Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 startup slow, damaged system files and Suspicious.Cloud.5


  • This topic is locked This topic is locked
9 replies to this topic

#1 _Martin_

_Martin_

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 August 2013 - 10:41 AM

I got a laptop running Windows 7 which froze at startup (at the Windows logo) and it was impossible to get on the computer. With the help of Sharkoon quickport I managed to get access to the harddisk and used harddisk sentinal to check the quality of the harddisk: performance is 100% and health is 52%. Now I got access to the harddisk I ran chkdsk /f /r. After completing chkdsk and placing the harddisk back, the computer starts up, but takes a very long time to do so (about 13 minutes).

Norton Internet Security (NIS) alerted me about Suspicious.Cloud.5 (from their website: "a detection technology designed to detect entirely new malware threats without traditional signatures") and put a file named bitef51.tmp in quarantaine.

When checking the computer I found that the device manager was not accessible through  "Computer > Properties > Device manager". It reported the following error:  MMC can't open the file C:\Windows\system32\devmgmt.msc (translated from Dutch). Msc files are XML files and I saw that devmgmt.msc is not stored correctly and misses some XML in the beginning of the file when I compared it with a newly generated devmgmt.msc (created with info in this topic). It misses at least this part:

<?xml version="1.0"?>
<MMC_ConsoleFile ConsoleVersion="3.0" ProgramMode="Author">
  <ConsoleFileID>{E4E0EE66-09EB-41D1-A4D6-6DA0E07928C5}</ConsoleFileID>
  <FrameState ShowStatusBar="true">

Through compmgmt.msc I got access to device manager but all seems fine there...

I checked the file from Hijackthis, ran Malwarebytes, ran sfc /scannow which could not repair all files and still can't find the exact problem. My guess is malware, because of the damaged system files and alert from NIS.

 

These are the contents of dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Mirjam at 14:57:49 on 2013-08-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8052.6302 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A6780293-0F6F-47B2-8A35-449A27C8B887} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6780293-0F6F-47B2-8A35-449A27C8B887}\3596475636F6D6934433933483 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A6780293-0F6F-47B2-8A35-449A27C8B887}\4556C65623D2D6F64656D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6780293-0F6F-47B2-8A35-449A27C8B887}\84542554F57554F5142554 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6780293-0F6F-47B2-8A35-449A27C8B887}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-8-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-8-9 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-15 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-8-9 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSviA64.sys [2013-8-10 513184]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-8-9 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-9 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-5 202752]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-9 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-8-9 144368]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-10 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-5 151936]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-9 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-23 40448]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-1-5 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-5 35104]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2008-5-2 18432]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]
.
=============== Created Last 30 ================
.
2013-08-10 21:07:05    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-10 20:37:13    98816    ----a-w-    C:\Windows\sed.exe
2013-08-10 20:37:13    256000    ----a-w-    C:\Windows\PEV.exe
2013-08-10 20:37:13    208896    ----a-w-    C:\Windows\MBR.exe
2013-08-10 20:37:08    --------    d-----w-    C:\ComboFix
2013-08-10 19:44:05    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 19:43:59    770648    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-08-10 19:42:09    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-08-10 19:42:09    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-08-10 19:42:09    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-08-10 19:42:09    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-08-10 19:42:08    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-08-10 19:42:08    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-08-10 19:42:08    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-08-10 19:42:07    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-08-10 19:42:07    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-08-10 19:35:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-08-10 19:35:46    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-08-10 19:35:44    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-08-10 19:35:44    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-08-10 08:18:19    --------    d-----w-    C:\Users\Mirjam\AppData\Local\{BAE1AC35-C822-42C7-8FDD-18A70B098C68}
2013-08-09 23:45:22    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 21:26:22    --------    d-----w-    C:\Users\Mirjam\AppData\Roaming\Malwarebytes
2013-08-09 21:25:41    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-09 21:25:34    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-09 21:25:31    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-09 21:25:09    --------    d-----w-    C:\Users\Mirjam\AppData\Local\Programs
2013-08-09 21:19:16    --------    d-----w-    C:\Program Files (x86)\Fiddler2
2013-08-09 21:06:36    --------    d-----w-    C:\Martin
2013-08-09 21:01:36    --------    d-----w-    C:\Users\Mirjam\AppData\Roaming\Hard Disk Sentinel
2013-08-09 21:01:17    --------    d-----w-    C:\Program Files (x86)\Hard Disk Sentinel
2013-08-09 12:12:46    --------    d-----w-    C:\Users\Mirjam\AppData\Local\{74A56484-A5D0-43E6-96BC-09C668642FCA}
2013-08-09 09:32:36    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-08-09 09:32:36    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-08-09 09:32:36    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-08-09 09:32:16    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-08-09 09:30:56    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-09 09:29:38    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-08-09 09:29:38    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-08-09 09:14:22    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-08-09 08:35:18    433752    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-08-09 08:35:17    493656    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-08-09 08:35:17    36952    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-08-09 08:35:17    23448    ----a-r-    C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-08-09 08:35:17    1139800    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-08-09 08:35:16    796760    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-08-09 08:35:16    224416    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-08-09 08:35:15    169048    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-08-09 08:32:29    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1404000.028
2013-08-08 21:15:52    --------    d-----w-    C:\found.000
.
==================== Find3M  ====================
.
2013-08-09 23:45:22    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 08:36:11    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2012-09-20 12:39:53    4096000    ----a-w-    C:\Program Files (x86)\GUTAD6F.tmp
.
============= FINISH: 15:03:56,17 ===============

