Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe infected by patched_c.LXT trojan


  • This topic is locked This topic is locked
27 replies to this topic

#1 MarcelP

MarcelP

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 August 2012 - 12:47 AM

Dear Bleeping Computer members,

Currently have a computer that's been infected by the patched_c.LXT trojan which i'm having troubles deleting it. Read loads of fixes but didnt seem to help at all.
I'm hoping you guys here could help me out, let me know which logs I should collect and post here.
Thanks in advance!

Regards
Marcel

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 24 August 2012 - 01:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 August 2012 - 03:21 AM

Hey Gringo,

Thanks for the reply, and here are my logs from the steps above:

---------------------
Security Check
---------------------

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfeeAntivirus en antispyware
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


----------------------
DDS Check
----------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Marcel at 10:17:33 on 2012-08-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8174.2763 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Users\Marcel\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Users\Marcel\Downloads\SecurityCheck(1).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe"
uRun: [mapdisk] "C:\Users\Marcel\Documents\ArmAWork\mapdisk.bat"
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Marcel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Marcel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{E12E133C-4C04-4AEF-B51B-3295E3D63929} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EF59F200-81D6-484A-8C9C-19E8FDF946C6} : DhcpNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\gu0r3978.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\gu0r3978.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\gu0r3978.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-11 13592]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-10 65536]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-11 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-3 378472]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-6-8 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-6-8 528760]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-11 79360]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-1 1432400]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-24 05:54:43 -------- d-----w- C:\Users\Marcel\AppData\Local\Unity
2012-08-24 05:38:40 -------- d-----w- C:\Users\Marcel\AppData\Local\{17FB55F8-ACA1-4EF6-A7E2-C82C218E4D7F}
2012-08-23 08:14:15 -------- d-----w- C:\Users\Marcel\AppData\Roaming\AVG
2012-08-23 05:21:14 -------- d-----w- C:\Users\Marcel\AppData\Local\{40B308FA-D067-462F-9170-075455C7FC11}
2012-08-22 13:41:36 -------- d-----w- C:\Users\Marcel\AppData\Roaming\Malwarebytes
2012-08-22 13:41:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-22 13:41:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-22 13:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-22 11:09:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-22 10:02:57 -------- d-----w- C:\Users\Marcel\AppData\Roaming\AVG2012
2012-08-22 10:02:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-22 10:01:16 -------- d--h--w- C:\$AVG
2012-08-22 10:01:16 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-22 10:01:16 -------- d-----w- C:\ProgramData\AVG2012
2012-08-22 10:00:41 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-22 09:57:06 -------- d--h--w- C:\ProgramData\Common Files
2012-08-22 09:57:06 -------- d-----w- C:\ProgramData\MFAData
2012-08-21 17:42:01 -------- d-----w- C:\Users\Marcel\AppData\Local\{6DF18CB9-FE0E-4D57-A9F0-A307828C00D8}
2012-08-21 05:41:15 -------- d-----w- C:\Users\Marcel\AppData\Local\{32D8AA04-0882-4324-B5EB-7782075CB5C0}
2012-08-20 06:56:04 -------- d-----w- C:\Users\Marcel\AppData\Local\{F4B4FCB6-28EB-4BF1-99CB-7EB30BFB218A}
2012-08-17 07:40:55 -------- d-----w- C:\Users\Marcel\AppData\Local\{DFCBA538-5946-4A8C-99E8-5359A2F1F8D1}
2012-08-16 19:40:32 -------- d-----w- C:\Users\Marcel\AppData\Local\{961625F6-3392-4613-9289-0F23FB2DBDCF}
2012-08-16 07:40:07 -------- d-----w- C:\Users\Marcel\AppData\Local\{418AFF2A-6DE0-42F5-9B19-39BA9E7DE6EB}
2012-08-16 07:39:56 -------- d-----w- C:\Users\Marcel\AppData\Local\{2C673F75-78FA-478F-AAE9-D8858EA3C138}
2012-08-15 06:59:15 -------- d-----w- C:\Users\Marcel\AppData\Local\{E71E400C-3B63-4210-92B8-B8367A23CC54}
2012-08-15 06:59:04 -------- d-----w- C:\Users\Marcel\AppData\Local\{8F386BB1-ACD8-41F1-9447-A83025B2EA47}
2012-08-14 18:58:52 -------- d-----w- C:\Users\Marcel\AppData\Local\{6EEDF95F-9245-4928-A6A1-BCC18B73AE51}
2012-08-14 18:58:40 -------- d-----w- C:\Users\Marcel\AppData\Local\{FB86EBE0-F04F-45C3-95EB-72CF29DE5AD6}
2012-08-14 06:58:26 -------- d-----w- C:\Users\Marcel\AppData\Local\{861C8683-8958-4D46-9F1C-737F592A81E7}
2012-08-14 06:58:15 -------- d-----w- C:\Users\Marcel\AppData\Local\{1A84F136-BB19-4F7D-A26C-0FA23C60A8B1}
2012-08-13 18:58:00 -------- d-----w- C:\Users\Marcel\AppData\Local\{98C1FC3A-814F-4FFB-B6F2-0B9C1D08890E}
2012-08-13 18:57:50 -------- d-----w- C:\Users\Marcel\AppData\Local\{68176FF9-7509-48C2-ADB9-5766FAE67314}
2012-08-13 06:57:22 -------- d-----w- C:\Users\Marcel\AppData\Local\{6DFCD72F-8271-4E80-B68F-FF00F4E32791}
2012-08-13 06:57:11 -------- d-----w- C:\Users\Marcel\AppData\Local\{280A14AD-21E7-486E-A022-5DAE94C3D37E}
2012-08-10 06:26:04 -------- d-----w- C:\Users\Marcel\AppData\Local\{F6FF2169-B70F-4FD7-A3C8-7F062605DF49}
2012-08-10 06:25:53 -------- d-----w- C:\Users\Marcel\AppData\Local\{3599431F-FFB3-428B-8047-1756BBA4BC5B}
2012-08-09 10:01:46 -------- d-----w- C:\Users\Marcel\AppData\Local\{B3C21B0A-8C03-43B2-929A-AFC8822D0F03}
2012-08-09 06:16:57 -------- d-----w- C:\Users\Marcel\AppData\Local\Buldozer Viewer
2012-08-09 05:55:03 -------- d-----w- C:\Program Files (x86)\Bohemia Interactive
2012-08-09 05:41:38 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2012-08-09 05:41:25 61440 ----a-w- C:\Windows\SysWow64\nvPhotoshopUtil.dll
2012-08-09 05:41:25 40960 ----a-w- C:\Windows\SysWow64\nvISWOW64.dll
2012-08-08 22:01:22 -------- d-----w- C:\Users\Marcel\AppData\Local\{89D80096-18A2-4209-8996-63AE063C5247}
2012-08-08 10:00:57 -------- d-----w- C:\Users\Marcel\AppData\Local\{3D4D2BE2-1C94-495B-A470-D04077485A8C}
2012-08-07 22:00:33 -------- d-----w- C:\Users\Marcel\AppData\Local\{86D8A01D-0366-4EF9-AC8F-2BD84BEC3D2F}
2012-08-07 10:00:05 -------- d-----w- C:\Users\Marcel\AppData\Local\{226B3A5F-137A-4ECD-95B6-A2822CB8D2DE}
2012-08-07 09:59:54 -------- d-----w- C:\Users\Marcel\AppData\Local\{748DC2B0-699F-4FC2-8226-44EDC9B3D9A8}
2012-08-03 08:16:22 -------- d-----w- C:\Users\Marcel\AppData\Roaming\Macrovision
2012-08-03 08:15:04 -------- d-----w- C:\Users\Marcel\AppData\Roaming\Roxio Burn
2012-08-03 05:59:37 -------- d-----w- C:\Users\Marcel\AppData\Local\{A9776E75-301D-4A6D-9338-75158F4469A1}
2012-08-02 17:59:11 -------- d-----w- C:\Users\Marcel\AppData\Local\{B634F1F1-D2C6-49A5-AA80-90FEAC786D0C}
2012-08-02 05:58:46 -------- d-----w- C:\Users\Marcel\AppData\Local\{2E0C2CB1-EE94-42F6-812D-C631D7685443}
2012-08-01 17:58:22 -------- d-----w- C:\Users\Marcel\AppData\Local\{81575FF8-2ADC-4507-AE0A-FE78F78317F7}
2012-08-01 17:58:11 -------- d-----w- C:\Users\Marcel\AppData\Local\{BC12C54E-B307-4CF3-9B3E-4AB48A5323C3}
2012-08-01 12:10:03 -------- d-----w- C:\Users\Marcel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-01 07:32:07 -------- d-----w- C:\Users\Marcel\AppData\Roaming\NVIDIA
2012-08-01 06:54:24 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-08-01 06:33:00 -------- d-----w- C:\Autodesk
2012-08-01 05:57:43 -------- d-----w- C:\Users\Marcel\AppData\Local\{AD589AA3-79C2-41F8-8938-DD27750A6D93}
2012-08-01 05:42:16 -------- d-----w- C:\Users\Marcel\AppData\Local\Akamai
2012-07-31 17:57:14 -------- d-----w- C:\Users\Marcel\AppData\Local\{EC97B8DA-E770-46B4-9EC0-C4776F0D9871}
2012-07-31 05:56:50 -------- d-----w- C:\Users\Marcel\AppData\Local\{3DE15219-063A-4B72-80AA-1E3CDEBE68A5}
2012-07-30 17:56:27 -------- d-----w- C:\Users\Marcel\AppData\Local\{B236F2E8-98A9-4DE4-B22A-D6C45A5C0617}
2012-07-30 17:56:16 -------- d-----w- C:\Users\Marcel\AppData\Local\{3DDA14CD-EE46-4006-861C-AC772F6B8609}
2012-07-30 05:55:45 -------- d-----w- C:\Users\Marcel\AppData\Local\{7B106C12-9B70-4A2A-A12F-DC6E7CAFAEBF}
2012-07-30 05:55:33 -------- d-----w- C:\Users\Marcel\AppData\Local\{95B3796A-932A-44C7-A9E6-6D1989DE0FEE}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 06:47:25 -------- d-----w- C:\Users\Marcel\AppData\Local\{03B44643-CE9B-4C8B-B713-D48D7939B6A6}
2012-07-27 06:47:11 -------- d-----w- C:\Users\Marcel\AppData\Local\{66763F01-BC08-4027-B68B-346100B07FFB}
2012-07-26 06:35:09 -------- d-----w- C:\Users\Marcel\AppData\Local\ElevatedDiagnostics
2012-07-26 06:34:38 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-26 06:34:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-26 06:34:36 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-26 06:34:36 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-26 06:32:38 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2012-07-26 06:32:38 148480 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2012-07-26 05:20:01 -------- d-----w- C:\Users\Marcel\AppData\Local\{D9D87E44-F2A2-4857-9816-4A20ADF21F52}
2012-07-26 05:19:48 -------- d-----w- C:\Users\Marcel\AppData\Local\{59F2452C-F1D5-4EE2-B441-E0BF987F286F}
.
==================== Find3M ====================
.
2012-07-30 05:58:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 05:58:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 05:37:58 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 05:37:57 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-13 05:37:57 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-06-27 02:14:52 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 10:17:48,43 ===============

----------------------
Attach
----------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 13-1-2012 10:08:08
System Uptime: 24-8-2012 7:37:23 (3 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 767,767 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is NetworkDisk (NTFS) - 149 GiB total, 19,357 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
P: is FIXED (NTFS) - 918 GiB total, 767,767 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat X Standard - Italiano, Español, Nederlands, Português
Adobe AIR
Adobe Download Assistant
Adobe Dreamweaver CS5
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Help Manager
Adobe Illustrator CS5.1
Adobe Media Player
Adobe Photoshop CS5.1
Adobe Reader X (10.1.4) - Nederlands
Adobe Widget Browser
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Autodesk 3ds Max 2009 32-bit
Autodesk Backburner 2013.0.0
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Medium Resolution Image Library 2013
AVG PC Tuneup
Bamboo Dock
BI's Tools drive Uninstall
Creative Configuratiescherm voor geluid
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell VideoStage
DirectX 9 Runtime
Dropbox
FBX Plugin 2009.0 for Max 2009
FileZilla Client 3.5.3
FrostWire 5.3.8
High-Definition Video Playback
Host OpenAL
Intel® Control Center
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Plus! 5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 voor Thuisgebruik en Zakelijke toepassingen
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NexusFont 2.5 (ver 2.5.7.1562)
Notepad++
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
Oxygen 2 Personal Edition Uninstall
PDF Settings CS5
PhotoShowExpress
Picasa 3
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi
SyncUP
TexView 2 Uninstall
THX TruStudio PC
TouchCopy 11
Trillian
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual Studio 2008 x64 Redistributables
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Fonts Explorer 3.6.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
WinSnap
XAMPP 1.7.7
Zinio Reader 4
.
==== End Of File ===========================


Regards
Marcel

Edited by MarcelP, 24 August 2012 - 03:26 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 24 August 2012 - 03:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 August 2012 - 04:01 AM

I've downloaded the Combofix tool and closed every program that i've had open. Including disabling my anti virus program and such.
Run the tool, did everything like it should until it came to 100% progress it closed and didnt gave me a log? What could I have done wrong here?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 24 August 2012 - 05:07 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 August 2012 - 06:04 AM

Here are the two log files from that scan:

--------------------
FRST.TXT
--------------------

Scan result of Farbar Recovery Scan Tool Version: 23-08-2012 02
Ran by SYSTEM at 24-08-2012 13:54:20
Running from K:\
Windows 7 Professional Service Pack 1 (X64) OS Language: Dutch Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-04-02] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-11-15] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-07-24] (Yuna Software)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-27] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKU\Marcel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Marcel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Marcel\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Marcel\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Marcel\...\Run: [Akamai NetSession Interface] "C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\Marcel\...\Run: [mapdisk] "C:\Users\Marcel\Documents\ArmAWork\mapdisk.bat" [x]
HKU\Yuen\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Yuen\...\Run: [AdobeBridge] [x]
HKU\Yuen\...\Run: [Google Update] "C:\Users\Yuen\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-23] (Google Inc.)
HKU\Yuen\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Yuen\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Yuen\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Yuen\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Yuen\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex [59240 2012-02-24] (Apple Inc.)
HKU\Yuen\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [59240 2012-02-24] (Apple Inc.)
Tcpip\..\Interfaces\{E12E133C-4C04-4AEF-B51B-3295E3D63929}: [NameServer]8.8.8.8,8.8.4.4

