TechSpot

Sirefef won't go away - please help!

Solved
By cschrille
Jun 2, 2012
  1. Ok, so I got infected by this crap yesterday and it is seriously impossible to remove. I noticed that many people has recently been infected by this lately and I wonder how I can remove it.

    I have the latest update for Nod32 and I have scanned and removed, but it keeps coming back.
    I also tried MBAM in safe mode which found C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner)

    C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner)

    Both are same file path as the ones Nod32 is picking up, but Nod32 also says :
    Object: Operating memory > C:\Windows\assembly\GAC_32\Desktop.ini
    Threat: a variant of Win32/Sirefef.EZ trojan
  2. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    GMER and MBAM did not find anything now.

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Ägaren at 0:57:41 on 2012-06-03
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1053.18.8173.5901 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\notepad.exe
    C:\Users\Ägaren\Downloads\dds.scr
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [VPNCheck]
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\GAREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Ägaren\AppData\Local\Temp\_uninst_.bat
    StartupFolder: C:\Users\GAREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Ägaren\AppData\Local\Temp\_uninst_39377219.bat
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
    IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EDFEB4F4-C1D5-4A6A-8517-3EA096F8E806} : DhcpNameServer = 80.67.0.2 91.213.246.2
    TCP: Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE} : DhcpNameServer = 192.168.1.1
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
    {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
    {F156768E-81EF-470C-9057-481BA8380DBA}
    {8dcb7100-df86-4384-8842-8fa844297b3f}
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\r3cyqdc7.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 39377219;39377219;C:\Windows\system32\DRIVERS\39377219.sys --> C:\Windows\system32\DRIVERS\39377219.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-2 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-15 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-02 22:57:42 -------- d-----w- C:\Users\?garen\AppData\Local\Microsoft
    2012-06-02 20:17:52 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-06-02 20:17:13 460888 ----a-w- C:\Windows\System32\drivers\39377219.sys
    2012-06-02 17:35:11 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Malwarebytes
    2012-06-02 17:35:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-02 17:35:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-02 17:35:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-02 16:39:49 -------- d-----w- C:\ProgramData\Rockstar Games
    2012-06-02 11:14:07 -------- d-----w- C:\Program Files (x86)\Rockstar Games
    2012-06-01 12:57:39 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{693E3B0F-3805-46B5-A307-733C734207AF}\mpengine.dll
    2012-05-29 14:31:37 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Roaming
    2012-05-29 14:31:37 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Quest3D
    2012-05-28 15:56:59 -------- d-sh--w- C:\ProgramData\DSS
    2012-05-28 15:51:21 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
    2012-05-28 15:51:21 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
    2012-05-28 15:51:16 809496 ----a-r- C:\Windows\SysWow64\tmp68E3.tmp
    2012-05-28 02:14:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-05-27 20:33:23 -------- d-----w- C:\Program Files\UlisesSoft
    2012-05-27 20:29:12 -------- d-----w- C:\CRACK
    2012-05-27 20:25:56 -------- d-----w- C:\Program Files\ESET
    2012-05-27 20:21:29 184805 ----a-w- C:\ProgramData\1338149966.bdinstall.bin
    2012-05-27 19:55:55 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2012-05-27 19:55:38 -------- d-----w- C:\Users\Ägaren\SystemRequirementsLab
    2012-05-26 19:09:10 -------- d-----w- C:\Windows\SysWow64\xlive
    2012-05-26 19:09:10 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-05-26 16:39:24 -------- d-----w- C:\ProgramData\Codemasters
    2012-05-26 16:35:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-05-26 16:35:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-05-26 16:35:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-05-26 16:35:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-05-26 16:35:51 -------- d-----w- C:\Program Files (x86)\OpenAL
    2012-05-26 15:55:33 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
    2012-05-26 13:38:56 -------- d-----w- C:\Program Files (x86)\GIGA
    2012-05-25 18:17:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\FlashGet
    2012-05-25 18:17:01 -------- d-----w- C:\Program Files (x86)\FlashGet
    2012-05-24 14:58:24 -------- d-----w- C:\KISS
    2012-05-24 14:20:52 23816 ------w- C:\Windows\System32\drivers\cpuz135_x64.sys
    2012-05-24 14:20:51 -------- d-----w- C:\Program Files\CPUID
    2012-05-24 11:42:53 -------- d-----w- C:\Program Files\Speccy
    2012-05-23 11:58:41 283200 ------w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-05-23 11:58:38 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2012-05-23 11:57:22 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\DAEMON Tools Lite
    2012-05-23 11:57:02 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2012-05-22 19:16:42 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-05-22 19:15:46 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-22 19:15:45 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-05-22 19:12:36 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-05-22 15:14:01 -------- d-----w- C:\Program Files (x86)\NeoDownloader1
    2012-05-22 15:04:30 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\NeoDownloader
    2012-05-22 15:04:30 -------- d-----w- C:\Program Files (x86)\NeoDownloader
    2012-05-21 19:27:08 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Notepad++
    2012-05-20 14:41:51 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\OpenOffice.org
    2012-05-20 14:41:11 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-05-20 09:55:59 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\NVIDIA
    2012-05-20 09:53:20 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-05-20 09:50:16 -------- d-----w- C:\ProgramData\EA Logs
    2012-05-20 09:50:16 -------- d-----w- C:\ProgramData\EA Core
    2012-05-20 09:37:42 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\.minecraft
    2012-05-19 16:30:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Unity
    2012-05-18 21:51:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-18 21:51:29 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-05-18 21:51:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-18 21:51:12 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
    2012-05-18 21:51:12 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
    2012-05-18 21:51:12 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
    2012-05-18 21:51:12 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
    2012-05-18 21:51:11 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
    2012-05-18 21:51:11 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
    2012-05-18 19:55:37 -------- d-----w- C:\Program Files (x86)\Origin Games
    2012-05-18 19:55:36 -------- d-----w- C:\ProgramData\Origin
    2012-05-18 19:54:35 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Origin
    2012-05-18 19:54:35 -------- d-----w- C:\ProgramData\Electronic Arts
    2012-05-18 19:54:32 -------- d-----w- C:\Program Files (x86)\Origin
    2012-05-17 21:22:01 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-05-17 21:04:18 -------- d-----w- C:\ProgramData\Battle.net
    2012-05-17 19:47:49 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-05-16 15:19:48 203746 ----a-w- C:\ProgramData\1337181385.bdinstall.bin
    2012-05-16 15:19:06 -------- d-----w- C:\ProgramData\BDLogging
    2012-05-16 15:18:02 -------- d-----w- C:\Program Files\Bitdefender
    2012-05-16 15:16:38 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\QuickScan
    2012-05-16 15:16:10 -------- d-----w- C:\Program Files\Common Files\Bitdefender
    2012-05-16 15:14:28 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\WinRAR
    2012-05-16 13:10:20 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\vlc
    2012-05-16 11:16:10 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\BitTorrent
    2012-05-15 21:27:23 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Media Player Classic
    2012-05-15 20:52:34 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-05-15 20:50:19 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
    2012-05-15 20:50:14 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2012-05-15 20:08:21 -------- d-----w- C:\Program Files (x86)\VPNCheck
    2012-05-15 20:00:49 -------- d-----w- C:\Program Files (x86)\OpenVPN
    2012-05-15 19:18:24 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Mozilla
    2012-05-15 19:09:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2012-05-15 19:09:41 50688 ----a-w- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
    2012-05-15 19:02:56 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2012-05-15 18:48:27 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 18:48:27 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 18:48:27 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-15 18:48:27 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 18:48:27 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-05-15 18:48:27 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 18:46:37 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2012-05-15 18:46:36 949056 ----a-w- C:\Windows\System32\nvumdshimx.dll
    2012-05-15 18:46:36 68928 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-05-15 18:46:36 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-05-15 18:46:34 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
    2012-05-15 18:44:56 -------- d-----w- C:\NVIDIA
    2012-05-15 18:43:10 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-05-15 18:43:07 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-05-15 18:18:32 -------- d-----w- C:\Program Files\SystemRequirementsLab
    2012-05-15 18:13:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\TeraCopy
    2012-05-15 14:56:55 -------- d-----w- C:\Windows\SysWow64\Adobe
    2012-05-15 14:54:17 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Macromedia
    2012-05-15 14:54:17 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Adobe
    2012-05-15 14:54:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 14:54:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-15 14:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft
    2012-05-15 14:47:56 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
    2012-05-15 14:47:56 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
    2012-05-15 14:45:14 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-05-15 14:44:38 -------- d-----w- C:\Windows\SysWow64\directx
    2012-05-15 14:07:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-05-15 14:07:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-05-15 13:46:06 -------- d-----w- C:\Windows\System32\SPReview
    2012-05-15 13:46:01 -------- d-----w- C:\Windows\System32\EventProviders
    2012-05-15 13:42:59 957440 ----a-w- C:\Windows\System32\mblctr.exe
    2012-05-15 13:41:14 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-05-15 13:41:14 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-05-15 13:41:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-05-15 13:24:17 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-05-15 13:24:17 -------- d-----w- C:\Windows\System32\Wat
    2012-05-15 12:57:11 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2012-05-15 12:48:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-05-15 12:48:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-05-15 12:48:00 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-05-15 12:48:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-05-15 12:48:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-05-15 12:48:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-05-15 12:48:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-05-15 12:44:55 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-05-15 12:38:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-05-15 12:38:05 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-05-15 12:31:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-05-15 12:31:21 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-05-15 12:31:21 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-05-15 12:30:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-05-15 12:30:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-05-15 12:30:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-05-15 12:30:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-05-15 12:30:33 20992 ------w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2012-05-15 12:30:33 162816 ----a-w- C:\Windows\System32\rdpudd.dll
    2012-05-15 12:30:33 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-05-15 12:30:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-05-15 11:41:11 -------- d-----w- C:\Windows\Panther
    2012-05-15 11:18:19 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-15 11:15:20 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
    2012-05-15 11:14:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2012-05-15 11:14:04 539240 ------w- C:\Windows\System32\drivers\Rt64win7.sys
    2012-05-15 11:14:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-05-15 11:11:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-05-15 11:11:59 69715 ------w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-05-15 11:11:59 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-05-15 11:11:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-05-15 11:11:59 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-05-15 11:11:59 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-05-15 11:11:59 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-05-15 11:11:58 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-05-15 11:11:58 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-05-15 11:11:52 16896 ----a-w- C:\Windows\AsTaskSched.dll
    2012-05-15 11:11:11 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
    2012-05-15 11:10:58 -------- d-----w- C:\Intel
    2012-05-15 11:10:36 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
    2012-05-15 11:08:52 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
    2012-05-15 11:08:48 -------- d-sh--w- C:\Windows\Installer
    2012-05-15 00:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-05-13 17:40:06 -------- d-----w- C:\Program Files\TeraCopy
    .
    ==================== Find3M ====================
    .
    2012-05-15 13:55:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-05-15 13:55:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-05-15 10:48:00 818496 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
    2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    .
    ============= FINISH: 0:58:12,34 ===============
  5. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2012-05-15 12:57:09
    System Uptime: 2012-06-03 00:02:30 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8H67
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 478 GiB total, 352,498 GiB free.
    D: is CDROM ()
    E: is CDROM (UDF)
    X: is FIXED (NTFS) - 453 GiB total, 61,277 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: USB\VID_045E&PID_0291\6&DF2EE03&0&6
    Manufacturer:
    Name:
    PNP Device ID: USB\VID_045E&PID_0291\6&DF2EE03&0&6
    Service:
    .
    ==== System Restore Points ===================
    .
    RP34: 2012-05-29 13:54:59 - Microsoft Visual C++ 2005 Redistributable installerades
    RP35: 2012-05-29 13:56:36 - DirectX har installerats
    RP36: 2012-05-29 14:33:51 - DirectX har installerats
    RP37: 2012-06-01 14:57:15 - Windows Update
    RP38: 2012-06-02 18:39:36 - Installed Max Payne 3
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3) - Svenska
    Adobe Shockwave Player 11.6
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Battlefield 3™
    Battlelog Web Plugins
    Bing Bar
    BitTorrent
    Counter-Strike: Global Offensive Beta
    DAEMON Tools Lite
    Dead Rising 2
    Diablo III
    DiRT 3
    DiRT Showdown
    DNS Leak Fix for OpenVPN version 1.2
    Dota 2
    ESN Sonar
    FlashGet 1.9.6.1073
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    K-Lite Codec Pack 8.7.0 (Full)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Max Payne 3
    Microsoft AppLocale
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MOTORM4X
    Mozilla Firefox 12.0 (x86 sv-SE)
    Mozilla Maintenance Service
    MSI Afterburner 2.2.1
    NeoDownloader 2.9.1
    Notepad++
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Off-Road Drive
    OpenAL
    OpenOffice.org 3.4
    OpenVPN 2.2.1
    Origin
    Picasa 3
    PunkBuster Services
    Rapture3D 2.4.8 Game
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Rigs of Rods 0.38.67
    Rockstar Games Social Club
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Ship Simulator Extremes
    swMSM
    System Requirements Lab CYRI
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.1
    VPNCheck 1.5
    .
    ==== End Of File ===========================
  6. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Doing a full scan in Malwarebytes atm, should I post it aswell when its done?
  7. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please do.
  8. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Databasversion: v2012.06.02.05

    Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge med nätverk)
    Internet Explorer 9.0.8112.16421
    Ägaren :: ÄGAREN-DATOR [administratör]

    Skydd: Inaktiverad

    2012-06-03 01:33:59
    mbam-log-2012-06-03 (01-33-59).txt

    Skanningstyp: Fullständig skanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 631213
    Förfluten tid: 1 timme(ar), 51 minut(er), 38 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 2
    C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner) -> Ta bort vid nästa datorstart.
    C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.

    (klar)
  9. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    MBAM scan logs from earlier yesterday.

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Databasversion: v2012.06.02.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ägaren :: ÄGAREN-DATOR [administratör]

    Skydd: Aktiverad

    2012-06-02 19:39:47
    mbam-log-2012-06-02 (19-39-47).txt

    Skanningstyp: Blixtskanning
    Aktiverade skanningsalternativ: Minne | Start | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: Register | Filsystem | P2P
    Antal skannade objekt: 206885
    Förfluten tid: 22 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 1
    C:\Users\Chrilles\AppData\Roaming\dclogs (Stolen.Data) -> Sattes I karantän och togs bort.

    Upptäckta filer: 2
    C:\Users\Chrilles\AppData\Roaming\dclogs\2012-03-25-1.dc (Stolen.Data) -> Sattes I karantän och togs bort.
    C:\Users\Chrilles\AppData\Local\Temp\Soundfx .exe (Backdoor.Agent) -> Sattes I karantän och togs bort.

    (klar)

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Databasversion: v2012.06.02.05

    Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge med nätverk)
    Internet Explorer 9.0.8112.16421
    Ägaren :: ÄGAREN-DATOR [administratör]

    Skydd: Inaktiverad

    2012-06-02 23:10:23
    mbam-log-2012-06-02 (23-10-23).txt

    Skanningstyp: Fullständig skanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 468788
    Förfluten tid: 36 minut(er), 32 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer:
    C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner) -> Ta bort vid nästa datorstart.
    C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.

    (klar)
  10. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Scanned with aswMBR and this came up.
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-03 14:43:53
    -----------------------------
    14:43:53.201 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:43:53.201 Number of processors: 4 586 0x2A07
    14:43:53.201 ComputerName: ÄGAREN-DATOR UserName: Ägaren
    14:43:53.887 Initialize success
    14:43:58.224 AVAST engine defs: 12060300
    14:44:16.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
    14:44:16.694 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953868MB BusType: 3
    14:44:16.694 Disk 0 MBR read successfully
    14:44:16.694 Disk 0 MBR scan
    14:44:16.694 Disk 0 Windows 7 default MBR code
    14:44:16.710 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:44:16.710 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 489525 MB offset 206848
    14:44:16.726 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464240 MB offset 1002754048
    14:44:16.757 Disk 0 scanning C:\Windows\system32\drivers
    14:44:21.998 Service scanning
    14:44:33.527 Modules scanning
    14:44:33.527 Disk 0 trace - called modules:
    14:44:33.527 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:44:33.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800776e060]
    14:44:33.527 3 CLASSPNP.SYS[fffff880021b343f] -> nt!IofCallDriver -> [0xfffffa800668be40]
    14:44:33.527 5 ACPI.sys[fffff88000ecf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0xfffffa80074b2060]
    14:44:34.868 AVAST engine scan C:\
    15:23:10.479 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    15:23:16.953 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    15:29:59.574 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ **INFECTED** Win32:Trojan-gen
    15:30:00.074 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000000.@ **INFECTED** Win32:Malware-gen
    15:30:00.183 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
    15:30:00.308 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000064.@ **INFECTED** Win32:Malware-gen
    16:16:34.105 Scan finished successfully
    16:20:55.843 Disk 0 MBR has been saved successfully to "C:\Users\Ägaren\Documents\MBR.dat"
    16:20:55.846 The log file has been saved successfully to "C:\Users\Ägaren\Documents\aswMBR.txt"


    I couldn't press fix or anything, but just some info.
  11. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    I cant get Combofix to run, it looks like its installing but it only creates a folder by the name "32788R22FWJFW" which contains shortcuts to my drives or something like that. I tried rkill and in safe mode but still wont work.
  13. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  14. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
    Press any key to quit...