 

 



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 16 August 2013 - 06:20 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 _Martin_

_Martin_
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 August 2013 - 04:44 AM

Hi m0le,

 

Thanks for your reply. I will follow your instructions and hope you can help me fix this :)



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 17 August 2013 - 07:27 PM

Cloud.5 is low level so is probably not the culprit for the system file damage. Let's see if we can find what it actually is.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Scan your computer's memory for errors.
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 _Martin_

_Martin_
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 18 August 2013 - 03:15 PM

These are the contents of FRST.txt, you can see some remainders of things I already tried to fix the issues before creating this topic.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by SYSTEM on 18-08-2013 21:08:07
Running from G:\Documents\temp
Windows 7 Home Premium (X64) OS Language: Dutch Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2010-01-04] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Martin\...\RunOnce: [Application Restart #0] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-08-08] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130812.003\ENG64.SYS [126040 2013-08-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130812.003\ENG64.SYS [126040 2013-08-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130812.003\EX64.SYS [2098776 2013-08-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130812.003\EX64.SYS [2098776 2013-08-08] (Symantec Corporation)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-02] (Nokia)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 AtiDCM; \??\C:\Users\Mirjam\AppData\Local\Temp\atdcm64a.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-11 02:01 - 2013-08-11 02:01 - 00000017 _____ C:\Users\Mirjam\AppData\Local\resmon.resmoncfg
2013-08-10 13:08 - 2013-08-10 13:08 - 00079608 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-10 13:08 - 2013-08-10 13:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Macromedia
2013-08-10 13:07 - 2013-08-10 13:07 - 00000020 ___SH C:\Users\Martin\ntuser.ini
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Sjablonen
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Netwerkprinteromgeving
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Mijn documenten
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Menu Start
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn video's
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn muziek
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn afbeeldingen
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\AppData\Local\Geschiedenis
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\Users\Martin\AppData\Local\VirtualStore
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\users\Martin
2013-08-10 13:07 - 2010-09-15 15:23 - 00000000 ____D C:\Users\Martin\AppData\Local\Microsoft Help
2013-08-10 12:37 - 2013-08-10 13:05 - 00000000 ____D C:\ComboFix
2013-08-10 12:37 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 12:37 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 12:37 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 12:37 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 12:37 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 12:37 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 12:37 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 12:37 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 12:34 - 2013-08-10 12:37 - 00000000 ____D C:\Qoobox
2013-08-10 12:33 - 2013-08-10 12:57 - 00000000 ____D C:\Windows\erdnt
2013-08-10 11:45 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-08-10 11:45 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-08-10 11:45 - 2012-08-23 06:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-08-10 11:45 - 2012-08-23 05:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-10 11:45 - 2012-08-23 05:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-10 11:45 - 2012-08-23 05:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-10 11:45 - 2012-08-23 05:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-10 11:45 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-08-10 11:45 - 2012-08-23 05:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-08-10 11:45 - 2012-08-23 05:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-10 11:45 - 2012-08-23 05:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-08-10 11:45 - 2012-08-23 05:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-08-10 11:45 - 2012-08-23 04:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-08-10 11:45 - 2012-08-23 03:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-08-10 11:45 - 2012-08-23 03:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-10 11:45 - 2012-08-23 03:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-08-10 11:45 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-10 11:45 - 2012-08-23 02:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-08-10 11:45 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-08-10 11:45 - 2012-08-23 02:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-10 11:45 - 2012-08-23 02:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-08-10 11:45 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-08-10 11:45 - 2012-08-23 00:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-10 11:45 - 2012-08-23 00:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-08-10 11:44 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-10 11:44 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-10 11:44 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-10 11:44 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-10 11:44 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-10 11:44 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-10 11:44 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-10 11:44 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-10 11:44 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-10 11:44 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-10 11:44 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 11:44 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-10 11:44 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-10 11:43 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-10 11:43 