==================== Services (Whitelisted) ======

2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
2 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2012-06-11] (Autodesk)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 FileZilla Server; "C:\xampp\FileZillaFTP\FileZillaServer.exe" [632320 2012-05-11] (FileZilla Project)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-13] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-13] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2012-04-02] (LogMeIn, Inc.)
2 mi-raysat_3dsMax2009_32; "C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [65536 2008-03-09] ()
2 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
2 mi-raysat_3dsmax2013_64; "C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe" [86016 2011-09-14] ()
2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-07-10] ()
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-04-02] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2012-04-02] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2012-04-02] (LogMeIn, Inc.)
4 LMIRfsClientNP; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-24 13:54 - 2012-08-24 13:54 - 00000000 ____D C:\FRST
2012-08-24 11:49 - 2012-08-24 11:49 - 01446223 ____A (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2012-08-24 09:57 - 2012-08-24 09:57 - 00000000 ___SD C:\ComboFix
2012-08-24 09:56 - 2012-08-24 09:57 - 00000000 ____D C:\Qoobox
2012-08-24 09:56 - 2012-08-24 09:56 - 00000000 ____D C:\Windows\erdnt
2012-08-24 09:54 - 2012-08-24 09:55 - 04736524 ____R (Swearware) C:\Users\Marcel\Downloads\ComboFix.exe
2012-08-24 09:20 - 2012-08-24 09:20 - 00007332 ____A C:\Users\Marcel\Desktop\Attach.txt
2012-08-24 09:20 - 2012-08-24 09:20 - 00002636 ____A C:\Users\Marcel\Desktop\Attach.zip
2012-08-24 09:17 - 2012-08-24 09:17 - 00607260 ____R (Swearware) C:\Users\Marcel\Downloads\dds.scr
2012-08-24 09:15 - 2012-08-24 09:15 - 00881581 ____A C:\Users\Marcel\Downloads\SecurityCheck(1).exe
2012-08-24 09:14 - 2012-08-24 09:14 - 00050477 ____A C:\Users\Marcel\Downloads\Defogger.exe
2012-08-24 06:54 - 2012-08-24 06:54 - 03249480 ____A (Unity Technologies ApS) C:\Users\Marcel\Downloads\UnityWebPlayer.exe
2012-08-24 06:54 - 2012-08-24 06:54 - 00000000 ____D C:\Users\Marcel\Local Settings\Unity
2012-08-24 06:54 - 2012-08-24 06:54 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\Unity
2012-08-24 06:54 - 2012-08-24 06:54 - 00000000 ____D C:\Users\Marcel\AppData\Local\Unity
2012-08-24 06:38 - 2012-08-24 06:38 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{17FB55F8-ACA1-4EF6-A7E2-C82C218E4D7F}
2012-08-24 06:38 - 2012-08-24 06:38 - 00000000 ____D C:\Users\Marcel\Local Settings\{17FB55F8-ACA1-4EF6-A7E2-C82C218E4D7F}
2012-08-24 06:38 - 2012-08-24 06:38 - 00000000 ____D C:\Users\Marcel\AppData\Local\{17FB55F8-ACA1-4EF6-A7E2-C82C218E4D7F}
2012-08-23 09:14 - 2012-08-23 09:14 - 00000000 ____D C:\Users\Marcel\Application Data\AVG
2012-08-23 09:14 - 2012-08-23 09:14 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\AVG
2012-08-23 09:13 - 2012-08-23 09:13 - 08351040 ____A (AVG ) C:\Users\Marcel\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-23 09:13 - 2012-08-23 09:13 - 00001148 ____A C:\Users\Marcel\Desktop\AVG PC Tuneup 2011.lnk
2012-08-23 06:46 - 2012-08-23 06:46 - 00881581 ____A C:\Users\Marcel\Downloads\SecurityCheck.exe
2012-08-23 06:40 - 2012-08-23 06:40 - 04731392 ____A (AVAST Software) C:\Users\Marcel\Downloads\aswMBR.exe
2012-08-23 06:35 - 2012-08-23 06:35 - 00000000 ___RD C:\Users\Marcel\Desktop\MySyncUPFiles
2012-08-23 06:21 - 2012-08-23 06:21 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{40B308FA-D067-462F-9170-075455C7FC11}
2012-08-23 06:21 - 2012-08-23 06:21 - 00000000 ____D C:\Users\Marcel\Local Settings\{40B308FA-D067-462F-9170-075455C7FC11}
2012-08-23 06:21 - 2012-08-23 06:21 - 00000000 ____D C:\Users\Marcel\AppData\Local\{40B308FA-D067-462F-9170-075455C7FC11}
2012-08-22 14:41 - 2012-08-22 14:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Marcel\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 14:41 - 2012-08-22 14:41 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 14:41 - 2012-08-22 14:41 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 14:41 - 2012-08-22 14:41 - 00000000 ____D C:\Users\Marcel\Application Data\Malwarebytes
2012-08-22 14:41 - 2012-08-22 14:41 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Malwarebytes
2012-08-22 14:41 - 2012-08-22 14:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-22 14:41 - 2012-08-22 14:41 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-22 14:41 - 2012-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-22 14:41 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-22 14:30 - 2012-08-22 14:30 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Marcel\Downloads\tdsskiller.exe
2012-08-22 13:51 - 2012-08-22 13:51 - 00000118 ____A C:\Users\Marcel\Desktop\Manual Way to Remove Patched_c.LXT Completely From Windows XP7Vista - YooCare How-to Guides - YooCare Blog.URL
2012-08-22 12:09 - 2012-08-22 12:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-22 11:02 - 2012-08-22 11:02 - 00000977 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-22 11:02 - 2012-08-22 11:02 - 00000977 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-22 11:02 - 2012-08-22 11:02 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-22 11:02 - 2012-08-22 11:02 - 00000000 ____D C:\Users\Marcel\Application Data\AVG2012
2012-08-22 11:02 - 2012-08-22 11:02 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\AVG2012
2012-08-22 11:01 - 2012-08-24 06:41 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-22 11:01 - 2012-08-23 06:20 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-22 11:01 - 2012-08-23 06:20 - 00000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-08-22 11:01 - 2012-08-22 11:01 - 00000000 ___HD C:\$AVG
2012-08-22 11:00 - 2012-08-23 09:13 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-22 10:57 - 2012-08-24 09:16 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-22 10:57 - 2012-08-24 09:16 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-08-22 10:54 - 2012-08-22 10:54 - 03879800 ____A (AVG Technologies) C:\Users\Marcel\Downloads\avg_free_stb_eu_2012_2197_free.exe
2012-08-21 18:42 - 2012-08-22 06:42 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{6DF18CB9-FE0E-4D57-A9F0-A307828C00D8}
2012-08-21 18:42 - 2012-08-22 06:42 - 00000000 ____D C:\Users\Marcel\Local Settings\{6DF18CB9-FE0E-4D57-A9F0-A307828C00D8}
2012-08-21 18:42 - 2012-08-22 06:42 - 00000000 ____D C:\Users\Marcel\AppData\Local\{6DF18CB9-FE0E-4D57-A9F0-A307828C00D8}
2012-08-21 08:31 - 2012-08-21 08:41 - 95614089 ____A C:\Users\Marcel\Downloads\xampp-win32-1.8.0-VC9-installer.exe
2012-08-21 06:57 - 2012-08-21 06:57 - 00319488 ____A C:\Users\Marcel\Downloads\Euferia_OX_2.max
2012-08-21 06:41 - 2012-08-21 06:41 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{32D8AA04-0882-4324-B5EB-7782075CB5C0}
2012-08-21 06:41 - 2012-08-21 06:41 - 00000000 ____D C:\Users\Marcel\Local Settings\{32D8AA04-0882-4324-B5EB-7782075CB5C0}
2012-08-21 06:41 - 2012-08-21 06:41 - 00000000 ____D C:\Users\Marcel\AppData\Local\{32D8AA04-0882-4324-B5EB-7782075CB5C0}
2012-08-20 15:14 - 2012-08-20 15:15 - 00150324 ____A C:\Users\Marcel\Desktop\tabtitle1.psd
2012-08-20 07:56 - 2012-08-20 07:56 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{F4B4FCB6-28EB-4BF1-99CB-7EB30BFB218A}
2012-08-20 07:56 - 2012-08-20 07:56 - 00000000 ____D C:\Users\Marcel\Local Settings\{F4B4FCB6-28EB-4BF1-99CB-7EB30BFB218A}
2012-08-20 07:56 - 2012-08-20 07:56 - 00000000 ____D C:\Users\Marcel\AppData\Local\{F4B4FCB6-28EB-4BF1-99CB-7EB30BFB218A}
2012-08-20 07:50 - 2012-08-20 07:50 - 00000000 ____D C:\Users\Marcel\Desktop\[X-Force] Adobe CS6 Master Collection Keygen
2012-08-20 07:43 - 2012-08-20 07:43 - 01511519 ____A C:\Users\Marcel\Downloads\__Adobe_Dreamweaver_CS6_Keygen___Crack__.rar
2012-08-17 12:04 - 2012-08-17 12:04 - 00319488 ____A C:\Users\Marcel\Downloads\GT6_v2.max
2012-08-17 08:40 - 2012-08-17 08:41 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{DFCBA538-5946-4A8C-99E8-5359A2F1F8D1}
2012-08-17 08:40 - 2012-08-17 08:41 - 00000000 ____D C:\Users\Marcel\Local Settings\{DFCBA538-5946-4A8C-99E8-5359A2F1F8D1}
2012-08-17 08:40 - 2012-08-17 08:41 - 00000000 ____D C:\Users\Marcel\AppData\Local\{DFCBA538-5946-4A8C-99E8-5359A2F1F8D1}
2012-08-16 20:40 - 2012-08-16 20:40 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{961625F6-3392-4613-9289-0F23FB2DBDCF}
2012-08-16 20:40 - 2012-08-16 20:40 - 00000000 ____D C:\Users\Marcel\Local Settings\{961625F6-3392-4613-9289-0F23FB2DBDCF}
2012-08-16 20:40 - 2012-08-16 20:40 - 00000000 ____D C:\Users\Marcel\AppData\Local\{961625F6-3392-4613-9289-0F23FB2DBDCF}
2012-08-16 12:56 - 2012-08-16 12:56 - 00029696 ____A C:\Users\Marcel\Desktop\top.psd
2012-08-16 08:40 - 2012-08-16 08:40 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{418AFF2A-6DE0-42F5-9B19-39BA9E7DE6EB}
2012-08-16 08:40 - 2012-08-16 08:40 - 00000000 ____D C:\Users\Marcel\Local Settings\{418AFF2A-6DE0-42F5-9B19-39BA9E7DE6EB}
2012-08-16 08:40 - 2012-08-16 08:40 - 00000000 ____D C:\Users\Marcel\AppData\Local\{418AFF2A-6DE0-42F5-9B19-39BA9E7DE6EB}
2012-08-16 08:39 - 2012-08-17 08:40 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{2C673F75-78FA-478F-AAE9-D8858EA3C138}
2012-08-16 08:39 - 2012-08-17 08:40 - 00000000 ____D C:\Users\Marcel\Local Settings\{2C673F75-78FA-478F-AAE9-D8858EA3C138}
2012-08-16 08:39 - 2012-08-17 08:40 - 00000000 ____D C:\Users\Marcel\AppData\Local\{2C673F75-78FA-478F-AAE9-D8858EA3C138}
2012-08-15 08:08 - 2012-08-15 08:08 - 00339968 ____A C:\Users\Marcel\Downloads\Lemans_v1.max
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{E71E400C-3B63-4210-92B8-B8367A23CC54}
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{8F386BB1-ACD8-41F1-9447-A83025B2EA47}
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{E71E400C-3B63-4210-92B8-B8367A23CC54}
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{8F386BB1-ACD8-41F1-9447-A83025B2EA47}
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{E71E400C-3B63-4210-92B8-B8367A23CC54}
2012-08-15 07:59 - 2012-08-15 07:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{8F386BB1-ACD8-41F1-9447-A83025B2EA47}
2012-08-14 19:58 - 2012-08-14 19:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{6EEDF95F-9245-4928-A6A1-BCC18B73AE51}
2012-08-14 19:58 - 2012-08-14 19:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{6EEDF95F-9245-4928-A6A1-BCC18B73AE51}
2012-08-14 19:58 - 2012-08-14 19:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{6EEDF95F-9245-4928-A6A1-BCC18B73AE51}
2012-08-14 19:58 - 2012-08-14 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{FB86EBE0-F04F-45C3-95EB-72CF29DE5AD6}
2012-08-14 19:58 - 2012-08-14 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{FB86EBE0-F04F-45C3-95EB-72CF29DE5AD6}
2012-08-14 19:58 - 2012-08-14 19:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{FB86EBE0-F04F-45C3-95EB-72CF29DE5AD6}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{861C8683-8958-4D46-9F1C-737F592A81E7}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{1A84F136-BB19-4F7D-A26C-0FA23C60A8B1}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{861C8683-8958-4D46-9F1C-737F592A81E7}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{1A84F136-BB19-4F7D-A26C-0FA23C60A8B1}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{861C8683-8958-4D46-9F1C-737F592A81E7}
2012-08-14 07:58 - 2012-08-14 07:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{1A84F136-BB19-4F7D-A26C-0FA23C60A8B1}
2012-08-13 19:58 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{98C1FC3A-814F-4FFB-B6F2-0B9C1D08890E}
2012-08-13 19:58 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{98C1FC3A-814F-4FFB-B6F2-0B9C1D08890E}
2012-08-13 19:58 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{98C1FC3A-814F-4FFB-B6F2-0B9C1D08890E}
2012-08-13 19:57 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{68176FF9-7509-48C2-ADB9-5766FAE67314}
2012-08-13 19:57 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{68176FF9-7509-48C2-ADB9-5766FAE67314}
2012-08-13 19:57 - 2012-08-13 19:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{68176FF9-7509-48C2-ADB9-5766FAE67314}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{6DFCD72F-8271-4E80-B68F-FF00F4E32791}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{280A14AD-21E7-486E-A022-5DAE94C3D37E}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{6DFCD72F-8271-4E80-B68F-FF00F4E32791}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{280A14AD-21E7-486E-A022-5DAE94C3D37E}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{6DFCD72F-8271-4E80-B68F-FF00F4E32791}
2012-08-13 07:57 - 2012-08-13 07:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{280A14AD-21E7-486E-A022-5DAE94C3D37E}
2012-08-13 06:32 - 2012-08-13 06:32 - 00417792 ____A C:\Users\Marcel\Downloads\SuperRem7_Final.max
2012-08-10 07:26 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{F6FF2169-B70F-4FD7-A3C8-7F062605DF49}
2012-08-10 07:26 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\Local Settings\{F6FF2169-B70F-4FD7-A3C8-7F062605DF49}
2012-08-10 07:26 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\AppData\Local\{F6FF2169-B70F-4FD7-A3C8-7F062605DF49}
2012-08-10 07:25 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{3599431F-FFB3-428B-8047-1756BBA4BC5B}
2012-08-10 07:25 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\Local Settings\{3599431F-FFB3-428B-8047-1756BBA4BC5B}
2012-08-10 07:25 - 2012-08-10 07:26 - 00000000 ____D C:\Users\Marcel\AppData\Local\{3599431F-FFB3-428B-8047-1756BBA4BC5B}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{B3C21B0A-8C03-43B2-929A-AFC8822D0F03}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\{B3C21B0A-8C03-43B2-929A-AFC8822D0F03}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\{B3C21B0A-8C03-43B2-929A-AFC8822D0F03}
2012-08-09 07:16 - 2012-08-10 13:12 - 00000000 ____D C:\Users\Marcel\Local Settings\Buldozer Viewer
2012-08-09 07:16 - 2012-08-10 13:12 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\Buldozer Viewer
2012-08-09 07:16 - 2012-08-10 13:12 - 00000000 ____D C:\Users\Marcel\AppData\Local\Buldozer Viewer
2012-08-09 07:16 - 2012-08-10 07:00 - 00000000 ____D C:\Users\Marcel\Documents\ArmA
2012-08-09 07:12 - 2012-08-22 08:54 - 00000132 ____A C:\Users\Marcel\Application Data\Adobe Targa Format CS5 Prefs
2012-08-09 07:12 - 2012-08-22 08:54 - 00000132 ____A C:\Users\Marcel\AppData\Roaming\Adobe Targa Format CS5 Prefs
2012-08-09 07:04 - 2012-08-24 11:49 - 00000000 ____D C:\Users\Marcel\Documents\ArmAWork
2012-08-09 06:55 - 2012-08-09 06:55 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2012-08-09 06:41 - 2012-08-09 06:41 - 18518446 ____A (InstallShield Software Corporation) C:\Users\Marcel\Downloads\Photoshop_Plugins_x64_8.54.0625.1800.exe
2012-08-09 06:41 - 2012-08-09 06:41 - 00151552 ____A C:\Windows\SysWOW64\nvRegDev.dll
2012-08-09 06:41 - 2012-08-09 06:41 - 00061440 ____A C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2012-08-09 06:41 - 2012-08-09 06:41 - 00040960 ____A C:\Windows\SysWOW64\nvISWOW64.dll
2012-08-08 23:01 - 2012-08-08 23:01 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{89D80096-18A2-4209-8996-63AE063C5247}
2012-08-08 23:01 - 2012-08-08 23:01 - 00000000 ____D C:\Users\Marcel\Local Settings\{89D80096-18A2-4209-8996-63AE063C5247}
2012-08-08 23:01 - 2012-08-08 23:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\{89D80096-18A2-4209-8996-63AE063C5247}