    Did you mean that or the text in bootkit_remover_debug_log.txt?
  15. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  16. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    18:58:54.0411 1312 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    18:58:54.0756 1312 ============================================================
    18:58:54.0756 1312 Current date / time: 2012/06/03 18:58:54.0756
    18:58:54.0756 1312 SystemInfo:
    18:58:54.0756 1312
    18:58:54.0756 1312 OS Version: 6.1.7601 ServicePack: 1.0
    18:58:54.0756 1312 Product type: Workstation
    18:58:54.0756 1312 ComputerName: ÄGAREN-DATOR
    18:58:54.0756 1312 UserName: Ägaren
    18:58:54.0756 1312 Windows directory: C:\Windows
    18:58:54.0756 1312 System windows directory: C:\Windows
    18:58:54.0756 1312 Running under WOW64
    18:58:54.0756 1312 Processor architecture: Intel x64
    18:58:54.0756 1312 Number of processors: 4
    18:58:54.0756 1312 Page size: 0x1000
    18:58:54.0756 1312 Boot type: Safe boot with network
    18:58:54.0756 1312 ============================================================
    18:58:55.0624 1312 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:58:55.0626 1312 ============================================================
    18:58:55.0626 1312 \Device\Harddisk0\DR0:
    18:58:55.0626 1312 MBR partitions:
    18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BC1A800
    18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3BC4D000, BlocksNum 0x38AB8000
    18:58:55.0626 1312 ============================================================
    18:58:55.0639 1312 C: <-> \Device\Harddisk0\DR0\Partition1
    18:58:55.0667 1312 X: <-> \Device\Harddisk0\DR0\Partition2
    18:58:55.0667 1312 ============================================================
    18:58:55.0667 1312 Initialize success
    18:58:55.0667 1312 ============================================================
    18:59:12.0595 1544 ============================================================
    18:59:12.0595 1544 Scan started
    18:59:12.0595 1544 Mode: Manual;
    18:59:12.0595 1544 ============================================================
    18:59:13.0234 1544 1052426drv - ok
    18:59:13.0268 1544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:59:13.0270 1544 1394ohci - ok
    18:59:13.0331 1544 39377219 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\39377219.sys
    18:59:13.0335 1544 39377219 - ok
    18:59:13.0381 1544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:59:13.0384 1544 ACPI - ok
    18:59:13.0395 1544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:59:13.0396 1544 AcpiPmi - ok
    18:59:13.0496 1544 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:59:13.0498 1544 AdobeARMservice - ok
    18:59:13.0582 1544 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:59:13.0584 1544 AdobeFlashPlayerUpdateSvc - ok
    18:59:13.0650 1544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:59:13.0654 1544 adp94xx - ok
    18:59:13.0689 1544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:59:13.0692 1544 adpahci - ok
    18:59:13.0700 1544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:59:13.0702 1544 adpu320 - ok
    18:59:13.0712 1544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:59:13.0713 1544 AeLookupSvc - ok
    18:59:13.0790 1544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:59:13.0794 1544 AFD - ok
    18:59:13.0826 1544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:59:13.0827 1544 agp440 - ok
    18:59:13.0833 1544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:59:13.0835 1544 ALG - ok
    18:59:13.0844 1544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:59:13.0845 1544 aliide - ok
    18:59:13.0853 1544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:59:13.0854 1544 amdide - ok
    18:59:13.0870 1544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:59:13.0871 1544 AmdK8 - ok
    18:59:13.0874 1544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:59:13.0875 1544 AmdPPM - ok
    18:59:13.0899 1544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:59:13.0901 1544 amdsata - ok
    18:59:13.0911 1544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:59:13.0913 1544 amdsbs - ok
    18:59:13.0920 1544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:59:13.0920 1544 amdxata - ok
    18:59:13.0955 1544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:59:13.0956 1544 AppID - ok
    18:59:13.0958 1544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:59:13.0958 1544 AppIDSvc - ok
    18:59:13.0983 1544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:59:13.0984 1544 Appinfo - ok
    18:59:14.0019 1544 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    18:59:14.0021 1544 AppMgmt - ok
    18:59:14.0032 1544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:59:14.0034 1544 arc - ok
    18:59:14.0044 1544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:59:14.0045 1544 arcsas - ok
    18:59:14.0067 1544 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
    18:59:14.0068 1544 asmthub3 - ok
    18:59:14.0088 1544 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
    18:59:14.0090 1544 asmtxhci - ok
    18:59:14.0105 1544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:59:14.0105 1544 AsyncMac - ok
    18:59:14.0124 1544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:59:14.0125 1544 atapi - ok
    18:59:14.0176 1544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:59:14.0182 1544 AudioEndpointBuilder - ok
    18:59:14.0185 1544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:59:14.0188 1544 AudioSrv - ok
    18:59:14.0221 1544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:59:14.0223 1544 AxInstSV - ok
    18:59:14.0448 1544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:59:14.0452 1544 b06bdrv - ok
    18:59:14.0477 1544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:59:14.0480 1544 b57nd60a - ok
    18:59:14.0555 1544 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    18:59:14.0558 1544 BBSvc - ok
    18:59:14.0587 1544 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    18:59:14.0589 1544 BBUpdate - ok
    18:59:14.0606 1544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:59:14.0607 1544 BDESVC - ok
    18:59:14.0623 1544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:59:14.0623 1544 Beep - ok
    18:59:14.0701 1544 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    18:59:14.0709 1544 BITS - ok
    18:59:14.0721 1544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:59:14.0722 1544 blbdrive - ok
    18:59:14.0736 1544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:59:14.0737 1544 bowser - ok
    18:59:14.0739 1544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:59:14.0739 1544 BrFiltLo - ok
    18:59:14.0741 1544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:59:14.0741 1544 BrFiltUp - ok
    18:59:14.0748 1544 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:59:14.0749 1544 BridgeMP - ok
    18:59:14.0777 1544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:59:14.0779 1544 Browser - ok
    18:59:14.0789 1544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:59:14.0792 1544 Brserid - ok
    18:59:14.0795 1544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:59:14.0795 1544 BrSerWdm - ok
    18:59:14.0797 1544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:59:14.0798 1544 BrUsbMdm - ok
    18:59:14.0799 1544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:59:14.0800 1544 BrUsbSer - ok
    18:59:14.0803 1544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:59:14.0803 1544 BTHMODEM - ok
    18:59:14.0808 1544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:59:14.0809 1544 bthserv - ok
    18:59:14.0818 1544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:59:14.0819 1544 cdfs - ok
    18:59:14.0838 1544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    18:59:14.0840 1544 cdrom - ok
    18:59:14.0861 1544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:59:14.0862 1544 CertPropSvc - ok
    18:59:14.0879 1544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:59:14.0880 1544 circlass - ok
    18:59:14.0899 1544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:59:14.0902 1544 CLFS - ok
    18:59:14.0998 1544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:59:15.0002 1544 clr_optimization_v2.0.50727_32 - ok
    18:59:15.0026 1544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:59:15.0028 1544 clr_optimization_v2.0.50727_64 - ok
    18:59:15.0097 1544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:59:15.0132 1544 clr_optimization_v4.0.30319_32 - ok
    18:59:15.0156 1544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:59:15.0159 1544 clr_optimization_v4.0.30319_64 - ok
    18:59:15.0161 1544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:59:15.0161 1544 CmBatt - ok
    18:59:15.0185 1544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:59:15.0186 1544 cmdide - ok
    18:59:15.0218 1544 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:59:15.0222 1544 CNG - ok
    18:59:15.0231 1544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:59:15.0232 1544 Compbatt - ok
    18:59:15.0272 1544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:59:15.0272 1544 CompositeBus - ok
    18:59:15.0282 1544 COMSysApp - ok
    18:59:15.0293 1544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:59:15.0294 1544 crcdisk - ok
    18:59:15.0322 1544 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    18:59:15.0324 1544 CryptSvc - ok
    18:59:15.0359 1544 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    18:59:15.0364 1544 CSC - ok
    18:59:15.0431 1544 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    18:59:15.0437 1544 CscService - ok
    18:59:15.0477 1544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:59:15.0482 1544 DcomLaunch - ok
    18:59:15.0508 1544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:59:15.0511 1544 defragsvc - ok
    18:59:15.0564 1544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:59:15.0565 1544 DfsC - ok
    18:59:15.0589 1544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:59:15.0592 1544 Dhcp - ok
    18:59:15.0598 1544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:59:15.0599 1544 discache - ok
    18:59:15.0609 1544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:59:15.0610 1544 Disk - ok
    18:59:15.0633 1544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:59:15.0634 1544 Dnscache - ok
    18:59:15.0668 1544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:59:15.0671 1544 dot3svc - ok
    18:59:15.0683 1544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:59:15.0685 1544 DPS - ok
    18:59:15.0709 1544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:59:15.0710 1544 drmkaud - ok
    18:59:15.0753 1544 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    18:59:15.0754 1544 dtsoftbus01 - ok
    18:59:15.0823 1544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:59:15.0918 1544 DXGKrnl - ok
    18:59:15.0942 1544 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
    18:59:15.0944 1544 eamonm - ok
    18:59:15.0959 1544 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:59:15.0960 1544 EapHost - ok
    18:59:16.0241 1544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:59:16.0300 1544 ebdrv - ok
    18:59:16.0404 1544 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:59:16.0405 1544 EFS - ok
    18:59:16.0426 1544 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
    18:59:16.0427 1544 ehdrv - ok