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-10 11:43 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-10 11:43 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-10 11:43 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-10 11:43 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-10 11:43 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-10 11:42 - 2012-08-24 10:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-08-10 11:42 - 2012-08-24 10:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-08-10 11:42 - 2012-08-24 10:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-08-10 11:42 - 2012-08-24 10:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-08-10 11:42 - 2012-08-24 08:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-10 11:42 - 2012-08-24 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-10 11:42 - 2012-08-24 08:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-10 11:42 - 2012-05-04 03:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-08-10 11:42 - 2012-05-04 01:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-10 11:35 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-10 11:35 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-08-10 11:35 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-10 11:35 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-08-10 03:28 - 2013-08-10 03:43 - 00010458 _____ C:\Users\Mirjam\AppData\Local\MyWinLockerInstaller.txt-20130810.log
2013-08-10 01:13 - 2013-08-12 07:03 - 00000000 ____D C:\Users\Mirjam\Desktop\Martin
2013-08-10 00:18 - 2013-08-10 00:18 - 00000000 ____D C:\Users\Mirjam\AppData\Local\{BAE1AC35-C822-42C7-8FDD-18A70B098C68}
2013-08-09 15:47 - 2013-08-09 15:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-09 15:47 - 2013-08-09 15:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-09 15:47 - 2013-08-09 15:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-09 15:47 - 2013-08-09 15:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-09 15:47 - 2013-08-09 15:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-09 15:47 - 2013-08-09 15:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-09 15:47 - 2013-08-09 15:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-09 15:47 - 2013-08-09 15:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-09 15:47 - 2013-08-09 15:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-09 15:45 - 2013-08-09 15:45 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-09 15:41 - 2013-08-09 15:54 - 00010362 _____ C:\Windows\IE10_main.log
2013-08-09 13:26 - 2013-08-09 13:26 - 00000000 ____D C:\Users\Mirjam\AppData\Roaming\Malwarebytes
2013-08-09 13:25 - 2013-08-09 13:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-09 13:25 - 2013-08-09 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-09 13:25 - 2013-04-04 04:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-09 13:20 - 2013-08-09 13:25 - 00000000 ____D C:\Users\Mirjam\Documents\Fiddler2
2013-08-09 13:19 - 2013-08-09 13:19 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-08-09 13:06 - 2013-08-10 12:05 - 00000000 ____D C:\Martin
2013-08-09 13:01 - 2013-08-10 01:12 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2013-08-09 13:01 - 2013-08-09 13:01 - 00000000 ____D C:\Users\Mirjam\AppData\Roaming\Hard Disk Sentinel
2013-08-09 04:12 - 2013-08-09 04:13 - 00000000 ____D C:\Users\Mirjam\AppData\Local\{74A56484-A5D0-43E6-96BC-09C668642FCA}
2013-08-09 01:32 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-09 01:32 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-08-09 01:32 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-08-09 01:32 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-08-09 01:31 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-08-09 01:31 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-08-09 01:31 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-09 01:31 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-08-09 01:31 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-09 01:31 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-09 01:31 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-09 01:31 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-08-09 01:31 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-09 01:31 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-08-09 01:31 - 2013-03-18 21:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-08-09 01:31 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-08-09 01:31 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-08-09 01:31 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-08-09 01:31 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-08-09 01:31 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-08-09 01:31 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-08-09 01:31 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-09 01:31 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-09 01:31 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-09 01:30 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-09 01:30 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-09 01:30 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-09 01:30 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-08-09 01:30 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-09 01:30 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-09 01:30 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-09 01:30 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-08-09 01:30 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-09 01:30 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-09 01:30 - 2013-03-18 22:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-09 01:30 - 2013-03-18 21:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-08-09 01:30 - 2013-03-18 21:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-09 01:30 - 2013-03-18 21:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-09 01:30 - 2013-03-18 20:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-09 01:30 - 2013-03-18 19:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-08-09 01:30 - 2013-01-23 22:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-08-09 01:29 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-09 01:29 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-08-09 01:14 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-08-09 00:47 - 2013-08-09 00:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-08-08 13:15 - 2013-08-08 13:15 - 00000000 ____D C:\found.000