2012-08-08 12:54 - 2012-08-08 12:54 - 52901070 ____A C:\Users\Marcel\Desktop\surf.psd
2012-08-08 11:00 - 2012-08-08 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{3D4D2BE2-1C94-495B-A470-D04077485A8C}
2012-08-08 11:00 - 2012-08-08 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\{3D4D2BE2-1C94-495B-A470-D04077485A8C}
2012-08-08 11:00 - 2012-08-08 11:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\{3D4D2BE2-1C94-495B-A470-D04077485A8C}
2012-08-07 23:00 - 2012-08-07 23:00 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{86D8A01D-0366-4EF9-AC8F-2BD84BEC3D2F}
2012-08-07 23:00 - 2012-08-07 23:00 - 00000000 ____D C:\Users\Marcel\Local Settings\{86D8A01D-0366-4EF9-AC8F-2BD84BEC3D2F}
2012-08-07 23:00 - 2012-08-07 23:00 - 00000000 ____D C:\Users\Marcel\AppData\Local\{86D8A01D-0366-4EF9-AC8F-2BD84BEC3D2F}
2012-08-07 11:00 - 2012-08-07 11:00 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{226B3A5F-137A-4ECD-95B6-A2822CB8D2DE}
2012-08-07 11:00 - 2012-08-07 11:00 - 00000000 ____D C:\Users\Marcel\Local Settings\{226B3A5F-137A-4ECD-95B6-A2822CB8D2DE}
2012-08-07 11:00 - 2012-08-07 11:00 - 00000000 ____D C:\Users\Marcel\AppData\Local\{226B3A5F-137A-4ECD-95B6-A2822CB8D2DE}
2012-08-07 10:59 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{748DC2B0-699F-4FC2-8226-44EDC9B3D9A8}
2012-08-07 10:59 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\Local Settings\{748DC2B0-699F-4FC2-8226-44EDC9B3D9A8}
2012-08-07 10:59 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\{748DC2B0-699F-4FC2-8226-44EDC9B3D9A8}
2012-08-03 13:40 - 2012-08-03 13:40 - 06792378 ____A C:\Users\Marcel\Desktop\natuurlijkafvallen-500x500.psd
2012-08-03 13:38 - 2012-08-03 13:38 - 33207999 ____A C:\Users\Marcel\Desktop\zomerkrediet-500x500.psd
2012-08-03 10:08 - 2012-08-03 10:08 - 00017477 ____A C:\Users\Marcel\Downloads\tono-terry-de.sql
2012-08-03 09:44 - 2012-08-03 09:44 - 00115105 ____A C:\Users\Marcel\Desktop\header_top(2).psd
2012-08-03 09:16 - 2012-08-03 09:16 - 00000000 ____D C:\Users\Marcel\Application Data\Macrovision
2012-08-03 09:16 - 2012-08-03 09:16 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Macrovision
2012-08-03 09:15 - 2012-08-03 09:15 - 00000000 ____D C:\Users\Marcel\Application Data\Roxio Burn
2012-08-03 09:15 - 2012-08-03 09:15 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Roxio Burn
2012-08-03 06:59 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{A9776E75-301D-4A6D-9338-75158F4469A1}
2012-08-03 06:59 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{A9776E75-301D-4A6D-9338-75158F4469A1}
2012-08-03 06:59 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{A9776E75-301D-4A6D-9338-75158F4469A1}
2012-08-02 18:59 - 2012-08-02 18:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{B634F1F1-D2C6-49A5-AA80-90FEAC786D0C}
2012-08-02 18:59 - 2012-08-02 18:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{B634F1F1-D2C6-49A5-AA80-90FEAC786D0C}
2012-08-02 18:59 - 2012-08-02 18:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{B634F1F1-D2C6-49A5-AA80-90FEAC786D0C}
2012-08-02 06:58 - 2012-08-02 06:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{2E0C2CB1-EE94-42F6-812D-C631D7685443}
2012-08-02 06:58 - 2012-08-02 06:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{2E0C2CB1-EE94-42F6-812D-C631D7685443}
2012-08-02 06:58 - 2012-08-02 06:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{2E0C2CB1-EE94-42F6-812D-C631D7685443}
2012-08-01 18:58 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{BC12C54E-B307-4CF3-9B3E-4AB48A5323C3}
2012-08-01 18:58 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\Local Settings\{BC12C54E-B307-4CF3-9B3E-4AB48A5323C3}
2012-08-01 18:58 - 2012-08-03 06:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\{BC12C54E-B307-4CF3-9B3E-4AB48A5323C3}
2012-08-01 18:58 - 2012-08-01 18:58 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{81575FF8-2ADC-4507-AE0A-FE78F78317F7}
2012-08-01 18:58 - 2012-08-01 18:58 - 00000000 ____D C:\Users\Marcel\Local Settings\{81575FF8-2ADC-4507-AE0A-FE78F78317F7}
2012-08-01 18:58 - 2012-08-01 18:58 - 00000000 ____D C:\Users\Marcel\AppData\Local\{81575FF8-2ADC-4507-AE0A-FE78F78317F7}
2012-08-01 13:10 - 2012-08-01 13:10 - 00000000 ____D C:\Users\Public\Documents\Adobe
2012-08-01 13:10 - 2012-08-01 13:10 - 00000000 ____D C:\Users\Marcel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-01 13:10 - 2012-08-01 13:10 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-01 13:10 - 2012-08-01 13:10 - 00000000 ____D C:\Users\All Users\Documents\Adobe
2012-08-01 08:32 - 2012-08-01 08:32 - 00000000 ____D C:\Users\Marcel\Application Data\NVIDIA
2012-08-01 08:32 - 2012-08-01 08:32 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\NVIDIA
2012-08-01 07:58 - 2012-08-01 07:58 - 00000000 ____D C:\Users\Marcel\Documents\Inventor Server x64 Direct Connect
2012-08-01 07:58 - 2012-08-01 07:58 - 00000000 ____D C:\Users\Marcel\Documents\Inventor Server x64 3dsMax
2012-08-01 07:54 - 2012-08-01 07:54 - 00001928 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-08-01 07:54 - 2012-08-01 07:54 - 00001928 ____A C:\Users\All Users\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-08-01 07:54 - 2012-08-01 07:54 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-08-01 07:42 - 2010-06-02 03:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-08-01 07:42 - 2010-06-02 03:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-08-01 07:42 - 2010-06-02 03:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-08-01 07:42 - 2010-06-02 03:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-08-01 07:42 - 2010-06-02 03:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-08-01 07:42 - 2010-06-02 03:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-08-01 07:42 - 2010-05-26 10:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-08-01 07:42 - 2010-02-04 09:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-08-01 07:42 - 2009-09-04 16:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-08-01 07:42 - 2009-09-04 16:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-08-01 07:42 - 2009-09-04 16:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-08-01 07:42 - 2009-09-04 16:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-08-01 07:42 - 2009-09-04 16:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-08-01 07:42 - 2009-03-16 13:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-08-01 07:42 - 2009-03-09 14:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-08-01 07:42 - 2009-03-09 14:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-08-01 07:42 - 2009-03-09 14:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-08-01 07:42 - 2009-03-09 14:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-08-01 07:42 - 2008-10-27 09:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-08-01 07:42 - 2008-10-15 05:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-08-01 07:42 - 2008-10-15 05:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-08-01 07:42 - 2008-10-15 05:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-08-01 07:42 - 2008-10-15 05:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-08-01 07:42 - 2008-10-15 05:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-08-01 07:42 - 2008-07-31 09:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-08-01 07:42 - 2008-07-31 09:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-08-01 07:42 - 2008-07-31 09:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-08-01 07:42 - 2008-07-31 09:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-08-01 07:42 - 2008-07-31 09:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-08-01 07:42 - 2008-07-31 09:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-08-01 07:42 - 2008-07-10 10:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-08-01 07:42 - 2008-07-10 10:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-08-01 07:42 - 2008-07-10 10:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-08-01 07:42 - 2008-07-10 10:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-08-01 07:42 - 2008-07-10 10:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-08-01 07:42 - 2008-07-10 10:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-08-01 07:42 - 2008-05-30 13:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-08-01 07:42 - 2008-05-30 13:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-08-01 07:42 - 2008-05-30 13:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-08-01 07:42 - 2008-05-30 13:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-08-01 07:42 - 2008-05-30 13:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-08-01 07:42 - 2008-05-30 13:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-08-01 07:42 - 2008-05-30 13:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-08-01 07:42 - 2008-05-30 13:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-08-01 07:42 - 2008-05-30 13:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-08-01 07:42 - 2008-03-05 15:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-08-01 07:42 - 2008-03-05 15:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-08-01 07:42 - 2008-03-05 15:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-08-01 07:42 - 2008-03-05 15:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-08-01 07:42 - 2008-03-05 15:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-08-01 07:42 - 2008-03-05 15:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-08-01 07:42 - 2008-03-05 14:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-08-01 07:42 - 2008-03-05 14:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-08-01 07:42 - 2008-03-05 14:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-08-01 07:42 - 2008-03-05 14:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-08-01 07:42 - 2008-02-05 22:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-08-01 07:42 - 2008-02-05 22:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-08-01 07:33 - 2012-08-01 07:33 - 00000000 ____D C:\Autodesk
2012-08-01 06:57 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{AD589AA3-79C2-41F8-8938-DD27750A6D93}
2012-08-01 06:57 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{AD589AA3-79C2-41F8-8938-DD27750A6D93}
2012-08-01 06:57 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{AD589AA3-79C2-41F8-8938-DD27750A6D93}
2012-08-01 06:43 - 2012-08-01 07:11 - 3203359485 ____A C:\Users\Marcel\Downloads\Autodesk_3ds_Max_2013_EFGKJS_Win_64bit.exe
2012-08-01 06:42 - 2012-08-24 06:39 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\Akamai
2012-08-01 06:42 - 2012-08-24 06:39 - 00000000 ____D C:\Users\Marcel\Local Settings\Akamai
2012-08-01 06:42 - 2012-08-24 06:39 - 00000000 ____D C:\Users\Marcel\AppData\Local\Akamai
2012-08-01 06:41 - 2012-08-01 06:41 - 10720808 ____A (Akamai Technologies, Inc) C:\Users\Marcel\Downloads\installer.exe
2012-07-31 18:57 - 2012-07-31 18:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{EC97B8DA-E770-46B4-9EC0-C4776F0D9871}
2012-07-31 18:57 - 2012-07-31 18:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{EC97B8DA-E770-46B4-9EC0-C4776F0D9871}
2012-07-31 18:57 - 2012-07-31 18:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{EC97B8DA-E770-46B4-9EC0-C4776F0D9871}
2012-07-31 13:24 - 2012-07-31 13:24 - 00899155 ____A C:\Users\Marcel\Desktop\analytics.psd
2012-07-31 07:02 - 2012-07-31 07:02 - 00380736 ____A C:\Users\Marcel\Downloads\m1_f00e412d.sql
2012-07-31 06:56 - 2012-07-31 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{3DE15219-063A-4B72-80AA-1E3CDEBE68A5}
2012-07-31 06:56 - 2012-07-31 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{3DE15219-063A-4B72-80AA-1E3CDEBE68A5}
2012-07-31 06:56 - 2012-07-31 06:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{3DE15219-063A-4B72-80AA-1E3CDEBE68A5}
2012-07-30 18:56 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{3DDA14CD-EE46-4006-861C-AC772F6B8609}
2012-07-30 18:56 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\Local Settings\{3DDA14CD-EE46-4006-861C-AC772F6B8609}
2012-07-30 18:56 - 2012-08-01 06:57 - 00000000 ____D C:\Users\Marcel\AppData\Local\{3DDA14CD-EE46-4006-861C-AC772F6B8609}
2012-07-30 18:56 - 2012-07-30 18:56 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{B236F2E8-98A9-4DE4-B22A-D6C45A5C0617}
2012-07-30 18:56 - 2012-07-30 18:56 - 00000000 ____D C:\Users\Marcel\Local Settings\{B236F2E8-98A9-4DE4-B22A-D6C45A5C0617}
2012-07-30 18:56 - 2012-07-30 18:56 - 00000000 ____D C:\Users\Marcel\AppData\Local\{B236F2E8-98A9-4DE4-B22A-D6C45A5C0617}
2012-07-30 08:07 - 2012-07-30 07:07 - 00090878 ____A C:\Users\Marcel\Downloads\dievitaditistenpraktijk.wordpress.2012-07-30.xml
2012-07-30 07:07 - 2012-07-30 07:08 - 05351236 ____A C:\Users\Marcel\Downloads\wordpress-3.4.1-nl_NL.zip
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{95B3796A-932A-44C7-A9E6-6D1989DE0FEE}
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{7B106C12-9B70-4A2A-A12F-DC6E7CAFAEBF}
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\Local Settings\{95B3796A-932A-44C7-A9E6-6D1989DE0FEE}
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\Local Settings\{7B106C12-9B70-4A2A-A12F-DC6E7CAFAEBF}
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\AppData\Local\{95B3796A-932A-44C7-A9E6-6D1989DE0FEE}
2012-07-30 06:55 - 2012-07-30 06:55 - 00000000 ____D C:\Users\Marcel\AppData\Local\{7B106C12-9B70-4A2A-A12F-DC6E7CAFAEBF}
2012-07-27 09:24 - 2012-07-27 09:24 - 15267728 ____A (Google Inc.) C:\Users\Marcel\Downloads\picasa39-setup.exe
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{66763F01-BC08-4027-B68B-346100B07FFB}
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{03B44643-CE9B-4C8B-B713-D48D7939B6A6}
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\Local Settings\{66763F01-BC08-4027-B68B-346100B07FFB}
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\Local Settings\{03B44643-CE9B-4C8B-B713-D48D7939B6A6}
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\AppData\Local\{66763F01-BC08-4027-B68B-346100B07FFB}
2012-07-27 07:47 - 2012-07-27 07:47 - 00000000 ____D C:\Users\Marcel\AppData\Local\{03B44643-CE9B-4C8B-B713-D48D7939B6A6}
2012-07-26 07:34 - 2012-07-26 07:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-26 07:32 - 2009-03-26 13:46 - 00148480 ____A C:\Windows\SysWOW64\APOMngr.DLL
2012-07-26 07:32 - 2009-02-06 17:52 - 00073728 ____A C:\Windows\SysWOW64\CmdRtr.DLL
2012-07-26 06:20 - 2012-07-26 06:20 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{D9D87E44-F2A2-4857-9816-4A20ADF21F52}
2012-07-26 06:20 - 2012-07-26 06:20 - 00000000 ____D C:\Users\Marcel\Local Settings\{D9D87E44-F2A2-4857-9816-4A20ADF21F52}
2012-07-26 06:20 - 2012-07-26 06:20 - 00000000 ____D C:\Users\Marcel\AppData\Local\{D9D87E44-F2A2-4857-9816-4A20ADF21F52}
2012-07-26 06:19 - 2012-07-26 06:19 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{59F2452C-F1D5-4EE2-B441-E0BF987F286F}
2012-07-26 06:19 - 2012-07-26 06:19 - 00000000 ____D C:\Users\Marcel\Local Settings\{59F2452C-F1D5-4EE2-B441-E0BF987F286F}
2012-07-26 06:19 - 2012-07-26 06:19 - 00000000 ____D C:\Users\Marcel\AppData\Local\{59F2452C-F1D5-4EE2-B441-E0BF987F286F}
2012-07-25 08:05 - 2012-07-25 08:05 - 00000000 ____D C:\Users\Marcel\Local Settings\Application Data\{609BAA0E-252C-4829-9935-2CE5B2083941}
2012-07-25 08:05 - 2012-07-25 08:05 - 00000000 ____D C:\Users\Marcel\Local Settings\{609BAA0E-252C-4829-9935-2CE5B2083941}
2012-07-25 08:05 - 2012-07-25 08:05 - 00000000 ____D C:\Users\Marcel\AppData\Local\{609BAA0E-252C-4829-9935-2CE5B2083941}

