 698 GB 0 B
Disk 2 Online 7656 MB 0 B
Disk 3 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 683 GB 31 KB
Partition 2 Primary 100 MB 683 GB
Partition 3 Primary 191 GB 683 GB
Partition 0 Extended 55 GB 875 GB
Partition 4 Logical 55 GB 875 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Xbox NTFS Partition 683 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 191 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Mp3 Musikk NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7654 MB 1116 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 7654 MB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I LaCie NTFS Partition 1863 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-19 09:23

======================= End Of Log ==========================

MSE still started detecting win64/sirefef.y and it would reboot the computer after 1 minute. It keeps cycling like that in Safe mode as well. MSE detects it, tried to remove it, then it reboots.

Am greatful to you for all help am can get to remove this virus

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 28 June 2012 - 07:25 AM

Hi!

Please give this fix a try, and if all goes well, do the scans that follow.

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
2012-06-27 02:04 - 2012-01-11 01:22 - 00000000 __SHD C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
2012-06-26 13:44 - 2012-06-26 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5676655AAB190F86
2012-06-26 13:39 - 2012-06-26 13:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1BCB93770D51CD9
2012-06-26 13:31 - 2012-06-26 13:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.550A6E2A681D2EE0
2012-06-26 13:22 - 2012-06-26 13:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.008FABA496FD19D6
2012-06-26 13:04 - 2012-06-26 13:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE6993CEF9541346
2012-06-25 08:50 - 2012-06-25 08:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Woysi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Pagi
2012-06-25 08:49 - 2012-06-25 08:49 - 00000000 ____D C:\Users\Shuttle stue\AppData\Roaming\Obpai
2012-06-25 08:47 - 2012-06-25 08:47 - 00442368 ____A C:\Users\Shuttle stue\AppData\Local\frknvhzm.exe
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Windows\Installer\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\@
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\L
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\n
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U
C:\Users\Shuttle stue\AppData\Local\{27602a97-0b99-fa63-7285-097aceba2361}\U\800000cb.@
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Fixlog.txt log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 07 July 2012 - 06:34 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users