    18:59:16.0469 1544 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:59:16.0483 1544 ehRecvr - ok
    18:59:16.0536 1544 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:59:16.0538 1544 ehSched - ok
    18:59:16.0623 1544 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    18:59:16.0663 1544 ekrn - ok
    18:59:16.0752 1544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:59:16.0757 1544 elxstor - ok
    18:59:16.0770 1544 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    18:59:16.0771 1544 epfwwfpr - ok
    18:59:16.0793 1544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:59:16.0793 1544 ErrDev - ok
    18:59:16.0850 1544 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:59:16.0853 1544 EventSystem - ok
    18:59:16.0879 1544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:59:16.0881 1544 exfat - ok
    18:59:16.0900 1544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:59:16.0903 1544 fastfat - ok
    18:59:16.0957 1544 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:59:16.0970 1544 Fax - ok
    18:59:16.0972 1544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:59:16.0973 1544 fdc - ok
    18:59:16.0984 1544 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:59:16.0985 1544 fdPHost - ok
    18:59:16.0992 1544 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:59:16.0992 1544 FDResPub - ok
    18:59:16.0996 1544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:59:16.0996 1544 FileInfo - ok
    18:59:16.0998 1544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:59:16.0999 1544 Filetrace - ok
    18:59:17.0001 1544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:59:17.0001 1544 flpydisk - ok
    18:59:17.0032 1544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:59:17.0035 1544 FltMgr - ok
    18:59:17.0091 1544 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:59:17.0105 1544 FontCache - ok
    18:59:17.0191 1544 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:59:17.0192 1544 FontCache3.0.0.0 - ok
    18:59:17.0205 1544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:59:17.0206 1544 FsDepends - ok
    18:59:17.0227 1544 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    18:59:17.0228 1544 Fs_Rec - ok
    18:59:17.0263 1544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:59:17.0265 1544 fvevol - ok
    18:59:17.0290 1544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:59:17.0291 1544 gagp30kx - ok
    18:59:17.0340 1544 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:59:17.0351 1544 gpsvc - ok
    18:59:17.0410 1544 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:59:17.0412 1544 gusvc - ok
    18:59:17.0429 1544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:59:17.0429 1544 hcw85cir - ok
    18:59:17.0466 1544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:59:17.0469 1544 HdAudAddService - ok
    18:59:17.0510 1544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:59:17.0511 1544 HDAudBus - ok
    18:59:17.0520 1544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:59:17.0521 1544 HidBatt - ok
    18:59:17.0535 1544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:59:17.0537 1544 HidBth - ok
    18:59:17.0539 1544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:59:17.0540 1544 HidIr - ok
    18:59:17.0563 1544 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:59:17.0563 1544 hidserv - ok
    18:59:17.0580 1544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:59:17.0580 1544 HidUsb - ok
    18:59:17.0604 1544 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:59:17.0605 1544 hkmsvc - ok
    18:59:17.0638 1544 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:59:17.0640 1544 HomeGroupListener - ok
    18:59:17.0652 1544 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:59:17.0654 1544 HomeGroupProvider - ok
    18:59:17.0679 1544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:59:17.0680 1544 HpSAMD - ok
    18:59:17.0728 1544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:59:17.0740 1544 HTTP - ok
    18:59:17.0751 1544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:59:17.0752 1544 hwpolicy - ok
    18:59:17.0778 1544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:59:17.0779 1544 i8042prt - ok
    18:59:17.0803 1544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:59:17.0807 1544 iaStorV - ok
    18:59:17.0894 1544 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:59:17.0914 1544 idsvc - ok
    18:59:17.0928 1544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:59:17.0929 1544 iirsp - ok
    18:59:17.0980 1544 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:59:17.0990 1544 IKEEXT - ok
    18:59:18.0140 1544 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
    18:59:18.0190 1544 IntcAzAudAddService - ok
    18:59:18.0297 1544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:59:18.0298 1544 intelide - ok
    18:59:18.0321 1544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:59:18.0322 1544 intelppm - ok
    18:59:18.0343 1544 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:59:18.0344 1544 IPBusEnum - ok
    18:59:18.0365 1544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:59:18.0367 1544 IpFilterDriver - ok
    18:59:18.0455 1544 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    18:59:18.0460 1544 iphlpsvc - ok
    18:59:18.0492 1544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:59:18.0493 1544 IPMIDRV - ok
    18:59:18.0512 1544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:59:18.0514 1544 IPNAT - ok
    18:59:18.0518 1544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:59:18.0519 1544 IRENUM - ok
    18:59:18.0523 1544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:59:18.0524 1544 isapnp - ok
    18:59:18.0556 1544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:59:18.0559 1544 iScsiPrt - ok
    18:59:18.0572 1544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:59:18.0572 1544 kbdclass - ok
    18:59:18.0583 1544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:59:18.0583 1544 kbdhid - ok
    18:59:18.0604 1544 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:59:18.0605 1544 KeyIso - ok
    18:59:18.0618 1544 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:59:18.0619 1544 KSecDD - ok
    18:59:18.0635 1544 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:59:18.0636 1544 KSecPkg - ok
    18:59:18.0650 1544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:59:18.0651 1544 ksthunk - ok
    18:59:18.0702 1544 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:59:18.0706 1544 KtmRm - ok
    18:59:18.0740 1544 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    18:59:18.0743 1544 LanmanServer - ok
    18:59:18.0766 1544 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:59:18.0768 1544 LanmanWorkstation - ok
    18:59:18.0796 1544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:59:18.0797 1544 lltdio - ok
    18:59:18.0818 1544 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:59:18.0822 1544 lltdsvc - ok
    18:59:18.0830 1544 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:59:18.0831 1544 lmhosts - ok
    18:59:18.0847 1544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:59:18.0848 1544 LSI_FC - ok
    18:59:18.0852 1544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:59:18.0854 1544 LSI_SAS - ok
    18:59:18.0870 1544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:59:18.0872 1544 LSI_SAS2 - ok
    18:59:18.0876 1544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:59:18.0878 1544 LSI_SCSI - ok
    18:59:18.0900 1544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:59:18.0902 1544 luafv - ok
    18:59:18.0925 1544 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    18:59:18.0926 1544 MBAMProtector - ok
    18:59:19.0068 1544 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:59:19.0082 1544 MBAMService - ok
    18:59:19.0115 1544 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:59:19.0117 1544 Mcx2Svc - ok
    18:59:19.0119 1544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:59:19.0120 1544 megasas - ok
    18:59:19.0130 1544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:59:19.0133 1544 MegaSR - ok
    18:59:19.0147 1544 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:59:19.0148 1544 MMCSS - ok
    18:59:19.0167 1544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:59:19.0168 1544 Modem - ok
    18:59:19.0196 1544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:59:19.0197 1544 monitor - ok
    18:59:19.0215 1544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:59:19.0216 1544 mouclass - ok
    18:59:19.0254 1544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:59:19.0255 1544 mouhid - ok
    18:59:19.0285 1544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:59:19.0286 1544 mountmgr - ok
    18:59:19.0314 1544 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:59:19.0315 1544 MozillaMaintenance - ok
    18:59:19.0339 1544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:59:19.0341 1544 mpio - ok
    18:59:19.0344 1544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:59:19.0346 1544 mpsdrv - ok
    18:59:19.0364 1544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:59:19.0366 1544 MRxDAV - ok
    18:59:19.0393 1544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:59:19.0395 1544 mrxsmb - ok
    18:59:19.0421 1544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:59:19.0424 1544 mrxsmb10 - ok
    18:59:19.0452 1544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:59:19.0453 1544 mrxsmb20 - ok
    18:59:19.0466 1544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:59:19.0466 1544 msahci - ok
    18:59:19.0477 1544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:59:19.0478 1544 msdsm - ok
    18:59:19.0503 1544 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:59:19.0505 1544 MSDTC - ok
    18:59:19.0516 1544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:59:19.0516 1544 Msfs - ok
    18:59:19.0525 1544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:59:19.0526 1544 mshidkmdf - ok
    18:59:19.0532 1544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:59:19.0533 1544 msisadrv - ok
    18:59:19.0571 1544 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:59:19.0573 1544 MSiSCSI - ok
    18:59:19.0574 1544 msiserver - ok
    18:59:19.0593 1544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:59:19.0594 1544 MSKSSRV - ok
    18:59:19.0608 1544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:59:19.0608 1544 MSPCLOCK - ok
    18:59:19.0612 1544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:59:19.0613 1544 MSPQM - ok
    18:59:19.0641 1544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:59:19.0644 1544 MsRPC - ok
    18:59:19.0660 1544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:59:19.0660 1544 mssmbios - ok
    18:59:19.0670 1544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:59:19.0671 1544 MSTEE - ok
    18:59:19.0712 1544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:59:19.0713 1544 MTConfig - ok
    18:59:19.0906 1544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:59:19.0952 1544 Mup - ok
  17. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    18:59:20.0000 1544 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:59:20.0005 1544 napagent - ok
    18:59:20.0037 1544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:59:20.0040 1544 NativeWifiP - ok
    18:59:20.0080 1544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:59:20.0099 1544 NDIS - ok