============ 3 Months Modified Files ========================

2012-08-24 11:50 - 2010-11-21 17:48 - 00746086 ____A C:\Windows\System32\perfh013.dat
2012-08-24 11:50 - 2010-11-21 17:48 - 00153292 ____A C:\Windows\System32\perfc013.dat
2012-08-24 11:50 - 2009-07-14 06:13 - 01671180 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-24 11:49 - 2012-08-24 11:49 - 01446223 ____A (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2012-08-24 11:49 - 2012-01-23 14:34 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289559235-2106851397-1524512692-1000UA.job
2012-08-24 11:48 - 2012-06-01 07:31 - 00009511 ____A C:\Windows\setupact.log
2012-08-24 11:47 - 2012-04-18 11:02 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-24 11:40 - 2012-04-18 11:02 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-24 10:45 - 2012-06-11 10:27 - 00001456 ____A C:\Users\Marcel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-08-24 10:45 - 2012-06-11 10:27 - 00001456 ____A C:\Users\Marcel\Local Settings\Adobe Save for Web 12.0 Prefs
2012-08-24 10:45 - 2012-06-11 10:27 - 00001456 ____A C:\Users\Marcel\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-24 09:55 - 2012-08-24 09:54 - 04736524 ____R (Swearware) C:\Users\Marcel\Downloads\ComboFix.exe
2012-08-24 09:20 - 2012-08-24 09:20 - 00007332 ____A C:\Users\Marcel\Desktop\Attach.txt
2012-08-24 09:20 - 2012-08-24 09:20 - 00002636 ____A C:\Users\Marcel\Desktop\Attach.zip
2012-08-24 09:17 - 2012-08-24 09:17 - 00607260 ____R (Swearware) C:\Users\Marcel\Downloads\dds.scr
2012-08-24 09:15 - 2012-08-24 09:15 - 00881581 ____A C:\Users\Marcel\Downloads\SecurityCheck(1).exe
2012-08-24 09:14 - 2012-08-24 09:14 - 00050477 ____A C:\Users\Marcel\Downloads\Defogger.exe
2012-08-24 07:49 - 2012-01-23 14:34 - 00001010 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289559235-2106851397-1524512692-1000Core.job
2012-08-24 06:54 - 2012-08-24 06:54 - 03249480 ____A (Unity Technologies ApS) C:\Users\Marcel\Downloads\UnityWebPlayer.exe
2012-08-24 06:45 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-24 06:45 - 2009-07-14 05:45 - 00025040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-24 06:38 - 2012-06-08 07:41 - 00058673 ____A C:\Windows\WindowsUpdate.log
2012-08-24 06:37 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-23 09:13 - 2012-08-23 09:13 - 08351040 ____A (AVG ) C:\Users\Marcel\Downloads\avg_pct_stf_all_10_27_c4.exe
2012-08-23 09:13 - 2012-08-23 09:13 - 00001148 ____A C:\Users\Marcel\Desktop\AVG PC Tuneup 2011.lnk
2012-08-23 06:46 - 2012-08-23 06:46 - 00881581 ____A C:\Users\Marcel\Downloads\SecurityCheck.exe
2012-08-23 06:40 - 2012-08-23 06:40 - 04731392 ____A (AVAST Software) C:\Users\Marcel\Downloads\aswMBR.exe
2012-08-23 06:19 - 2012-06-06 13:14 - 00169078 ____A C:\Windows\PFRO.log
2012-08-22 14:41 - 2012-08-22 14:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Marcel\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-22 14:41 - 2012-08-22 14:41 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 14:41 - 2012-08-22 14:41 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-22 14:30 - 2012-08-22 14:30 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Marcel\Downloads\tdsskiller.exe
2012-08-22 13:51 - 2012-08-22 13:51 - 00000118 ____A C:\Users\Marcel\Desktop\Manual Way to Remove Patched_c.LXT Completely From Windows XP7Vista - YooCare How-to Guides - YooCare Blog.URL
2012-08-22 11:02 - 2012-08-22 11:02 - 00000977 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-22 11:02 - 2012-08-22 11:02 - 00000977 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-08-22 10:54 - 2012-08-22 10:54 - 03879800 ____A (AVG Technologies) C:\Users\Marcel\Downloads\avg_free_stb_eu_2012_2197_free.exe
2012-08-22 08:54 - 2012-08-09 07:12 - 00000132 ____A C:\Users\Marcel\Application Data\Adobe Targa Format CS5 Prefs
2012-08-22 08:54 - 2012-08-09 07:12 - 00000132 ____A C:\Users\Marcel\AppData\Roaming\Adobe Targa Format CS5 Prefs
2012-08-21 08:41 - 2012-08-21 08:31 - 95614089 ____A C:\Users\Marcel\Downloads\xampp-win32-1.8.0-VC9-installer.exe
2012-08-21 06:57 - 2012-08-21 06:57 - 00319488 ____A C:\Users\Marcel\Downloads\Euferia_OX_2.max
2012-08-20 15:15 - 2012-08-20 15:14 - 00150324 ____A C:\Users\Marcel\Desktop\tabtitle1.psd
2012-08-20 07:43 - 2012-08-20 07:43 - 01511519 ____A C:\Users\Marcel\Downloads\__Adobe_Dreamweaver_CS6_Keygen___Crack__.rar
2012-08-17 12:04 - 2012-08-17 12:04 - 00319488 ____A C:\Users\Marcel\Downloads\GT6_v2.max
2012-08-16 12:56 - 2012-08-16 12:56 - 00029696 ____A C:\Users\Marcel\Desktop\top.psd
2012-08-15 08:08 - 2012-08-15 08:08 - 00339968 ____A C:\Users\Marcel\Downloads\Lemans_v1.max
2012-08-13 06:32 - 2012-08-13 06:32 - 00417792 ____A C:\Users\Marcel\Downloads\SuperRem7_Final.max
2012-08-09 06:41 - 2012-08-09 06:41 - 18518446 ____A (InstallShield Software Corporation) C:\Users\Marcel\Downloads\Photoshop_Plugins_x64_8.54.0625.1800.exe
2012-08-09 06:41 - 2012-08-09 06:41 - 00151552 ____A C:\Windows\SysWOW64\nvRegDev.dll
2012-08-09 06:41 - 2012-08-09 06:41 - 00061440 ____A C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2012-08-09 06:41 - 2012-08-09 06:41 - 00040960 ____A C:\Windows\SysWOW64\nvISWOW64.dll
2012-08-08 12:54 - 2012-08-08 12:54 - 52901070 ____A C:\Users\Marcel\Desktop\surf.psd
2012-08-03 13:40 - 2012-08-03 13:40 - 06792378 ____A C:\Users\Marcel\Desktop\natuurlijkafvallen-500x500.psd
2012-08-03 13:38 - 2012-08-03 13:38 - 33207999 ____A C:\Users\Marcel\Desktop\zomerkrediet-500x500.psd
2012-08-03 10:08 - 2012-08-03 10:08 - 00017477 ____A C:\Users\Marcel\Downloads\tono-terry-de.sql
2012-08-03 09:44 - 2012-08-03 09:44 - 00115105 ____A C:\Users\Marcel\Desktop\header_top(2).psd
2012-08-01 07:54 - 2012-08-01 07:54 - 00001928 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-08-01 07:54 - 2012-08-01 07:54 - 00001928 ____A C:\Users\All Users\Desktop\Autodesk 3ds Max 2013 64-bit.lnk
2012-08-01 07:44 - 2009-07-14 03:34 - 00017832 ____A C:\Windows\System32\Drivers\etc\services
2012-08-01 07:42 - 2012-06-11 08:19 - 00071920 ____A C:\Windows\DirectX.log
2012-08-01 07:11 - 2012-08-01 06:43 - 3203359485 ____A C:\Users\Marcel\Downloads\Autodesk_3ds_Max_2013_EFGKJS_Win_64bit.exe
2012-08-01 06:41 - 2012-08-01 06:41 - 10720808 ____A (Akamai Technologies, Inc) C:\Users\Marcel\Downloads\installer.exe
2012-07-31 13:24 - 2012-07-31 13:24 - 00899155 ____A C:\Users\Marcel\Desktop\analytics.psd
2012-07-31 07:02 - 2012-07-31 07:02 - 00380736 ____A C:\Users\Marcel\Downloads\m1_f00e412d.sql
2012-07-30 07:08 - 2012-07-30 07:07 - 05351236 ____A C:\Users\Marcel\Downloads\wordpress-3.4.1-nl_NL.zip
2012-07-30 07:07 - 2012-07-30 08:07 - 00090878 ____A C:\Users\Marcel\Downloads\dievitaditistenpraktijk.wordpress.2012-07-30.xml
2012-07-30 06:58 - 2012-06-22 09:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-30 06:58 - 2012-01-10 23:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-27 09:24 - 2012-07-27 09:24 - 15267728 ____A (Google Inc.) C:\Users\Marcel\Downloads\picasa39-setup.exe
2012-07-26 07:34 - 2012-07-26 07:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-26 07:34 - 2012-07-26 07:34 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-26 07:32 - 2012-01-10 23:43 - 00001733 __RAH C:\Windows\ctfile.rfc
2012-07-23 12:14 - 2012-06-01 07:55 - 00183152 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-07-23 08:51 - 2012-07-23 08:51 - 43361640 ____A (Apple Inc.) C:\Users\Marcel\Downloads\iCloudSetup.exe
2012-07-23 08:03 - 2012-06-04 06:45 - 10284648 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-18 14:43 - 2012-07-18 14:40 - 00805467 ____A C:\Users\Marcel\Downloads\dievita(3).sql
2012-07-17 15:16 - 2012-07-17 15:16 - 00806579 ____A C:\Users\Marcel\Downloads\dievita(2).sql
2012-07-17 13:30 - 2012-07-17 13:30 - 00380394 ____A C:\Users\Marcel\Desktop\png_img_header_title_frame.psd
2012-07-17 13:23 - 2012-07-17 13:23 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Marcel\Downloads\SkypeSetup.exe
2012-07-16 14:47 - 2012-07-16 14:47 - 09911717 ____A C:\Users\Marcel\Desktop\Untitled-47.psd
2012-07-16 13:05 - 2012-06-22 09:32 - 00183152 ____A C:\Users\Marcel\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-16 13:05 - 2012-06-22 09:32 - 00183152 ____A C:\Users\Marcel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-16 13:05 - 2012-06-22 09:32 - 00183152 ____A C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-16 10:24 - 2012-07-16 10:24 - 00837802 ____A C:\Users\Marcel\Downloads\dievita(1).sql
2012-07-16 09:26 - 2012-07-16 09:26 - 00837802 ____A C:\Users\Marcel\Downloads\dievita.sql
2012-07-13 14:31 - 2012-07-13 14:31 - 69935033 ____A C:\Users\Marcel\Desktop\bg.psd
2012-07-13 14:31 - 2012-07-13 14:31 - 10714941 ____A C:\Users\Marcel\Desktop\bg-wrapper.psd
2012-07-13 06:37 - 2012-06-11 08:11 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 06:37 - 2012-06-11 08:11 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-13 06:37 - 2012-06-11 08:11 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-11 14:26 - 2012-07-11 14:26 - 10933718 ____A C:\Users\Marcel\Desktop\boodschappen-header.psd
2012-07-10 07:58 - 2012-07-09 14:07 - 04014239 ____A C:\Users\Marcel\Desktop\png_img_header_title_frame1.psd
2012-07-10 06:54 - 2012-07-10 06:54 - 00000608 ____A C:\Users\Marcel\Desktop\XAMPP Control Panel.lnk
2012-07-10 06:50 - 2012-07-10 06:50 - 84881998 ____A C:\Users\Marcel\Downloads\xampp-win32-1.7.7-VC9-installer.exe
2012-07-09 15:21 - 2012-01-23 14:35 - 00002360 ____A C:\Users\Yuen\Desktop\Google Chrome.lnk
2012-07-09 15:19 - 2012-07-09 15:19 - 00181960 ____A C:\Users\Yuen\Local Settings\GDIPFONTCACHEV1.DAT
2012-07-09 15:19 - 2012-07-09 15:19 - 00181960 ____A C:\Users\Yuen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-07-09 15:19 - 2012-07-09 15:19 - 00181960 ____A C:\Users\Yuen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-09 15:19 - 2012-02-15 08:28 - 00008224 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-07-05 07:31 - 2012-07-05 07:31 - 13085120 ____A (Microsoft Corporation) C:\Users\Marcel\Downloads\Silverlight_x64.exe
2012-07-03 12:46 - 2012-08-22 14:41 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 03:14 - 2012-06-27 03:14 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-06-21 13:32 - 2012-06-21 13:32 - 19453706 ____A C:\Users\Marcel\Desktop\trosbloemen-large.psd
2012-06-15 12:17 - 2012-06-15 12:17 - 00018062 ____A C:\Users\Marcel\Downloads\repository.googlecode.anarchintosh-projects.1.0.1.zip
2012-06-15 10:17 - 2012-06-15 10:17 - 00000920 ____A C:\Users\Marcel\Desktop\Xampp - Marcel.lnk
