Solved Sirefef won't go away - please help!

C

cschrille

Posts: 177   +0
Ok, so I got infected by this crap yesterday and it is seriously impossible to remove. I noticed that many people has recently been infected by this lately and I wonder how I can remove it.

I have the latest update for Nod32 and I have scanned and removed, but it keeps coming back.
I also tried MBAM in safe mode which found C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner)

C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner)

Both are same file path as the ones Nod32 is picking up, but Nod32 also says :
Object: Operating memory > C:\Windows\assembly\GAC_32\Desktop.ini
Threat: a variant of Win32/Sirefef.EZ trojan
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Ägaren at 0:57:41 on 2012-06-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1053.18.8173.5901 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\notepad.exe
C:\Users\Ägaren\Downloads\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VPNCheck]
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\GAREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Ägaren\AppData\Local\Temp\_uninst_.bat
StartupFolder: C:\Users\GAREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Ägaren\AppData\Local\Temp\_uninst_39377219.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EDFEB4F4-C1D5-4A6A-8517-3EA096F8E806} : DhcpNameServer = 80.67.0.2 91.213.246.2
TCP: Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE} : DhcpNameServer = 192.168.1.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{F156768E-81EF-470C-9057-481BA8380DBA}
{8dcb7100-df86-4384-8842-8fa844297b3f}
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\r3cyqdc7.default\
.
============= SERVICES / DRIVERS ===============
.
R0 39377219;39377219;C:\Windows\system32\DRIVERS\39377219.sys --> C:\Windows\system32\DRIVERS\39377219.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-2 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-15 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-02 22:57:42 -------- d-----w- C:\Users\?garen\AppData\Local\Microsoft
2012-06-02 20:17:52 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-02 20:17:13 460888 ----a-w- C:\Windows\System32\drivers\39377219.sys
2012-06-02 17:35:11 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Malwarebytes
2012-06-02 17:35:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 17:35:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-02 17:35:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 16:39:49 -------- d-----w- C:\ProgramData\Rockstar Games
2012-06-02 11:14:07 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-01 12:57:39 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{693E3B0F-3805-46B5-A307-733C734207AF}\mpengine.dll
2012-05-29 14:31:37 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Roaming
2012-05-29 14:31:37 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Quest3D
2012-05-28 15:56:59 -------- d-sh--w- C:\ProgramData\DSS
2012-05-28 15:51:21 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2012-05-28 15:51:21 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2012-05-28 15:51:16 809496 ----a-r- C:\Windows\SysWow64\tmp68E3.tmp
2012-05-28 02:14:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-27 20:33:23 -------- d-----w- C:\Program Files\UlisesSoft
2012-05-27 20:29:12 -------- d-----w- C:\CRACK
2012-05-27 20:25:56 -------- d-----w- C:\Program Files\ESET
2012-05-27 20:21:29 184805 ----a-w- C:\ProgramData\1338149966.bdinstall.bin
2012-05-27 19:55:55 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-05-27 19:55:38 -------- d-----w- C:\Users\Ägaren\SystemRequirementsLab
2012-05-26 19:09:10 -------- d-----w- C:\Windows\SysWow64\xlive
2012-05-26 19:09:10 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-26 16:39:24 -------- d-----w- C:\ProgramData\Codemasters
2012-05-26 16:35:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-26 16:35:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-26 16:35:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-26 16:35:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-26 16:35:51 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-05-26 15:55:33 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2012-05-26 13:38:56 -------- d-----w- C:\Program Files (x86)\GIGA
2012-05-25 18:17:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\FlashGet
2012-05-25 18:17:01 -------- d-----w- C:\Program Files (x86)\FlashGet
2012-05-24 14:58:24 -------- d-----w- C:\KISS
2012-05-24 14:20:52 23816 ------w- C:\Windows\System32\drivers\cpuz135_x64.sys
2012-05-24 14:20:51 -------- d-----w- C:\Program Files\CPUID
2012-05-24 11:42:53 -------- d-----w- C:\Program Files\Speccy
2012-05-23 11:58:41 283200 ------w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-23 11:58:38 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-05-23 11:57:22 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\DAEMON Tools Lite
2012-05-23 11:57:02 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-05-22 19:16:42 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-22 19:15:46 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-22 19:15:45 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-22 19:12:36 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-22 15:14:01 -------- d-----w- C:\Program Files (x86)\NeoDownloader1
2012-05-22 15:04:30 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\NeoDownloader
2012-05-22 15:04:30 -------- d-----w- C:\Program Files (x86)\NeoDownloader
2012-05-21 19:27:08 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Notepad++
2012-05-20 14:41:51 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\OpenOffice.org
2012-05-20 14:41:11 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-05-20 09:55:59 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\NVIDIA
2012-05-20 09:53:20 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-20 09:50:16 -------- d-----w- C:\ProgramData\EA Logs
2012-05-20 09:50:16 -------- d-----w- C:\ProgramData\EA Core
2012-05-20 09:37:42 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\.minecraft
2012-05-19 16:30:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Unity
2012-05-18 21:51:29 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-18 21:51:29 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-18 21:51:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-18 21:51:12 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-05-18 21:51:12 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-05-18 21:51:12 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-05-18 21:51:12 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-05-18 21:51:11 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-05-18 21:51:11 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-05-18 19:55:37 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-05-18 19:55:36 -------- d-----w- C:\ProgramData\Origin