    18:59:20.0133 1544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:59:20.0134 1544 NdisCap - ok
    18:59:20.0152 1544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:59:20.0152 1544 NdisTapi - ok
    18:59:20.0175 1544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:59:20.0176 1544 Ndisuio - ok
    18:59:20.0201 1544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:59:20.0203 1544 NdisWan - ok
    18:59:20.0224 1544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:59:20.0225 1544 NDProxy - ok
    18:59:20.0227 1544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:59:20.0228 1544 NetBIOS - ok
    18:59:20.0250 1544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:59:20.0252 1544 NetBT - ok
    18:59:20.0271 1544 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:59:20.0271 1544 Netlogon - ok
    18:59:20.0311 1544 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:59:20.0333 1544 Netman - ok
    18:59:20.0378 1544 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:59:20.0383 1544 netprofm - ok
    18:59:20.0502 1544 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:59:20.0504 1544 NetTcpPortSharing - ok
    18:59:20.0514 1544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:59:20.0515 1544 nfrd960 - ok
    18:59:20.0544 1544 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:59:20.0547 1544 NlaSvc - ok
    18:59:20.0550 1544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:59:20.0551 1544 Npfs - ok
    18:59:20.0557 1544 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:59:20.0558 1544 nsi - ok
    18:59:20.0568 1544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:59:20.0569 1544 nsiproxy - ok
    18:59:20.0645 1544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:59:20.0693 1544 Ntfs - ok
    18:59:20.0783 1544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:59:20.0783 1544 Null - ok
    18:59:20.0827 1544 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
    18:59:20.0829 1544 NVHDA - ok
    18:59:21.0403 1544 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:59:21.0555 1544 nvlddmkm - ok
    18:59:21.0609 1544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:59:21.0611 1544 nvraid - ok
    18:59:21.0637 1544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:59:21.0639 1544 nvstor - ok
    18:59:21.0707 1544 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
    18:59:21.0727 1544 nvsvc - ok
    18:59:21.0836 1544 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    18:59:21.0858 1544 nvUpdatusService - ok
    18:59:21.0895 1544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:59:21.0897 1544 nv_agp - ok
    18:59:21.0920 1544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:59:21.0921 1544 ohci1394 - ok
    18:59:22.0003 1544 OpenVPNService (d29d5e61a5722630bb58940d1e4e231a) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
    18:59:22.0003 1544 OpenVPNService - ok
    18:59:22.0050 1544 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:59:22.0053 1544 p2pimsvc - ok
    18:59:22.0082 1544 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:59:22.0087 1544 p2psvc - ok
    18:59:22.0117 1544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:59:22.0118 1544 Parport - ok
    18:59:22.0141 1544 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    18:59:22.0142 1544 partmgr - ok
    18:59:22.0156 1544 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:59:22.0158 1544 PcaSvc - ok
    18:59:22.0172 1544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:59:22.0174 1544 pci - ok
    18:59:22.0183 1544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:59:22.0184 1544 pciide - ok
    18:59:22.0192 1544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:59:22.0194 1544 pcmcia - ok
    18:59:22.0207 1544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:59:22.0208 1544 pcw - ok
    18:59:22.0238 1544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:59:22.0253 1544 PEAUTH - ok
    18:59:22.0326 1544 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    18:59:22.0358 1544 PeerDistSvc - ok
    18:59:22.0462 1544 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:59:22.0463 1544 PerfHost - ok
    18:59:22.0616 1544 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
    18:59:22.0617 1544 PEVSystemStart - ok
    18:59:22.0730 1544 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:59:22.0742 1544 pla - ok
    18:59:22.0810 1544 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:59:22.0814 1544 PlugPlay - ok
    18:59:22.0832 1544 PnkBstrA - ok
    18:59:22.0845 1544 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:59:22.0846 1544 PNRPAutoReg - ok
    18:59:22.0872 1544 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:59:22.0874 1544 PNRPsvc - ok
    18:59:22.0904 1544 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:59:22.0908 1544 PolicyAgent - ok
    18:59:22.0931 1544 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:59:22.0932 1544 Power - ok
    18:59:22.0973 1544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:59:22.0974 1544 PptpMiniport - ok
    18:59:22.0991 1544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:59:22.0991 1544 Processor - ok
    18:59:23.0015 1544 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    18:59:23.0017 1544 ProfSvc - ok
    18:59:23.0037 1544 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:59:23.0038 1544 ProtectedStorage - ok
    18:59:23.0070 1544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:59:23.0071 1544 Psched - ok
    18:59:23.0156 1544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:59:23.0194 1544 ql2300 - ok
    18:59:23.0333 1544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:59:23.0334 1544 ql40xx - ok
    18:59:23.0343 1544 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:59:23.0345 1544 QWAVE - ok
    18:59:23.0348 1544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:59:23.0349 1544 QWAVEdrv - ok
    18:59:23.0358 1544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:59:23.0359 1544 RasAcd - ok
    18:59:23.0374 1544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:59:23.0374 1544 RasAgileVpn - ok
    18:59:23.0391 1544 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:59:23.0393 1544 RasAuto - ok
    18:59:23.0403 1544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:59:23.0405 1544 Rasl2tp - ok
    18:59:23.0430 1544 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:59:23.0434 1544 RasMan - ok
    18:59:23.0439 1544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:59:23.0440 1544 RasPppoe - ok
    18:59:23.0444 1544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:59:23.0445 1544 RasSstp - ok
    18:59:23.0471 1544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:59:23.0474 1544 rdbss - ok
    18:59:23.0487 1544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:59:23.0487 1544 rdpbus - ok
    18:59:23.0494 1544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:59:23.0495 1544 RDPCDD - ok
    18:59:23.0515 1544 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    18:59:23.0517 1544 RDPDR - ok
    18:59:23.0533 1544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:59:23.0533 1544 RDPENCDD - ok
    18:59:23.0544 1544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:59:23.0545 1544 RDPREFMP - ok
    18:59:23.0590 1544 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    18:59:23.0591 1544 RdpVideoMiniport - ok
    18:59:23.0612 1544 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    18:59:23.0614 1544 RDPWD - ok
    18:59:23.0637 1544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:59:23.0639 1544 rdyboost - ok
    18:59:23.0664 1544 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:59:23.0665 1544 RemoteAccess - ok
    18:59:23.0677 1544 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:59:23.0680 1544 RemoteRegistry - ok
    18:59:23.0685 1544 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:59:23.0686 1544 RpcEptMapper - ok
    18:59:23.0704 1544 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:59:23.0705 1544 RpcLocator - ok
    18:59:23.0733 1544 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:59:23.0736 1544 RpcSs - ok
    18:59:23.0747 1544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:59:23.0748 1544 rspndr - ok
    18:59:23.0788 1544 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:59:23.0790 1544 RTL8167 - ok
    18:59:23.0812 1544 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    18:59:23.0813 1544 s3cap - ok
    18:59:23.0837 1544 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:59:23.0838 1544 SamSs - ok
    18:59:23.0855 1544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:59:23.0856 1544 sbp2port - ok
    18:59:23.0987 1544 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    18:59:24.0046 1544 SBSDWSCService - ok
    18:59:24.0092 1544 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:59:24.0095 1544 SCardSvr - ok
    18:59:24.0148 1544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:59:24.0149 1544 scfilter - ok
    18:59:24.0193 1544 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:59:24.0230 1544 Schedule - ok
    18:59:24.0250 1544 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:59:24.0251 1544 SCPolicySvc - ok
    18:59:24.0270 1544 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:59:24.0272 1544 SDRSVC - ok
    18:59:24.0286 1544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:59:24.0287 1544 secdrv - ok
    18:59:24.0320 1544 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:59:24.0321 1544 seclogon - ok
    18:59:24.0336 1544 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    18:59:24.0337 1544 SENS - ok
    18:59:24.0351 1544 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:59:24.0352 1544 SensrSvc - ok
    18:59:24.0362 1544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:59:24.0363 1544 Serenum - ok
    18:59:24.0373 1544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:59:24.0374 1544 Serial - ok
    18:59:24.0397 1544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:59:24.0398 1544 sermouse - ok
    18:59:24.0420 1544 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:59:24.0422 1544 SessionEnv - ok
    18:59:24.0442 1544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:59:24.0443 1544 sffdisk - ok
    18:59:24.0452 1544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:59:24.0453 1544 sffp_mmc - ok
    18:59:24.0455 1544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:59:24.0455 1544 sffp_sd - ok
    18:59:24.0462 1544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:59:24.0463 1544 sfloppy - ok
    18:59:24.0496 1544 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:59:24.0500 1544 ShellHWDetection - ok
    18:59:24.0515 1544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:59:24.0515 1544 SiSRaid2 - ok
    18:59:24.0534 1544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:59:24.0535 1544 SiSRaid4 - ok
    18:59:24.0539 1544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:59:24.0540 1544 Smb - ok
    18:59:24.0548 1544 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:59:24.0549 1544 SNMPTRAP - ok
    18:59:24.0557 1544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:59:24.0558 1544 spldr - ok
    18:59:24.0582 1544 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:59:24.0588 1544 Spooler - ok
    18:59:24.0766 1544 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:59:24.0805 1544 sppsvc - ok
    18:59:24.0884 1544 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:59:24.0906 1544 sppuinotify - ok