2012-06-15 10:17 - 2012-06-15 10:17 - 00000676 ____A C:\Users\Marcel\Desktop\Projecten.lnk
2012-06-15 08:56 - 2012-06-15 08:56 - 05387407 ____A C:\Users\Marcel\Downloads\absinthe-win-2.0.4.zip
2012-06-11 12:15 - 2012-06-11 12:15 - 04518720 ____A (FileZilla Project) C:\Users\Marcel\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-06-11 09:27 - 2012-06-11 09:27 - 05812480 ____A C:\Users\Marcel\Downloads\npp.6.1.3.Installer.exe
2012-06-11 08:42 - 2012-06-11 08:42 - 21302168 ____A C:\Users\Marcel\Downloads\trillian-v5.1.0.19.exe
2012-06-11 08:11 - 2012-06-11 08:11 - 00001024 ____A C:\.rnd
2012-06-11 08:10 - 2012-06-11 08:10 - 16151040 ____A C:\Users\Marcel\Downloads\LogMeIn.msi
2012-06-08 09:05 - 2012-06-08 09:05 - 00000002 ____A C:\Users\Marcel\.bdockinstall.log
2012-06-08 06:33 - 2012-06-08 06:33 - 07434944 ____A C:\Users\Marcel\Downloads\bamboo_setup_web0407final.exe
2012-06-06 14:22 - 2012-06-06 14:22 - 00001004 ____A C:\Users\Marcel\Desktop\Dropbox.lnk
2012-06-06 14:21 - 2012-06-06 14:20 - 18002040 ____A (Dropbox, Inc.) C:\Users\Marcel\Downloads\Dropbox 1.4.7.exe
2012-06-06 13:46 - 2012-06-06 13:30 - 979237872 ____A (Adobe Systems Incorporated) C:\Users\Marcel\Downloads\FlashPro_11_5_LS1.exe
2012-06-06 13:37 - 2012-06-06 13:29 - 341919832 ____A (Adobe Systems Incorporated) C:\Users\Marcel\Downloads\Dreamweaver_11_LS1.exe
2012-06-06 13:34 - 2012-06-06 13:34 - 10466912 ____A (FrostWire Team) C:\Users\Marcel\Downloads\frostwire-5.3.6.windows.exe
2012-06-06 13:01 - 2012-06-06 13:00 - 66303148 ____A C:\Users\Marcel\Downloads\xampp-win32-1.7.4-VC6-installer.exe
2012-06-04 06:47 - 2012-06-04 06:47 - 00000020 ___SH C:\Users\Marcel\ntuser.ini
2012-06-01 12:44 - 2012-01-18 12:38 - 00001456 ____A C:\Users\Yuen\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-06-01 12:44 - 2012-01-18 12:38 - 00001456 ____A C:\Users\Yuen\Local Settings\Adobe Save for Web 12.0 Prefs
2012-06-01 12:44 - 2012-01-18 12:38 - 00001456 ____A C:\Users\Yuen\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-06-01 07:31 - 2012-06-01 07:31 - 00000000 ____A C:\Windows\setuperr.log


ZeroAccess:
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\L
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\L\00000004.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\00000004.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\00000008.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\000000cb.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000000.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000032.@
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8174.45 MB
Available physical RAM: 7353.99 MB
Total Pagefile: 8172.64 MB
Available Pagefile: 7350.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:917.74 GB) (Free:769.27 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.74 GB) (Free:5.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive k: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 0 B
Schf 1 Online 1920 MB 0 B
Schf 2 Geen medium 0 B 0 B
Schf 3 Geen medium 0 B 0 B
Schf 4 Geen medium 0 B 0 B
Schf 5 Geen medium 0 B 0 B
Schf 6 Geen medium 0 B 0 B



Last Boot: 2012-08-17 16:03

======================= End Of Log ==========================


------------------
SEARCH.TXT
------------------

Farbar Recovery Scan Tool Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-24 13:56:03
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 24 August 2012 - 07:31 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 24 August 2012 - 09:00 AM

Seems all have worked out successfully

----------------
FIXLOG.TXT
----------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-24 17:56:10 Run:1
Running from K:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 24 August 2012 - 01:05 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 26 August 2012 - 11:46 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 27 August 2012 - 12:21 AM

Gringo, thanks for the reply and the headsup. I've been off for a few days so that explains why.
Anyway, I've run the combofix tool which worked this time, here's the report:

----------------------
COMBOFIX LOG.TXT
----------------------

ComboFix 12-08-25.04 - Marcel 25-08-2012 22:29:24.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8174.5993 [GMT 2:00]
Gestart vanuit: c:\users\Marcel\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\L\00000004.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\L\201d3dde
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\00000004.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\00000008.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\000000cb.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000000.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000032.@
c:\windows\Installer\{6693c53a-4ff0-9768-4abd-c8034e43d8ca}\U\80000064.@
P:\UnInstall.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-27 to 2012-08-27 ))))))))))))))))))))))))))))))
.
.
2012-08-25 20:35 . 2012-08-25 20:35 -------- d-----w- c:\users\Yuen\AppData\Local\temp
2012-08-25 20:35 . 2012-08-25 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-24 12:54 . 2012-08-24 12:54 -------- d-----w- C:\FRST
2012-08-24 12:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-24 12:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-24 12:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-24 12:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-24 12:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-24 12:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-24 12:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-24 12:03 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-24 12:03 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-24 05:54 . 2012-08-24 05:54 -------- d-----w- c:\users\Marcel\AppData\Local\Unity
2012-08-23 08:14 . 2012-08-23 08:14 -------- d-----w- c:\users\Marcel\AppData\Roaming\AVG
2012-08-22 13:41 . 2012-08-22 13:41 -------- d-----w- c:\users\Marcel\AppData\Roaming\Malwarebytes
2012-08-22 13:41 . 2012-08-22 13:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-22 13:41 . 2012-08-22 13:41 -------- d-----w- c:\programdata\Malwarebytes
2012-08-22 13:41 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 11:09 . 2012-08-22 11:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-22 10:02 . 2012-08-22 10:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-22 10:01 . 2012-08-25 22:23 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-22 10:01 . 2012-08-23 05:20 -------- d-----w- c:\programdata\AVG2012
2012-08-22 10:01 . 2012-08-22 10:01 -------- d-----w- C:\$AVG
2012-08-22 10:00 . 2012-08-23 08:13 -------- d-----w- c:\program files (x86)\AVG
2012-08-22 09:57 . 2012-08-25 22:23 -------- d-----w- c:\programdata\MFAData
2012-08-22 09:57 . 2012-08-22 09:57 -------- d--h--w- c:\programdata\Common Files
2012-08-09 06:16 . 2012-08-10 12:12 -------- d-----w- c:\users\Marcel\AppData\Local\Buldozer Viewer
2012-08-09 05:55 . 2012-08-09 05:55 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-08-09 05:41 . 2012-08-09 05:41 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-08-09 05:41 . 2012-08-09 05:41 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-08-09 05:41 . 2012-08-09 05:41 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-08-03 08:16 . 2012-08-03 08:16 -------- d-----w- c:\users\Marcel\AppData\Roaming\Macrovision
2012-08-03 08:15 . 2012-08-03 08:15 -------- d-----w- c:\users\Marcel\AppData\Roaming\Roxio Burn
2012-08-01 12:10 . 2012-08-01 12:10 -------- d-----w- c:\users\Marcel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-01 07:32 . 2012-08-01 07:32 -------- d-----w- c:\users\Marcel\AppData\Roaming\NVIDIA
2012-08-01 06:54 . 2012-08-01 06:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-01 06:33 . 2012-08-01 06:33 -------- d-----w- C:\Autodesk
2012-08-01 05:42 . 2012-08-24 05:39 -------- d-----w- c:\users\Marcel\AppData\Local\Akamai
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 05:58 . 2012-06-22 08:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 05:58 . 2012-01-10 22:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 06:34 . 2012-07-26 06:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-26 06:34 . 2012-07-26 06:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-26 06:34 . 2012-07-26 06:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-26 06:34 . 2012-07-26 06:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-13 05:37 . 2012-06-11 07:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 05:37 . 2012-06-11 07:11 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 05:37 . 2012-06-11 07:11 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-06-14 07:06 . 2012-06-14 07:06 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"Akamai NetSession Interface"="c:\users\Marcel\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"mapdisk"="c:\users\Marcel\Documents\ArmAWork\mapdisk.bat" [2012-08-09 49]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-11-15 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-11-15 821144]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-27 2380752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-10 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-08-01 1432400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-14 86016]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-03 378472]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-04-19 174184]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-07-27 639512]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289559235-2106851397-1524512692-1000Core.job
- c:\users\Yuen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 13:34]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289559235-2106851397-1524512692-1000UA.job
- c:\users\Yuen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 13:34]
.
2012-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Marcel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{E12E133C-4C04-4AEF-B51B-3295E3D63929}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\gu0r3978.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-BI's Tools drive - c:\users\Marcel\Documents\ArmAWork\UnInstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-27 07:19:01 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-27 05:19
.
Pre-Run: 822.829.547.520 bytes beschikbaar
Post-Run: 822.951.088.128 bytes beschikbaar
.
- - End Of File - - 6873E4AF85DC3EAAACB99837FC479542