==================== One Month Modified Files and Folders =======

2013-08-18 11:45 - 2013-08-18 11:45 - 00000000 ____D C:\FRST
2013-08-12 12:22 - 2010-01-04 17:29 - 01717453 _____ C:\Windows\WindowsUpdate.log
2013-08-12 12:21 - 2010-03-29 04:09 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 07:03 - 2013-08-10 01:13 - 00000000 ____D C:\Users\Mirjam\Desktop\Martin
2013-08-12 07:01 - 2009-07-13 20:45 - 00017600 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 07:01 - 2009-07-13 20:45 - 00017600 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 05:35 - 2011-06-17 03:19 - 00000000 ____D C:\Users\Mirjam\AppData\Local\CrashDumps
2013-08-12 03:47 - 2010-03-29 04:09 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 03:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 03:44 - 2009-07-13 20:51 - 00158563 _____ C:\Windows\setupact.log
2013-08-11 02:01 - 2013-08-11 02:01 - 00000017 _____ C:\Users\Mirjam\AppData\Local\resmon.resmoncfg
2013-08-10 23:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-10 17:59 - 2009-11-04 19:42 - 00000000 ____D C:\Program Files (x86)\EgisTec Egis Software Update
2013-08-10 17:57 - 2010-03-29 06:36 - 00000000 ____D C:\ProgramData\Norton
2013-08-10 17:57 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-10 17:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-10 17:50 - 2009-11-04 19:42 - 00000000 ____D C:\Program Files (x86)\EgisTec
2013-08-10 13:32 - 2009-11-04 19:19 - 01702834 _____ C:\Windows\PFRO.log
2013-08-10 13:08 - 2013-08-10 13:08 - 00079608 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-10 13:08 - 2013-08-10 13:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Macromedia
2013-08-10 13:07 - 2013-08-10 13:07 - 00000020 ___SH C:\Users\Martin\ntuser.ini
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Sjablonen
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Netwerkprinteromgeving
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Mijn documenten
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Menu Start
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn video's
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn muziek
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\Documents\Mijn afbeeldingen
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 _SHDL C:\Users\Martin\AppData\Local\Geschiedenis
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\Users\Martin\AppData\Local\VirtualStore
2013-08-10 13:07 - 2013-08-10 13:07 - 00000000 ____D C:\users\Martin
2013-08-10 13:05 - 2013-08-10 12:37 - 00000000 ____D C:\ComboFix
2013-08-10 12:57 - 2013-08-10 12:33 - 00000000 ____D C:\Windows\erdnt
2013-08-10 12:55 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-08-10 12:37 - 2013-08-10 12:34 - 00000000 ____D C:\Qoobox
2013-08-10 12:08 - 2010-03-29 03:36 - 00000000 ____D C:\Users\Mirjam\AppData\Local\VirtualStore
2013-08-10 12:05 - 2013-08-09 13:06 - 00000000 ____D C:\Martin
2013-08-10 11:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-10 11:09 - 2010-03-30 04:04 - 00000000 ____D C:\Users\Mirjam\Tracing
2013-08-10 09:21 - 2010-03-29 03:36 - 00000000 ____D C:\users\Mirjam
2013-08-10 03:43 - 2013-08-10 03:28 - 00010458 _____ C:\Users\Mirjam\AppData\Local\MyWinLockerInstaller.txt-20130810.log
2013-08-10 01:13 - 2010-01-04 17:23 - 00701798 _____ C:\Windows\System32\perfh013.dat
2013-08-10 01:13 - 2010-01-04 17:23 - 00133798 _____ C:\Windows\System32\perfc013.dat
2013-08-10 01:13 - 2009-07-13 21:13 - 01549498 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-10 01:12 - 2013-08-09 13:01 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2013-08-10 00:18 - 2013-08-10 00:18 - 00000000 ____D C:\Users\Mirjam\AppData\Local\{BAE1AC35-C822-42C7-8FDD-18A70B098C68}
2013-08-10 00:08 - 2009-07-13 20:45 - 00343184 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-10 00:06 - 2012-01-16 16:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-10 00:05 - 2012-01-16 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-09 16:09 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-09 16:09 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-09 16:08 - 2009-11-04 16:26 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-09 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-09 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-09 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-09 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-09 15:54 - 2013-08-09 15:41 - 00010362 _____ C:\Windows\IE10_main.log
2013-08-09 15:47 - 2013-08-09 15:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-09 15:47 - 2013-08-09 15:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-09 15:47 - 2013-08-09 15:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-09 15:47 - 2013-08-09 15:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-09 15:47 - 2013-08-09 15:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-09 15:47 - 2013-08-09 15:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-09 15:47 - 2013-08-09 15:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-09 15:47 - 2013-08-09 15:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-09 15:47 - 2013-08-09 15:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-09 15:47 - 2013-08-09 15:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-09 15:47 - 2013-08-09 15:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-09 15:45 - 2013-08-09 15:45 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-09 15:45 - 2013-08-09 15:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-09 15:17 - 2009-11-04 19:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-09 15:02 - 2009-11-04 16:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-09 15:02 - 2009-11-04 16:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-09 14:45 - 2010-03-29 09:51 - 00000000 ____D C:\Users\Mirjam\AppData\Local\Adobe
2013-08-09 13:26 - 2013-08-09 13:26 - 00000000 ____D C:\Users\Mirjam\AppData\Roaming\Malwarebytes
2013-08-09 13:25 - 2013-08-09 13:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-09 13:25 - 2013-08-09 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-09 13:25 - 2013-08-09 13:20 - 00000000 ____D C:\Users\Mirjam\Documents\Fiddler2
2013-08-09 13:19 - 2013-08-09 13:19 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-08-09 13:01 - 2013-08-09 13:01 - 00000000 ____D C:\Users\Mirjam\AppData\Roaming\Hard Disk Sentinel
2013-08-09 04:13 - 2013-08-09 04:12 - 00000000 ____D C:\Users\Mirjam\AppData\Local\{74A56484-A5D0-43E6-96BC-09C668642FCA}
2013-08-09 00:47 - 2013-08-09 00:47 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-08-09 00:46 - 2013-02-16 04:42 - 00003284 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-08-09 00:46 - 2013-02-16 04:40 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-08-09 00:36 - 2013-02-16 04:42 - 00177312 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-08-09 00:36 - 2013-02-16 04:42 - 00007631 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-08-09 00:16 - 2010-03-29 04:09 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-09 00:16 - 2010-03-29 04:09 - 00003800 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-08 13:15 - 2013-08-08 13:15 - 00000000 ____D C:\found.000