    18:59:25.0110 1544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:59:25.0115 1544 srv - ok
    18:59:25.0144 1544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:59:25.0147 1544 srv2 - ok
    18:59:25.0167 1544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:59:25.0169 1544 srvnet - ok
    18:59:25.0198 1544 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:59:25.0201 1544 SSDPSRV - ok
    18:59:25.0205 1544 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:59:25.0206 1544 SstpSvc - ok
    18:59:25.0257 1544 Steam Client Service - ok
    18:59:25.0365 1544 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    18:59:25.0369 1544 Stereo Service - ok
    18:59:25.0390 1544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:59:25.0390 1544 stexstor - ok
    18:59:25.0428 1544 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:59:25.0445 1544 stisvc - ok
    18:59:25.0463 1544 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    18:59:25.0464 1544 storflt - ok
    18:59:25.0472 1544 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    18:59:25.0473 1544 storvsc - ok
    18:59:25.0497 1544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:59:25.0498 1544 swenum - ok
    18:59:25.0515 1544 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:59:25.0520 1544 swprv - ok
    18:59:25.0521 1544 Synth3dVsc - ok
    18:59:25.0603 1544 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:59:25.0626 1544 SysMain - ok
    18:59:25.0726 1544 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:59:25.0728 1544 TabletInputService - ok
    18:59:25.0775 1544 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
    18:59:25.0776 1544 tap0901 - ok
    18:59:25.0796 1544 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:59:25.0799 1544 TapiSrv - ok
    18:59:25.0803 1544 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:59:25.0804 1544 TBS - ok
    18:59:25.0890 1544 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    18:59:25.0908 1544 Tcpip - ok
    18:59:26.0036 1544 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    18:59:26.0044 1544 TCPIP6 - ok
    18:59:26.0114 1544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:59:26.0115 1544 tcpipreg - ok
    18:59:26.0133 1544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:59:26.0133 1544 TDPIPE - ok
    18:59:26.0147 1544 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    18:59:26.0148 1544 TDTCP - ok
    18:59:26.0181 1544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:59:26.0182 1544 tdx - ok
    18:59:26.0242 1544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:59:26.0242 1544 TermDD - ok
    18:59:26.0283 1544 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:59:26.0297 1544 TermService - ok
    18:59:26.0308 1544 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:59:26.0309 1544 Themes - ok
    18:59:26.0337 1544 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:59:26.0337 1544 THREADORDER - ok
    18:59:26.0351 1544 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:59:26.0353 1544 TrkWks - ok
    18:59:26.0386 1544 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:59:26.0388 1544 TrustedInstaller - ok
    18:59:26.0409 1544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:59:26.0410 1544 tssecsrv - ok
    18:59:26.0433 1544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:59:26.0434 1544 TsUsbFlt - ok
    18:59:26.0435 1544 tsusbhub - ok
    18:59:26.0464 1544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:59:26.0465 1544 tunnel - ok
    18:59:26.0475 1544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:59:26.0476 1544 uagp35 - ok
    18:59:26.0493 1544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:59:26.0496 1544 udfs - ok
    18:59:26.0521 1544 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:59:26.0522 1544 UI0Detect - ok
    18:59:26.0539 1544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:59:26.0540 1544 uliagpkx - ok
    18:59:26.0560 1544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:59:26.0560 1544 umbus - ok
    18:59:26.0572 1544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:59:26.0573 1544 UmPass - ok
    18:59:26.0595 1544 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    18:59:26.0598 1544 UmRdpService - ok
    18:59:26.0621 1544 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:59:26.0624 1544 upnphost - ok
    18:59:26.0642 1544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:59:26.0643 1544 usbccgp - ok
    18:59:26.0677 1544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:59:26.0678 1544 usbcir - ok
    18:59:26.0696 1544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    18:59:26.0697 1544 usbehci - ok
    18:59:26.0723 1544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:59:26.0726 1544 usbhub - ok
    18:59:26.0740 1544 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    18:59:26.0741 1544 usbohci - ok
    18:59:26.0750 1544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:59:26.0751 1544 usbprint - ok
    18:59:26.0766 1544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:59:26.0767 1544 USBSTOR - ok
    18:59:26.0775 1544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:59:26.0776 1544 usbuhci - ok
    18:59:26.0785 1544 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:59:26.0786 1544 UxSms - ok
    18:59:26.0816 1544 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:59:26.0816 1544 VaultSvc - ok
    18:59:26.0835 1544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:59:26.0836 1544 vdrvroot - ok
    18:59:26.0862 1544 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:59:26.0867 1544 vds - ok
    18:59:26.0870 1544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:59:26.0870 1544 vga - ok
    18:59:26.0875 1544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:59:26.0876 1544 VgaSave - ok
    18:59:26.0877 1544 VGPU - ok
    18:59:26.0900 1544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:59:26.0903 1544 vhdmp - ok
    18:59:26.0916 1544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:59:26.0917 1544 viaide - ok
    18:59:26.0931 1544 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    18:59:26.0933 1544 vmbus - ok
    18:59:26.0947 1544 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    18:59:26.0948 1544 VMBusHID - ok
    18:59:26.0970 1544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:59:26.0971 1544 volmgr - ok
    18:59:27.0027 1544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:59:27.0031 1544 volmgrx - ok
    18:59:27.0058 1544 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
    18:59:27.0061 1544 volsnap - ok
    18:59:27.0084 1544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:59:27.0086 1544 vsmraid - ok
    18:59:27.0225 1544 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:59:27.0239 1544 VSS - ok
    18:59:27.0318 1544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:59:27.0319 1544 vwifibus - ok
    18:59:27.0336 1544 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:59:27.0340 1544 W32Time - ok
    18:59:27.0350 1544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:59:27.0351 1544 WacomPen - ok
    18:59:27.0365 1544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:59:27.0366 1544 WANARP - ok
    18:59:27.0368 1544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:59:27.0368 1544 Wanarpv6 - ok
    18:59:27.0437 1544 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:59:27.0460 1544 WatAdminSvc - ok
    18:59:27.0556 1544 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:59:27.0569 1544 wbengine - ok
    18:59:27.0676 1544 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:59:27.0679 1544 WbioSrvc - ok
    18:59:27.0708 1544 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:59:27.0712 1544 wcncsvc - ok
    18:59:27.0723 1544 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:59:27.0724 1544 WcsPlugInService - ok
    18:59:27.0730 1544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:59:27.0731 1544 Wd - ok
    18:59:27.0761 1544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:59:27.0776 1544 Wdf01000 - ok
    18:59:27.0791 1544 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:59:27.0793 1544 WdiServiceHost - ok
    18:59:27.0794 1544 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:59:27.0795 1544 WdiSystemHost - ok
    18:59:27.0858 1544 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:59:27.0861 1544 WebClient - ok
    18:59:27.0891 1544 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:59:27.0894 1544 Wecsvc - ok
    18:59:27.0898 1544 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:59:27.0900 1544 wercplsupport - ok
    18:59:27.0913 1544 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:59:27.0915 1544 WerSvc - ok
    18:59:27.0933 1544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:59:27.0934 1544 WfpLwf - ok
    18:59:27.0950 1544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:59:27.0951 1544 WIMMount - ok
    18:59:27.0982 1544 WinDefend - ok
    18:59:27.0984 1544 WinHttpAutoProxySvc - ok
    18:59:28.0067 1544 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:59:28.0070 1544 Winmgmt - ok
    18:59:28.0155 1544 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:59:28.0205 1544 WinRM - ok
    18:59:28.0346 1544 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:59:28.0371 1544 Wlansvc - ok
    18:59:28.0407 1544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:59:28.0407 1544 WmiAcpi - ok
    18:59:28.0428 1544 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:59:28.0430 1544 wmiApSrv - ok
    18:59:28.0445 1544 WMPNetworkSvc - ok
    18:59:28.0454 1544 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:59:28.0456 1544 WPCSvc - ok
    18:59:28.0484 1544 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:59:28.0486 1544 WPDBusEnum - ok
    18:59:28.0497 1544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:59:28.0498 1544 ws2ifsl - ok
    18:59:28.0512 1544 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    18:59:28.0514 1544 wscsvc - ok
    18:59:28.0515 1544 WSearch - ok
    18:59:28.0612 1544 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    18:59:28.0640 1544 wuauserv - ok
    18:59:28.0713 1544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:59:28.0714 1544 WudfPf - ok
    18:59:28.0741 1544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:59:28.0743 1544 WUDFRd - ok
    18:59:28.0764 1544 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:59:28.0765 1544 wudfsvc - ok
    18:59:28.0781 1544 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:59:28.0784 1544 WwanSvc - ok
    18:59:28.0791 1544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    18:59:29.0030 1544 \Device\Harddisk0\DR0 - ok
    18:59:29.0032 1544 Boot (0x1200) (e6b30dd4a63db0c2bbcc6c8027627d97) \Device\Harddisk0\DR0\Partition0
    18:59:29.0032 1544 \Device\Harddisk0\DR0\Partition0 - ok
    18:59:29.0041 1544 Boot (0x1200) (c6c11e50ca31cfda8fd047beb0c25515) \Device\Harddisk0\DR0\Partition1
    18:59:29.0042 1544 \Device\Harddisk0\DR0\Partition1 - ok
    18:59:29.0065 1544 Boot (0x1200) (54043c7cc5d8c9051e618723e4a05bb8) \Device\Harddisk0\DR0\Partition2
    18:59:29.0066 1544 \Device\Harddisk0\DR0\Partition2 - ok
    18:59:29.0066 1544 ============================================================
    18:59:29.0066 1544 Scan finished
    18:59:29.0066 1544 ============================================================
    18:59:29.0070 1896 Detected object count: 0
    18:59:29.0070 1896 Actual detected object count: 0