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 27 August 2012 - 12:46 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MarcelP

MarcelP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 27 August 2012 - 01:42 AM

Nothing found with the TDSSKiller, aswMBR scanner keeps crashing after a while. Closed every program that was running, still crashed saying: "Avast! Antorookit doesn't work anymore, trying to find a solution"


--------------------------------
TDSSKILLER REPORT
--------------------------------

08:03:18.0100 10424 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:03:18.0442 10424 ============================================================
08:03:18.0442 10424 Current date / time: 2012/08/27 08:03:18.0442
08:03:18.0442 10424 SystemInfo:
08:03:18.0442 10424
08:03:18.0442 10424 OS Version: 6.1.7601 ServicePack: 1.0
08:03:18.0442 10424 Product type: Workstation
08:03:18.0442 10424 ComputerName: DIGIMO-MP
08:03:18.0442 10424 UserName: Marcel
08:03:18.0442 10424 Windows directory: C:\Windows
08:03:18.0442 10424 System windows directory: C:\Windows
08:03:18.0442 10424 Running under WOW64
08:03:18.0442 10424 Processor architecture: Intel x64
08:03:18.0442 10424 Number of processors: 8
08:03:18.0442 10424 Page size: 0x1000
08:03:18.0442 10424 Boot type: Normal boot
08:03:18.0442 10424 ============================================================
08:03:19.0043 10424 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:03:19.0054 10424 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:03:19.0071 10424 ============================================================
08:03:19.0071 10424 \Device\Harddisk0\DR0:
08:03:19.0072 10424 MBR partitions:
08:03:19.0072 10424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B79000
08:03:19.0072 10424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8D000, BlocksNum 0x72B79000
08:03:19.0072 10424 \Device\Harddisk1\DR1:
08:03:19.0072 10424 MBR partitions:
08:03:19.0072 10424 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
08:03:19.0072 10424 ============================================================
08:03:19.0092 10424 C: <-> \Device\Harddisk0\DR0\Partition2
08:03:19.0093 10424 ============================================================
08:03:19.0093 10424 Initialize success
08:03:19.0093 10424 ============================================================
08:03:32.0537 7356 ============================================================
08:03:32.0537 7356 Scan started
08:03:32.0537 7356 Mode: Manual;
08:03:32.0537 7356 ============================================================
08:03:33.0720 7356 ================ Scan system memory ========================
08:03:33.0720 7356 System memory - ok
08:03:33.0720 7356 ================ Scan services =============================
08:03:33.0828 7356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:03:33.0843 7356 1394ohci - ok
08:03:33.0864 7356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:03:33.0869 7356 ACPI - ok
08:03:33.0881 7356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:03:33.0890 7356 AcpiPmi - ok
08:03:33.0994 7356 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:03:33.0996 7356 AdobeARMservice - ok
08:03:34.0029 7356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:03:34.0043 7356 adp94xx - ok
08:03:34.0058 7356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:03:34.0070 7356 adpahci - ok
08:03:34.0091 7356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:03:34.0102 7356 adpu320 - ok
08:03:34.0119 7356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:03:34.0120 7356 AeLookupSvc - ok
08:03:34.0201 7356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:03:34.0207 7356 AFD - ok
08:03:34.0232 7356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:03:34.0243 7356 agp440 - ok
08:03:34.0264 7356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:03:34.0271 7356 ALG - ok
08:03:34.0275 7356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:03:34.0283 7356 aliide - ok
08:03:34.0289 7356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:03:34.0297 7356 amdide - ok
08:03:34.0302 7356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:03:34.0308 7356 AmdK8 - ok
08:03:34.0326 7356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:03:34.0331 7356 AmdPPM - ok
08:03:34.0354 7356 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:03:34.0365 7356 amdsata - ok
08:03:34.0370 7356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:03:34.0385 7356 amdsbs - ok
08:03:34.0408 7356 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:03:34.0409 7356 amdxata - ok
08:03:34.0474 7356 [ F41E453A90EF19217CEE1675F5256EE7 ] Apache2.2 c:\xampp\apache\bin\httpd.exe
08:03:34.0475 7356 Apache2.2 - ok
08:03:34.0489 7356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:03:34.0499 7356 AppID - ok
08:03:34.0519 7356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:03:34.0527 7356 AppIDSvc - ok
08:03:34.0535 7356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:03:34.0543 7356 Appinfo - ok
08:03:34.0632 7356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:03:34.0634 7356 Apple Mobile Device - ok
08:03:34.0662 7356 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:03:34.0674 7356 AppMgmt - ok
08:03:34.0692 7356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:03:34.0702 7356 arc - ok
08:03:34.0709 7356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:03:34.0718 7356 arcsas - ok
08:03:34.0794 7356 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:03:34.0804 7356 aspnet_state - ok
08:03:34.0823 7356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:34.0824 7356 AsyncMac - ok
08:03:34.0856 7356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:03:34.0857 7356 atapi - ok
08:03:34.0890 7356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:03:34.0895 7356 AudioEndpointBuilder - ok
08:03:34.0905 7356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:03:34.0908 7356 AudioSrv - ok
08:03:34.0976 7356 [ EAD65493EDBA0EBEA2192D46B938298E ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
08:03:34.0978 7356 Autodesk Licensing Service - ok
08:03:35.0018 7356 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
08:03:35.0019 7356 Avgfwfd - ok
08:03:35.0075 7356 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
08:03:35.0089 7356 avgfws - ok
08:03:35.0178 7356 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
08:03:35.0196 7356 AVGIDSAgent - ok
08:03:35.0246 7356 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:03:35.0248 7356 AVGIDSDriver - ok
08:03:35.0286 7356 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:03:35.0287 7356 AVGIDSFilter - ok
08:03:35.0318 7356 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:03:35.0319 7356 AVGIDSHA - ok
08:03:35.0371 7356 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:03:35.0381 7356 Avgldx64 - ok
08:03:35.0389 7356 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:03:35.0390 7356 Avgmfx64 - ok
08:03:35.0422 7356 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:03:35.0423 7356 Avgrkx64 - ok
08:03:35.0458 7356 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:03:35.0469 7356 Avgtdia - ok
08:03:35.0475 7356 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
08:03:35.0477 7356 avgwd - ok
08:03:35.0495 7356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:03:35.0510 7356 AxInstSV - ok
08:03:35.0547 7356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:03:35.0560 7356 b06bdrv - ok
08:03:35.0580 7356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:03:35.0591 7356 b57nd60a - ok
08:03:35.0606 7356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:03:35.0613 7356 BDESVC - ok
08:03:35.0618 7356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:03:35.0625 7356 Beep - ok
08:03:35.0663 7356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:03:35.0672 7356 BFE - ok
08:03:35.0702 7356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:03:35.0711 7356 blbdrive - ok
08:03:35.0775 7356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:03:35.0779 7356 Bonjour Service - ok
08:03:35.0803 7356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:03:35.0804 7356 bowser - ok
08:03:35.0818 7356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:03:35.0826 7356 BrFiltLo - ok
08:03:35.0830 7356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:03:35.0837 7356 BrFiltUp - ok
08:03:35.0870 7356 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:03:35.0878 7356 BridgeMP - ok
08:03:35.0898 7356 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
08:03:35.0900 7356 Browser - ok
08:03:35.0916 7356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:03:35.0931 7356 Brserid - ok
08:03:35.0936 7356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:35.0943 7356 BrSerWdm - ok
08:03:35.0948 7356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:35.0955 7356 BrUsbMdm - ok
08:03:35.0959 7356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:35.0966 7356 BrUsbSer - ok
08:03:35.0970 7356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:03:35.0979 7356 BTHMODEM - ok
08:03:35.0993 7356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:03:36.0007 7356 bthserv - ok
08:03:36.0029 7356 catchme - ok
08:03:36.0047 7356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:03:36.0053 7356 cdfs - ok
08:03:36.0073 7356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:03:36.0078 7356 cdrom - ok
08:03:36.0081 7356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:03:36.0081 7356 CertPropSvc - ok
08:03:36.0089 7356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:03:36.0094 7356 circlass - ok
08:03:36.0109 7356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:03:36.0113 7356 CLFS - ok
08:03:36.0152 7356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:03:36.0166 7356 clr_optimization_v2.0.50727_32 - ok
08:03:36.0203 7356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:03:36.0214 7356 clr_optimization_v2.0.50727_64 - ok
08:03:36.0253 7356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:03:36.0254 7356 clr_optimization_v4.0.30319_32 - ok
08:03:36.0271 7356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:03:36.0273 7356 clr_optimization_v4.0.30319_64 - ok
08:03:36.0290 7356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:03:36.0298 7356 CmBatt - ok
08:03:36.0310 7356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:03:36.0319 7356 cmdide - ok
08:03:36.0354 7356 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
08:03:36.0359 7356 CNG - ok
08:03:36.0373 7356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:03:36.0382 7356 Compbatt - ok
08:03:36.0395 7356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:03:36.0404 7356 CompositeBus - ok
08:03:36.0407 7356 COMSysApp - ok
08:03:36.0412 7356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:03:36.0422 7356 crcdisk - ok
08:03:36.0455 7356 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
08:03:36.0470 7356 Creative ALchemy AL6 Licensing Service - ok
08:03:36.0506 7356 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
08:03:36.0520 7356 Creative Audio Engine Licensing Service - ok
08:03:36.0537 7356 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:03:36.0538 7356 CryptSvc - ok
08:03:36.0557 7356 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:03:36.0571 7356 CSC - ok
08:03:36.0596 7356 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:03:36.0602 7356 CscService - ok
08:03:36.0634 7356 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
08:03:36.0637 7356 CTAudSvcService - ok
08:03:36.0671 7356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:03:36.0676 7356 DcomLaunch - ok
08:03:36.0713 7356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:03:36.0722 7356 defragsvc - ok
08:03:36.0734 7356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:03:36.0737 7356 DfsC - ok
08:03:36.0760 7356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:03:36.0763 7356 Dhcp - ok
08:03:36.0779 7356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:03:36.0779 7356 discache - ok
08:03:36.0799 7356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:03:36.0801 7356 Disk - ok
08:03:36.0825 7356 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
08:03:36.0842 7356 dmvsc - ok
08:03:36.0864 7356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:03:36.0866 7356 Dnscache - ok
08:03:36.0883 7356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:03:36.0892 7356 dot3svc - ok
08:03:36.0902 7356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:03:36.0904 7356 DPS - ok
08:03:36.0931 7356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:03:36.0939 7356 drmkaud - ok
08:03:36.0964 7356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:03:36.0978 7356 DXGKrnl - ok
08:03:37.0026 7356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:03:37.0028 7356 EapHost - ok
08:03:37.0087 7356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:03:37.0143 7356 ebdrv - ok
08:03:37.0174 7356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:03:37.0176 7356 EFS - ok
08:03:37.0465 7356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:03:37.0488 7356 ehRecvr - ok
08:03:37.0504 7356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:03:37.0513 7356 ehSched - ok
08:03:37.0535 7356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:03:37.0549 7356 elxstor - ok
08:03:37.0556 7356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:03:37.0564 7356 ErrDev - ok
08:03:37.0584 7356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:03:37.0588 7356 EventSystem - ok
08:03:37.0601 7356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:03:37.0611 7356 exfat - ok
08:03:37.0624 7356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:03:37.0626 7356 fastfat - ok
08:03:37.0654 7356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:03:37.0661 7356 Fax - ok
08:03:37.0689 7356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:03:37.0697 7356 fdc - ok
08:03:37.0706 7356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:03:37.0707 7356 fdPHost - ok
08:03:37.0717 7356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:03:37.0718 7356 FDResPub - ok
08:03:37.0730 7356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:03:37.0732 7356 FileInfo - ok
08:03:37.0740 7356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:03:37.0749 7356 Filetrace - ok
08:03:37.0815 7356 [ 7E76EED28B8B8696B7F7ED5F757AA304 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe
08:03:37.0851 7356 FileZilla Server - ok
08:03:37.0906 7356 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:03:37.0952 7356 FLEXnet Licensing Service - ok
08:03:38.0036 7356 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:03:38.0047 7356 FLEXnet Licensing Service 64 - ok
08:03:38.0065 7356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:03:38.0073 7356 flpydisk - ok
08:03:38.0095 7356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:03:38.0098 7356 FltMgr - ok
08:03:38.0127 7356 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:03:38.0139 7356 FontCache - ok
08:03:38.0172 7356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:03:38.0180 7356 FontCache3.0.0.0 - ok
08:03:38.0190 7356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:03:38.0200 7356 FsDepends - ok
08:03:38.0207 7356 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:03:38.0208 7356 Fs_Rec - ok
08:03:38.0225 7356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:03:38.0228 7356 fvevol - ok
08:03:38.0238 7356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:03:38.0248 7356 gagp30kx - ok
08:03:38.0273 7356 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:38.0290 7356 GEARAspiWDM - ok
08:03:38.0322 7356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:03:38.0329 7356 gpsvc - ok
08:03:38.0386 7356 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:03:38.0404 7356 gusvc - ok
08:03:38.0416 7356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:03:38.0424 7356 hcw85cir - ok
08:03:38.0457 7356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:03:38.0470 7356 HdAudAddService - ok
08:03:38.0494 7356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:03:38.0496 7356 HDAudBus - ok
08:03:38.0510 7356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:03:38.0518 7356 HidBatt - ok
08:03:38.0528 7356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:03:38.0538 7356 HidBth - ok
08:03:38.0548 7356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:03:38.0557 7356 HidIr - ok
08:03:38.0574 7356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:03:38.0581 7356 hidserv - ok
08:03:38.0619 7356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:03:38.0627 7356 HidUsb - ok
08:03:38.0636 7356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:03:38.0646 7356 hkmsvc - ok
08:03:38.0659 7356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:03:38.0665 7356 HomeGroupListener - ok
08:03:38.0688 7356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:03:38.0691 7356 HomeGroupProvider - ok
08:03:38.0708 7356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:03:38.0718 7356 HpSAMD - ok