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-09 15:00:53
Restore point made on: 2013-08-09 15:07:11
Restore point made on: 2013-08-10 01:21:17
Restore point made on: 2013-08-10 01:48:24
Restore point made on: 2013-08-10 02:54:24
Restore point made on: 2013-08-10 03:42:18
Restore point made on: 2013-08-10 11:43:05
Restore point made on: 2013-08-10 13:29:16

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8052.5 MB
Available physical RAM: 7147.29 MB
Total Pagefile: 8050.65 MB
Available Pagefile: 7151.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:583.38 GB) (Free:515.19 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:2.54 GB) NTFS
Drive g: (NOLIMIT) (Removable) (Total:7.46 GB) (Free:0.13 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: E27EE27E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-08-12 11:23

==================== End Of Log ============================


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 18 August 2013 - 07:23 PM

I already tried to fix the issues before creating this topic.


What do you mean by this? What sort of fixing were you doing and what did you use to do that fixing. Have any problems appeared after you started fixing the issues? I need to know this so I can assess what has happened here.
Posted Image
m0le is a proud member of UNITE

#7 _Martin_

_Martin_
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 20 August 2013 - 05:16 PM

Sorry for my late response, I got a few busy days. At this moment it is a few minutes past midnight here and if all goes as planned I will get back to you tomorrow evening with the information you requested.



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 20 August 2013 - 06:21 PM

:thumbup2:


Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 24 August 2013 - 07:05 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le


Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:53 AM

Posted 26 August 2013 - 06:34 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users