    Also, I am in safe mode at the moment, if it makes any difference.
  18. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Why are you in safe mode?

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  19. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Suspisious use kernel callback but MBR appears intact. Repair not done.
    No infections were found.
  20. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Also, how does the virus block my Nod32 web access protection? Just says non functional.
  21. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Make sure your Combofix is located on your Desktop.
    Go Start and in "Start search" type in:
    cmd
    Hold SHIFT and CTRL keys, press Enter.
    Command prompt window will open.
    Paste following command:

    "%userprofile%\desktop\ComboFix.exe" /KillAll /nombr

    Press Enter.
    See if Combofix will run.
    Try normal and safe mode.
  22. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    Nothing, just creates the same folder containing my drives.
  23. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    OTL logfile created on: 2012-06-03 19:51:00 - Run 1
    OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ägaren\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    7,98 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,27% Memory free
    15,96 Gb Paging File | 14,18 Gb Available in Paging File | 88,86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 478,05 Gb Total Space | 346,55 Gb Free Space | 72,49% Space Free | Partition Type: NTFS
    Drive E: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive X: | 453,36 Gb Total Space | 60,05 Gb Free Space | 13,25% Space Free | Partition Type: NTFS

    Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-06-03 19:49:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Downloads\OTL.exe
    PRC - [2012-05-20 18:20:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012-05-15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012-04-17 17:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011-06-15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-05-15 21:34:34 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2010-11-20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010-11-20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
    SRV:64bit: - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
    SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-05-20 18:20:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012-05-19 11:47:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-05-15 22:42:44 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-05-15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011-07-07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011-07-01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011-06-26 08:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
    SRV - [2011-06-15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-06-02 22:17:50 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\39377219.sys -- (39377219)
    DRV:64bit: - [2012-05-23 13:58:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012-04-18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-08-09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011-08-04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011-08-04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2011-07-01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011-06-10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011-06-02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011-06-02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
    DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
    DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 1F 2E 1D A9 32 CD 01 [binary data]
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes\{FA8674F3-AF74-4640-B55E-3FBCE4393507}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ägaren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-05-27 22:26:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-15 21:17:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-05-27 22:26:12 | 000,000,000 | ---D | M]

    [2012-05-15 21:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Extensions
    [2012-05-23 07:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions
    [2012-05-23 07:03:56 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2012-05-20 10:24:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012-05-15 21:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{BEE6EB20-01E0-EBD1-DA83-080329FB9A3A}
    File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
    [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-04-21 04:05:56 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
    [2012-04-21 04:05:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-04-21 04:05:56 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
    [2012-04-21 04:05:56 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
    [2012-04-21 04:05:57 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
    [2012-04-21 04:05:57 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