08:03:38.0766 7356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:03:38.0772 7356 HTTP - ok
08:03:38.0786 7356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:03:38.0787 7356 hwpolicy - ok
08:03:38.0800 7356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:03:38.0809 7356 i8042prt - ok
08:03:38.0837 7356 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
08:03:38.0841 7356 iaStor - ok
08:03:38.0876 7356 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:03:38.0877 7356 IAStorDataMgrSvc - ok
08:03:38.0897 7356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:03:38.0909 7356 iaStorV - ok
08:03:38.0957 7356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:03:38.0987 7356 idsvc - ok
08:03:39.0013 7356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:03:39.0022 7356 iirsp - ok
08:03:39.0047 7356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:03:39.0057 7356 IKEEXT - ok
08:03:39.0073 7356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:03:39.0081 7356 intelide - ok
08:03:39.0098 7356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:03:39.0099 7356 intelppm - ok
08:03:39.0118 7356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:03:39.0121 7356 IPBusEnum - ok
08:03:39.0134 7356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:39.0144 7356 IpFilterDriver - ok
08:03:39.0153 7356 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:03:39.0160 7356 iphlpsvc - ok
08:03:39.0164 7356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:03:39.0170 7356 IPMIDRV - ok
08:03:39.0172 7356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:03:39.0178 7356 IPNAT - ok
08:03:39.0226 7356 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:03:39.0233 7356 iPod Service - ok
08:03:39.0252 7356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:03:39.0259 7356 IRENUM - ok
08:03:39.0270 7356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:03:39.0278 7356 isapnp - ok
08:03:39.0290 7356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:03:39.0298 7356 iScsiPrt - ok
08:03:39.0318 7356 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
08:03:39.0330 7356 k57nd60a - ok
08:03:39.0352 7356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:03:39.0353 7356 kbdclass - ok
08:03:39.0357 7356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:03:39.0365 7356 kbdhid - ok
08:03:39.0372 7356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:03:39.0373 7356 KeyIso - ok
08:03:39.0405 7356 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:03:39.0407 7356 KSecDD - ok
08:03:39.0417 7356 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:03:39.0419 7356 KSecPkg - ok
08:03:39.0432 7356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:03:39.0439 7356 ksthunk - ok
08:03:39.0468 7356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:03:39.0481 7356 KtmRm - ok
08:03:39.0511 7356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:03:39.0514 7356 LanmanServer - ok
08:03:39.0539 7356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:03:39.0542 7356 LanmanWorkstation - ok
08:03:39.0569 7356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:03:39.0570 7356 lltdio - ok
08:03:39.0589 7356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:03:39.0599 7356 lltdsvc - ok
08:03:39.0618 7356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:03:39.0619 7356 lmhosts - ok
08:03:39.0693 7356 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:03:39.0696 7356 LMIGuardianSvc - ok
08:03:39.0703 7356 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:03:39.0704 7356 LMIInfo - ok
08:03:39.0713 7356 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:03:39.0714 7356 LMIMaint - ok
08:03:39.0718 7356 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:03:39.0726 7356 lmimirr - ok
08:03:39.0751 7356 LMIRfsClientNP - ok
08:03:39.0767 7356 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:03:39.0768 7356 LMIRfsDriver - ok
08:03:39.0776 7356 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:03:39.0780 7356 LogMeIn - ok
08:03:39.0815 7356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:03:39.0825 7356 LSI_FC - ok
08:03:39.0830 7356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:03:39.0840 7356 LSI_SAS - ok
08:03:39.0844 7356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:03:39.0853 7356 LSI_SAS2 - ok
08:03:39.0857 7356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:03:39.0862 7356 LSI_SCSI - ok
08:03:39.0881 7356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:03:39.0881 7356 luafv - ok
08:03:39.0883 7356 McMPFSvc - ok
08:03:39.0885 7356 mcmscsvc - ok
08:03:39.0887 7356 McNaiAnn - ok
08:03:39.0889 7356 McNASvc - ok
08:03:39.0891 7356 McProxy - ok
08:03:39.0919 7356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:03:39.0927 7356 Mcx2Svc - ok
08:03:39.0931 7356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:03:39.0939 7356 megasas - ok
08:03:39.0973 7356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:03:39.0984 7356 MegaSR - ok
08:03:40.0007 7356 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:03:40.0015 7356 MEIx64 - ok
08:03:40.0094 7356 [ AA0C4A2C33CE075DF2C272D678734991 ] mi-raysat_3dsMax2009_32 C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
08:03:40.0095 7356 mi-raysat_3dsMax2009_32 - ok
08:03:40.0170 7356 [ AA0C4A2C33CE075DF2C272D678734991 ] mi-raysat_3dsMax2009_64 C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
08:03:40.0171 7356 mi-raysat_3dsMax2009_64 - ok
08:03:40.0240 7356 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
08:03:40.0242 7356 mi-raysat_3dsmax2013_64 - ok
08:03:40.0263 7356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:03:40.0264 7356 MMCSS - ok
08:03:40.0277 7356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:03:40.0286 7356 Modem - ok
08:03:40.0303 7356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:03:40.0304 7356 monitor - ok
08:03:40.0311 7356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:03:40.0319 7356 mouclass - ok
08:03:40.0330 7356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:03:40.0337 7356 mouhid - ok
08:03:40.0345 7356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:03:40.0346 7356 mountmgr - ok
08:03:40.0426 7356 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:03:40.0444 7356 MozillaMaintenance - ok
08:03:40.0458 7356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:03:40.0469 7356 mpio - ok
08:03:40.0480 7356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:03:40.0482 7356 mpsdrv - ok
08:03:40.0509 7356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:03:40.0515 7356 MpsSvc - ok
08:03:40.0529 7356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:03:40.0538 7356 MRxDAV - ok
08:03:40.0561 7356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:40.0563 7356 mrxsmb - ok
08:03:40.0583 7356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:40.0586 7356 mrxsmb10 - ok
08:03:40.0602 7356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:40.0603 7356 mrxsmb20 - ok
08:03:40.0621 7356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:03:40.0629 7356 msahci - ok
08:03:40.0648 7356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:03:40.0658 7356 msdsm - ok
08:03:40.0669 7356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:03:40.0682 7356 MSDTC - ok
08:03:40.0704 7356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:03:40.0706 7356 Msfs - ok
08:03:40.0713 7356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:03:40.0720 7356 mshidkmdf - ok
08:03:40.0732 7356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:03:40.0733 7356 msisadrv - ok
08:03:40.0761 7356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:03:40.0770 7356 MSiSCSI - ok
08:03:40.0773 7356 msiserver - ok
08:03:40.0777 7356 MSK80Service - ok
08:03:40.0799 7356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:03:40.0806 7356 MSKSSRV - ok
08:03:40.0821 7356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:40.0828 7356 MSPCLOCK - ok
08:03:40.0831 7356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:03:40.0838 7356 MSPQM - ok
08:03:40.0859 7356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:03:40.0863 7356 MsRPC - ok
08:03:40.0872 7356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:03:40.0873 7356 mssmbios - ok
08:03:40.0887 7356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:03:40.0895 7356 MSTEE - ok
08:03:40.0899 7356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:03:40.0907 7356 MTConfig - ok
08:03:40.0925 7356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:03:40.0926 7356 Mup - ok
08:03:40.0979 7356 mysql - ok
08:03:40.0995 7356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:03:41.0002 7356 napagent - ok
08:03:41.0030 7356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:03:41.0033 7356 NativeWifiP - ok
08:03:41.0115 7356 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:03:41.0120 7356 NAUpdate - ok
08:03:41.0149 7356 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:03:41.0156 7356 NDIS - ok
08:03:41.0171 7356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:41.0179 7356 NdisCap - ok
08:03:41.0189 7356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:41.0197 7356 NdisTapi - ok
08:03:41.0217 7356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:41.0218 7356 Ndisuio - ok
08:03:41.0231 7356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:41.0241 7356 NdisWan - ok
08:03:41.0248 7356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:03:41.0256 7356 NDProxy - ok
08:03:41.0266 7356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:03:41.0268 7356 NetBIOS - ok
08:03:41.0279 7356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:03:41.0281 7356 NetBT - ok
08:03:41.0286 7356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:03:41.0287 7356 Netlogon - ok
08:03:41.0319 7356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:03:41.0323 7356 Netman - ok
08:03:41.0370 7356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:41.0384 7356 NetMsmqActivator - ok
08:03:41.0395 7356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:41.0397 7356 NetPipeActivator - ok
08:03:41.0418 7356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:03:41.0425 7356 netprofm - ok
08:03:41.0459 7356 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
08:03:41.0476 7356 netr28ux - ok
08:03:41.0480 7356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:41.0482 7356 NetTcpActivator - ok
08:03:41.0486 7356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:03:41.0487 7356 NetTcpPortSharing - ok
08:03:41.0504 7356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:03:41.0513 7356 nfrd960 - ok
08:03:41.0541 7356 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:03:41.0545 7356 NlaSvc - ok
08:03:41.0604 7356 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
08:03:41.0625 7356 NOBU - ok
08:03:41.0651 7356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:03:41.0652 7356 Npfs - ok
08:03:41.0657 7356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:03:41.0658 7356 nsi - ok
08:03:41.0671 7356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:03:41.0672 7356 nsiproxy - ok
08:03:41.0713 7356 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:03:41.0725 7356 Ntfs - ok
08:03:41.0745 7356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:03:41.0746 7356 Null - ok
08:03:41.0774 7356 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
08:03:41.0783 7356 NVHDA - ok
08:03:41.0976 7356 [ 776DD6D83AAC47554FDABC5064323B05 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:03:42.0027 7356 nvlddmkm - ok
08:03:42.0065 7356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:03:42.0071 7356 nvraid - ok
08:03:42.0082 7356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:03:42.0092 7356 nvstor - ok
08:03:42.0121 7356 [ AB8EF17D22AB43EDDC1ECDDC945E79DE ] NVSvc C:\Windows\system32\nvvsvc.exe
08:03:42.0129 7356 NVSvc - ok
08:03:42.0142 7356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:03:42.0148 7356 nv_agp - ok
08:03:42.0160 7356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:03:42.0165 7356 ohci1394 - ok
08:03:42.0211 7356 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:03:42.0231 7356 ose - ok
08:03:42.0364 7356 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:03:42.0387 7356 osppsvc - ok
08:03:42.0428 7356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:03:42.0430 7356 p2pimsvc - ok
08:03:42.0450 7356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:03:42.0463 7356 p2psvc - ok
08:03:42.0489 7356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:03:42.0498 7356 Parport - ok
08:03:42.0508 7356 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:03:42.0510 7356 partmgr - ok
08:03:42.0519 7356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:03:42.0522 7356 PcaSvc - ok
08:03:42.0572 7356 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
08:03:42.0574 7356 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
08:03:42.0597 7356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:03:42.0599 7356 pci - ok
08:03:42.0611 7356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:03:42.0619 7356 pciide - ok
08:03:42.0636 7356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:03:42.0647 7356 pcmcia - ok
08:03:42.0662 7356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:03:42.0664 7356 pcw - ok
08:03:42.0685 7356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:03:42.0692 7356 PEAUTH - ok
08:03:42.0732 7356 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:03:42.0757 7356 PeerDistSvc - ok
08:03:42.0818 7356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:03:42.0827 7356 PerfHost - ok
08:03:42.0869 7356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:03:42.0903 7356 pla - ok
08:03:42.0935 7356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:03:42.0940 7356 PlugPlay - ok
08:03:42.0949 7356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:03:42.0957 7356 PNRPAutoReg - ok
08:03:42.0971 7356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:03:42.0975 7356 PNRPsvc - ok
08:03:43.0006 7356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:03:43.0011 7356 PolicyAgent - ok
08:03:43.0039 7356 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
08:03:43.0042 7356 Power - ok
08:03:43.0063 7356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:03:43.0072 7356 PptpMiniport - ok
08:03:43.0088 7356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:03:43.0096 7356 Processor - ok
08:03:43.0110 7356 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
08:03:43.0113 7356 ProfSvc - ok
08:03:43.0127 7356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:03:43.0128 7356 ProtectedStorage - ok
08:03:43.0146 7356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:03:43.0148 7356 Psched - ok
08:03:43.0176 7356 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:03:43.0177 7356 PxHlpa64 - ok
08:03:43.0217 7356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:03:43.0267 7356 ql2300 - ok
08:03:43.0279 7356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:03:43.0285 7356 ql40xx - ok
08:03:43.0298 7356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:03:43.0305 7356 QWAVE - ok
08:03:43.0310 7356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:03:43.0318 7356 QWAVEdrv - ok
08:03:43.0330 7356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:03:43.0337 7356 RasAcd - ok
08:03:43.0360 7356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:43.0368 7356 RasAgileVpn - ok
08:03:43.0382 7356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:03:43.0391 7356 RasAuto - ok
08:03:43.0398 7356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:43.0408 7356 Rasl2tp - ok
08:03:43.0422 7356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:03:43.0427 7356 RasMan - ok
08:03:43.0439 7356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:43.0449 7356 RasPppoe - ok
08:03:43.0455 7356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:03:43.0464 7356 RasSstp - ok
08:03:43.0479 7356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:03:43.0483 7356 rdbss - ok
08:03:43.0489 7356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:43.0496 7356 rdpbus - ok
08:03:43.0506 7356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:43.0507 7356 RDPCDD - ok
08:03:43.0527 7356 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:03:43.0529 7356 RDPDR - ok
08:03:43.0544 7356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:03:43.0544 7356 RDPENCDD - ok
08:03:43.0548 7356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:03:43.0549 7356 RDPREFMP - ok
08:03:43.0581 7356 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:03:43.0584 7356 RDPWD - ok
08:03:43.0599 7356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:03:43.0602 7356 rdyboost - ok
08:03:43.0624 7356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:03:43.0634 7356 RemoteAccess - ok
08:03:43.0649 7356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:03:43.0652 7356 RemoteRegistry - ok
08:03:43.0730 7356 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:03:43.0792 7356 RoxMediaDB12OEM - ok
08:03:43.0818 7356 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:03:43.0820 7356 RoxWatch12 - ok
08:03:43.0830 7356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:03:43.0832 7356 RpcEptMapper - ok
08:03:43.0858 7356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:03:43.0865 7356 RpcLocator - ok
08:03:43.0881 7356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:03:43.0886 7356 RpcSs - ok
08:03:43.0900 7356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:03:43.0901 7356 rspndr - ok
08:03:43.0923 7356 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:03:43.0931 7356 s3cap - ok
08:03:43.0942 7356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:03:43.0944 7356 SamSs - ok
08:03:43.0958 7356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:03:43.0968 7356 sbp2port - ok
08:03:43.0985 7356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:03:43.0995 7356 SCardSvr - ok
08:03:44.0004 7356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:03:44.0012 7356 scfilter - ok
08:03:44.0047 7356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:03:44.0057 7356 Schedule - ok
08:03:44.0080 7356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:03:44.0081 7356 SCPolicySvc - ok
08:03:44.0094 7356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:03:44.0106 7356 SDRSVC - ok
08:03:44.0120 7356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:03:44.0121 7356 secdrv - ok
08:03:44.0130 7356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:03:44.0132 7356 seclogon - ok
08:03:44.0138 7356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:03:44.0140 7356 SENS - ok
08:03:44.0166 7356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:03:44.0174 7356 SensrSvc - ok
08:03:44.0196 7356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:03:44.0203 7356 Serenum - ok
08:03:44.0214 7356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:03:44.0223 7356 Serial - ok
08:03:44.0239 7356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:03:44.0247 7356 sermouse - ok
08:03:44.0268 7356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:03:44.0284 7356 SessionEnv - ok
08:03:44.0288 7356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:03:44.0295 7356 sffdisk - ok
08:03:44.0299 7356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:03:44.0306 7356 sffp_mmc - ok
08:03:44.0310 7356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:03:44.0316 7356 sffp_sd - ok
08:03:44.0320 7356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:03:44.0327 7356 sfloppy - ok
08:03:44.0374 7356 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:03:44.0387 7356 SftService - ok
08:03:44.0426 7356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:03:44.0430 7356 SharedAccess - ok
08:03:44.0445 7356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:03:44.0449 7356 ShellHWDetection - ok
08:03:44.0465 7356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:03:44.0474 7356 SiSRaid2 - ok
08:03:44.0478 7356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:03:44.0488 7356 SiSRaid4 - ok
08:03:44.0545 7356 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:03:44.0546 7356 SkypeUpdate - ok
08:03:44.0560 7356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:03:44.0570 7356 Smb - ok
08:03:44.0603 7356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:03:44.0605 7356 SNMPTRAP - ok
08:03:44.0612 7356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:03:44.0613 7356 spldr - ok
08:03:44.0622 7356 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
08:03:44.0628 7356 Spooler - ok
08:03:44.0688 7356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:03:44.0701 7356 sppsvc - ok
08:03:44.0748 7356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:03:44.0758 7356 sppuinotify - ok
08:03:44.0803 7356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:03:44.0807 7356 srv - ok
08:03:44.0825 7356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:03:44.0828 7356 srv2 - ok
08:03:44.0838 7356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:03:44.0840 7356 srvnet - ok
08:03:44.0857 7356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:03:44.0860 7356 SSDPSRV - ok
08:03:44.0868 7356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:03:44.0872 7356 SstpSvc - ok
08:03:44.0901 7356 [ B236873FC384E4749B3A530A82491445 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:03:44.0905 7356 Stereo Service - ok
08:03:44.0917 7356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:03:44.0926 7356 stexstor - ok
08:03:44.0946 7356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:03:44.0953 7356 stisvc - ok
08:03:44.0976 7356 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:03:44.0985 7356 stllssvr - ok
08:03:45.0006 7356 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:03:45.0007 7356 storflt - ok
08:03:45.0033 7356 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
08:03:45.0041 7356 StorSvc - ok
08:03:45.0062 7356 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:03:45.0071 7356 storvsc - ok
08:03:45.0085 7356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:03:45.0092 7356 swenum - ok
08:03:45.0176 7356 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:03:45.0181 7356 SwitchBoard - ok
08:03:45.0200 7356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:03:45.0207 7356 swprv - ok
08:03:45.0239 7356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:03:45.0272 7356 SysMain - ok
08:03:45.0301 7356 [ 6B153E518DBE6EF59191152E1ECF7ED4 ] t3 C:\Windows\system32\drivers\t3.sys
08:03:45.0314 7356 t3 - ok
08:03:45.0318 7356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:03:45.0319 7356 TabletInputService - ok
08:03:45.0478 7356 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
08:03:45.0501 7356 TabletServicePen - ok
08:03:45.0514 7356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:03:45.0516 7356 TapiSrv - ok
08:03:45.0523 7356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:03:45.0524 7356 TBS - ok
08:03:45.0574 7356 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:03:45.0587 7356 Tcpip - ok
08:03:45.0632 7356 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:03:45.0646 7356 TCPIP6 - ok
08:03:45.0674 7356 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:03:45.0674 7356 tcpipreg - ok
08:03:45.0683 7356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:03:45.0691 7356 TDPIPE - ok
08:03:45.0744 7356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:03:45.0745 7356 TDTCP - ok
08:03:45.0752 7356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:03:45.0754 7356 tdx - ok
08:03:45.0767 7356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:03:45.0775 7356 TermDD - ok
08:03:45.0797 7356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:03:45.0803 7356 TermService - ok
08:03:45.0816 7356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:03:45.0818 7356 Themes - ok
08:03:45.0841 7356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:03:45.0843 7356 THREADORDER - ok
08:03:45.0873 7356 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
08:03:45.0877 7356 TouchServicePen - ok
08:03:45.0890 7356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:03:45.0893 7356 TrkWks - ok
08:03:45.0924 7356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:03:45.0926 7356 TrustedInstaller - ok
08:03:45.0939 7356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:45.0940 7356 tssecsrv - ok
08:03:45.0952 7356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:03:45.0961 7356 TsUsbFlt - ok
08:03:45.0965 7356 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:03:45.0973 7356 TsUsbGD - ok
08:03:46.0008 7356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:03:46.0017 7356 tunnel - ok
08:03:46.0021 7356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:03:46.0030 7356 uagp35 - ok
08:03:46.0085 7356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:03:46.0096 7356 udfs - ok
08:03:46.0104 7356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:03:46.0115 7356 UI0Detect - ok
08:03:46.0131 7356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:03:46.0141 7356 uliagpkx - ok
08:03:46.0157 7356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:03:46.0165 7356 umbus - ok
08:03:46.0179 7356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:03:46.0186 7356 UmPass - ok
08:03:46.0204 7356 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
08:03:46.0206 7356 UmRdpService - ok
08:03:46.0216 7356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:03:46.0231 7356 upnphost - ok
08:03:46.0269 7356 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:03:46.0287 7356 USBAAPL64 - ok
08:03:46.0309 7356 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:46.0318 7356 usbccgp - ok
08:03:46.0335 7356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:03:46.0344 7356 usbcir - ok
08:03:46.0361 7356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:03:46.0368 7356 usbehci - ok
08:03:46.0405 7356 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:03:46.0416 7356 usbhub - ok
08:03:46.0433 7356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:03:46.0440 7356 usbohci - ok
08:03:46.0459 7356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:03:46.0466 7356 usbprint - ok
08:03:46.0492 7356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:46.0500 7356 USBSTOR - ok
08:03:46.0527 7356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:03:46.0534 7356 usbuhci - ok
08:03:46.0548 7356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:03:46.0550 7356 UxSms - ok
08:03:46.0554 7356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:03:46.0555 7356 VaultSvc - ok
08:03:46.0566 7356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:03:46.0567 7356 vdrvroot - ok
08:03:46.0587 7356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:03:46.0593 7356 vds - ok
08:03:46.0604 7356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:46.0611 7356 vga - ok
08:03:46.0625 7356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:03:46.0632 7356 VgaSave - ok
08:03:46.0637 7356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:03:46.0644 7356 vhdmp - ok
08:03:46.0650 7356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:03:46.0654 7356 viaide - ok
08:03:46.0679 7356 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:03:46.0685 7356 vmbus - ok
08:03:46.0695 7356 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:03:46.0702 7356 VMBusHID - ok
08:03:46.0718 7356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:03:46.0720 7356 volmgr - ok
08:03:46.0732 7356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:03:46.0737 7356 volmgrx - ok
08:03:46.0749 7356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:03:46.0752 7356 volsnap - ok
08:03:46.0763 7356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:03:46.0771 7356 vsmraid - ok
08:03:46.0802 7356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:03:46.0827 7356 VSS - ok
08:03:46.0845 7356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:03:46.0851 7356 vwifibus - ok
08:03:46.0866 7356 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:03:46.0873 7356 vwififlt - ok
08:03:46.0899 7356 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:03:46.0905 7356 vwifimp - ok
08:03:46.0921 7356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:03:46.0927 7356 W32Time - ok
08:03:46.0973 7356 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
08:03:46.0980 7356 wacmoumonitor - ok
08:03:47.0013 7356 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
08:03:47.0020 7356 wacommousefilter - ok
08:03:47.0024 7356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:03:47.0032 7356 WacomPen - ok
08:03:47.0048 7356 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
08:03:47.0056 7356 wacomvhid - ok
08:03:47.0085 7356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:03:47.0094 7356 WANARP - ok
08:03:47.0098 7356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:03:47.0099 7356 Wanarpv6 - ok
08:03:47.0171 7356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:03:47.0291 7356 WatAdminSvc - ok
08:03:47.0339 7356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:03:47.0362 7356 wbengine - ok
08:03:47.0371 7356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:03:47.0379 7356 WbioSrvc - ok
08:03:47.0385 7356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:03:47.0392 7356 wcncsvc - ok
08:03:47.0398 7356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:03:47.0404 7356 WcsPlugInService - ok
08:03:47.0406 7356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:03:47.0410 7356 Wd - ok
08:03:47.0424 7356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:03:47.0429 7356 Wdf01000 - ok
08:03:47.0436 7356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:03:47.0438 7356 WdiServiceHost - ok
08:03:47.0440 7356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:03:47.0441 7356 WdiSystemHost - ok
08:03:47.0450 7356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:03:47.0456 7356 WebClient - ok
08:03:47.0467 7356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:03:47.0473 7356 Wecsvc - ok
08:03:47.0482 7356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:03:47.0484 7356 wercplsupport - ok
08:03:47.0501 7356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:03:47.0503 7356 WerSvc - ok
08:03:47.0514 7356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:47.0521 7356 WfpLwf - ok
08:03:47.0547 7356 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:03:47.0557 7356 WimFltr - ok
08:03:47.0566 7356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:03:47.0574 7356 WIMMount - ok
08:03:47.0588 7356 WinDefend - ok
08:03:47.0595 7356 WinHttpAutoProxySvc - ok
08:03:47.0637 7356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:03:47.0641 7356 Winmgmt - ok
08:03:47.0684 7356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:03:47.0710 7356 WinRM - ok
08:03:47.0752 7356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:47.0760 7356 WinUsb - ok
08:03:47.0789 7356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:03:47.0797 7356 Wlansvc - ok
08:03:47.0826 7356 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:03:47.0831 7356 wlcrasvc - ok
08:03:47.0917 7356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:03:47.0930 7356 wlidsvc - ok
08:03:47.0933 7356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:03:47.0937 7356 WmiAcpi - ok
08:03:47.0941 7356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:03:47.0948 7356 wmiApSrv - ok
08:03:47.0961 7356 WMPNetworkSvc - ok
08:03:47.0974 7356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:03:47.0978 7356 WPCSvc - ok
08:03:47.0985 7356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:03:47.0988 7356 WPDBusEnum - ok
08:03:47.0999 7356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:03:48.0000 7356 ws2ifsl - ok
08:03:48.0022 7356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:03:48.0025 7356 wscsvc - ok
08:03:48.0068 7356 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
08:03:48.0069 7356 WSDPrintDevice - ok
08:03:48.0072 7356 WSearch - ok
08:03:48.0159 7356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:03:48.0193 7356 wuauserv - ok
08:03:48.0207 7356 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:03:48.0208 7356 WudfPf - ok
08:03:48.0230 7356 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:03:48.0232 7356 WUDFRd - ok
08:03:48.0237 7356 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:03:48.0239 7356 wudfsvc - ok
08:03:48.0249 7356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:03:48.0260 7356 WwanSvc - ok
08:03:48.0296 7356 ================ Scan global ===============================
08:03:48.0316 7356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:03:48.0336 7356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:03:48.0343 7356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:03:48.0358 7356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:03:48.0386 7356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:03:48.0390 7356 [Global] - ok
08:03:48.0390 7356 ================ Scan MBR ==================================
08:03:48.0404 7356 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:03:48.0558 7356 \Device\Harddisk0\DR0 - ok
08:03:48.0563 7356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:03:49.0946 7356 \Device\Harddisk1\DR1 - ok
08:03:49.0946 7356 ================ Scan VBR ==================================
08:03:49.0962 7356 [ 1BB003DD697437A5183C11879699F620 ] \Device\Harddisk0\DR0\Partition1
08:03:49.0963 7356 \Device\Harddisk0\DR0\Partition1 - ok
08:03:49.0978 7356 [ 47490EF6C23CB0445F9DF7367A35DC90 ] \Device\Harddisk0\DR0\Partition2
08:03:49.0979 7356 \Device\Harddisk0\DR0\Partition2 - ok
08:03:49.0981 7356 [ D44AD4D42ACA9422A1779A4BD615E3CD ] \Device\Harddisk1\DR1\Partition1
08:03:49.0982 7356 \Device\Harddisk1\DR1\Partition1 - ok
08:03:49.0982 7356 ============================================================
08:03:49.0982 7356 Scan finished
08:03:49.0982 7356 ============================================================
08:03:49.0987 8500 Detected object count: 0
08:03:49.0987 8500 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 27 August 2012 - 02:49 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users