    O1 HOSTS File: ([2012-06-03 10:18:40 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15214 more lines...
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [VPNCheck] File not found
    O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = File not found
    O4 - Startup: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39377219.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
    O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab (SysInfo Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDFEB4F4-C1D5-4A6A-8517-3EA096F8E806}: DhcpNameServer = 80.67.0.2 91.213.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE}: NameServer = 192.168.1.1
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012-01-05 21:30:20 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
  25. cschrille

    cschrille TS Enthusiast Topic Starter Posts: 181

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-06-03 18:37:31 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\your_name.exe
    [2012-06-03 18:13:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012-06-03 18:07:38 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\something.exe
    [2012-06-03 18:04:03 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\ComboFix.exe
    [2012-06-03 17:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012-06-03 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012-06-03 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012-06-03 14:49:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012-06-03 13:03:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Need for Speed World
    [2012-06-03 12:48:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Electronic_Arts_Inc
    [2012-06-03 11:45:50 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\Combo--Fix.exe
    [2012-06-03 10:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012-06-03 10:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012-06-03 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012-06-03 01:04:22 | 004,534,467 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\Combo-Fix.exe
    [2012-06-02 22:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012-06-02 22:17:13 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\39377219.sys
    [2012-06-02 19:35:11 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Malwarebytes
    [2012-06-02 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-06-02 19:35:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012-06-02 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-06-02 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-06-02 19:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
    [2012-06-02 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
    [2012-06-02 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Chromium
    [2012-06-02 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
    [2012-06-02 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Rockstar Games
    [2012-06-02 13:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
    [2012-06-01 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\European Bus Simulator 2012
    [2012-06-01 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\European Bus Simulator 2012
    [2012-06-01 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012
    [2012-05-30 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
    [2012-05-30 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Rigs of Rods 0.38
    [2012-05-29 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Roaming
    [2012-05-29 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Quest3D
    [2012-05-29 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\ShipSimExtremes Userdata
    [2012-05-29 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
    [2012-05-29 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
    [2012-05-29 13:59:03 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Motorm4x
    [2012-05-29 13:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
    [2012-05-28 17:56:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
    [2012-05-28 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2012-05-28 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\ESET
    [2012-05-28 17:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
    [2012-05-28 17:51:21 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
    [2012-05-27 22:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
    [2012-05-27 22:29:12 | 000,000,000 | ---D | C] -- C:\CRACK
    [2012-05-27 22:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2012-05-27 22:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012-05-27 22:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012-05-27 21:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012-05-27 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\SystemRequirementsLab
    [2012-05-26 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
    [2012-05-26 21:09:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2012-05-26 21:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\My Games
    [2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\FLT
    [2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
    [2012-05-26 18:35:51 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012-05-26 18:35:51 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012-05-26 18:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2012-05-26 18:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiRT Showdown
    [2012-05-26 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
    [2012-05-26 17:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
    [2012-05-26 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGA
    [2012-05-26 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGA
    [2012-05-26 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
    [2012-05-25 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\FlashGet
    [2012-05-25 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet
    [2012-05-25 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet
    [2012-05-25 17:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGA
    [2012-05-24 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS
    [2012-05-24 16:58:24 | 000,000,000 | ---D | C] -- C:\KISS
    [2012-05-24 16:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION
    [2012-05-24 16:20:52 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
    [2012-05-24 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2012-05-24 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2012-05-24 13:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    [2012-05-24 13:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
    [2012-05-24 09:51:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012-05-23 13:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2012-05-23 13:58:41 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012-05-23 13:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2012-05-23 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\DAEMON Tools Lite
    [2012-05-23 13:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2012-05-22 21:19:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012-05-22 21:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012-05-22 21:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012-05-22 21:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012-05-22 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader1
    [2012-05-22 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader
    [2012-05-22 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\NeoDownloader
    [2012-05-22 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader
    [2012-05-21 21:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012-05-21 21:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2012-05-21 21:27:09 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2012-05-21 21:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    [2012-05-21 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Notepad++
    [2012-05-21 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
    [2012-05-20 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\OpenOffice.org
    [2012-05-20 16:41:31 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
    [2012-05-20 16:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
    [2012-05-20 16:38:15 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
    [2012-05-20 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\NVIDIA
    [2012-05-20 11:53:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\PunkBuster
    [2012-05-20 11:53:10 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Battlefield 3
    [2012-05-20 11:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
    [2012-05-20 11:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
    [2012-05-20 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\.minecraft
    [2012-05-19 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Unity
    [2012-05-19 14:26:07 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Unity
    [2012-05-18 23:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    [2012-05-18 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
    [2012-05-18 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Origin
    [2012-05-18 21:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
    [2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Origin
    [2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    [2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
    [2012-05-18 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
    [2012-05-17 23:36:19 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Diablo III
    [2012-05-17 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012-05-17 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012-05-17 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012-05-17 21:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012-05-17 13:23:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Hitman Blood Money
    [2012-05-17 13:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012-05-16 17:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
    [2012-05-16 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012-05-16 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\QuickScan
    [2012-05-16 17:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012-05-16 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\WinRAR
    [2012-05-16 17:12:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012-05-16 17:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012-05-16 15:10:20 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\vlc
    [2012-05-16 13:16:10 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\BitTorrent
    [2012-05-16 13:06:06 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Multisoft
    [2012-05-15 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Media Player Classic
    [2012-05-15 22:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012-05-15 22:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012-05-15 22:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    [2012-05-15 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
    [2012-05-15 22:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
    [2012-05-15 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    [2012-05-15 22:17:19 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Google
    [2012-05-15 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Guavi
    [2012-05-15 22:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNCheck
    [2012-05-15 22:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VPNCheck
    [2012-05-15 22:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
    [2012-05-15 22:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
    [2012-05-15 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Mozilla
    [2012-05-15 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Mozilla
    [2012-05-15 21:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012-05-15 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012-05-15 21:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012-05-15 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012-05-15 20:46:36 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2012-05-15 20:46:36 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2012-05-15 20:44:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2012-05-15 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012-05-15 20:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2012-05-15 20:13:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\TeraCopy
    [2012-05-15 20:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
    [2012-05-15 16:56:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2012-05-15 16:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2012-05-15 16:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Adobe
    [2012-05-15 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Macromedia
    [2012-05-15 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Adobe
    [2012-05-15 16:54:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012-05-15 16:54:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012-05-15 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2012-05-15 16:44:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2012-05-15 16:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012-05-15 16:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012-05-15 16:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012-05-15 15:46:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012-05-15 15:46:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012-05-15 15:43:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012-05-15 15:42:47 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012-05-15 15:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012-05-15 15:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2012-05-15 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012-05-15 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012-05-15 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012-05-15 13:41:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012-05-15 13:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
    [2012-05-15 13:14:04 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012-05-15 13:12:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012-05-15 13:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012-05-15 13:12:14 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012-05-15 13:12:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2012-05-15 13:12:14 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
    [2012-05-15 13:12:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2012-05-15 13:12:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2012-05-15 13:12:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2012-05-15 13:12:14 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
    [2012-05-15 13:12:14 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
    [2012-05-15 13:12:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2012-05-15 13:12:11 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012-05-15 13:12:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012-05-15 13:12:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012-05-15 13:12:11 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012-05-15 13:12:11 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012-05-15 13:12:11 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012-05-15 13:12:09 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2012-05-15 13:12:09 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
    [2012-05-15 13:12:09 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
    [2012-05-15 13:12:09 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2012-05-15 13:12:09 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
    [2012-05-15 13:12:09 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
    [2012-05-15 13:12:09 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
    [2012-05-15 13:12:08 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012-05-15 13:12:08 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
    [2012-05-15 13:12:08 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2012-05-15 13:12:08 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2012-05-15 13:12:06 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012-05-15 13:12:05 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2012-05-15 13:12:05 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2012-05-15 13:12:05 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2012-05-15 13:12:05 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2012-05-15 13:12:05 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2012-05-15 13:12:05 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2012-05-15 13:12:05 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2012-05-15 13:12:05 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2012-05-15 13:12:05 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2012-05-15 13:12:04 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2012-05-15 13:12:04 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2012-05-15 13:12:04 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2012-05-15 13:12:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012-05-15 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012-05-15 13:12:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012-05-15 13:11:52 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
    [2012-05-15 13:11:11 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012-05-15 13:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2012-05-15 13:10:58 | 000,000,000 | ---D | C] -- C:\Intel
    [2012-05-15 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
    [2012-05-15 13:08:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Searches
    [2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012-05-15 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Identities
    [2012-05-15 12:57:33 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Contacts
    [2012-05-15 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\VirtualStore
    [2012-05-15 12:57:12 | 000,000,000 | --SD | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Videos
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Saved Games
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Pictures
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Music
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Links
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Favorites
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Downloads
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Documents
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Desktop
    [2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Tidigare
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Temporary Internet Files
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Start-meny
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Skrivare
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\SendTo
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Recent
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Programdata
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Programdata
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Nätverket
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Mina videoklipp
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Mina dokument
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Mina bilder
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Min musik
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Mallar
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Lokala inställningar
    [2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Cookies
    [2012-05-15 12:57:12 | 000,000,000 | -H-D | C] -- C:\Users\Ägaren\AppData
    [2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Temp
    [2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Microsoft
    [2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Media Center Programs
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start-meny
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Skrivbord
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Programdata
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina videoklipp
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina bilder
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Min musik
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Mallar
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriter
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokument
    [2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Program Files\Delade filer
    [2012-05-15 12:57:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012-05-15 12:42:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012-05-15 12:42:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2012-05-13 19:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.