2012-05-18 19:54:35 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Origin
2012-05-18 19:54:35 -------- d-----w- C:\ProgramData\Electronic Arts
2012-05-18 19:54:32 -------- d-----w- C:\Program Files (x86)\Origin
2012-05-17 21:22:01 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-05-17 21:04:18 -------- d-----w- C:\ProgramData\Battle.net
2012-05-17 19:47:49 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-05-16 15:19:48 203746 ----a-w- C:\ProgramData\1337181385.bdinstall.bin
2012-05-16 15:19:06 -------- d-----w- C:\ProgramData\BDLogging
2012-05-16 15:18:02 -------- d-----w- C:\Program Files\Bitdefender
2012-05-16 15:16:38 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\QuickScan
2012-05-16 15:16:10 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-05-16 15:14:28 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\WinRAR
2012-05-16 13:10:20 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\vlc
2012-05-16 11:16:10 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\BitTorrent
2012-05-15 21:27:23 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Media Player Classic
2012-05-15 20:52:34 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-05-15 20:50:19 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-05-15 20:50:14 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-05-15 20:08:21 -------- d-----w- C:\Program Files (x86)\VPNCheck
2012-05-15 20:00:49 -------- d-----w- C:\Program Files (x86)\OpenVPN
2012-05-15 19:18:24 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Mozilla
2012-05-15 19:09:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-05-15 19:09:41 50688 ----a-w- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
2012-05-15 19:02:56 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-05-15 18:48:27 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 18:48:27 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 18:48:27 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 18:48:27 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 18:48:27 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 18:48:27 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 18:46:37 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-05-15 18:46:36 949056 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-05-15 18:46:36 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-05-15 18:46:36 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-05-15 18:46:34 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-05-15 18:44:56 -------- d-----w- C:\NVIDIA
2012-05-15 18:43:10 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-15 18:43:07 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-15 18:18:32 -------- d-----w- C:\Program Files\SystemRequirementsLab
2012-05-15 18:13:32 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\TeraCopy
2012-05-15 14:56:55 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-05-15 14:54:17 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Macromedia
2012-05-15 14:54:17 -------- d-----w- C:\Users\Ägaren\AppData\Roaming\Adobe
2012-05-15 14:54:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 14:54:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 14:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-05-15 14:47:56 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2012-05-15 14:47:56 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2012-05-15 14:45:14 -------- d--h--w- C:\Windows\msdownld.tmp
2012-05-15 14:44:38 -------- d-----w- C:\Windows\SysWow64\directx
2012-05-15 14:07:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-15 14:07:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-15 13:46:06 -------- d-----w- C:\Windows\System32\SPReview
2012-05-15 13:46:01 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-15 13:42:59 957440 ----a-w- C:\Windows\System32\mblctr.exe
2012-05-15 13:41:14 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-15 13:41:14 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-15 13:41:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-15 13:24:17 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-15 13:24:17 -------- d-----w- C:\Windows\System32\Wat
2012-05-15 12:57:11 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-05-15 12:48:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-15 12:48:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-15 12:48:00 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-15 12:48:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-15 12:48:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-15 12:48:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-15 12:48:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-15 12:44:55 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-05-15 12:38:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-05-15 12:38:05 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-05-15 12:31:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-05-15 12:31:21 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-05-15 12:31:21 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-15 12:30:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-15 12:30:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-15 12:30:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-15 12:30:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-15 12:30:33 20992 ------w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-05-15 12:30:33 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2012-05-15 12:30:33 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-05-15 12:30:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-15 11:41:11 -------- d-----w- C:\Windows\Panther
2012-05-15 11:18:19 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 11:15:20 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-05-15 11:14:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-05-15 11:14:04 539240 ------w- C:\Windows\System32\drivers\Rt64win7.sys
2012-05-15 11:14:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-15 11:11:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-05-15 11:11:59 69715 ------w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-05-15 11:11:59 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-05-15 11:11:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-15 11:11:59 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-15 11:11:59 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-05-15 11:11:59 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-05-15 11:11:58 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-05-15 11:11:58 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-05-15 11:11:52 16896 ----a-w- C:\Windows\AsTaskSched.dll
2012-05-15 11:11:11 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-05-15 11:10:58 -------- d-----w- C:\Intel
2012-05-15 11:10:36 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2012-05-15 11:08:52 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2012-05-15 11:08:48 -------- d-sh--w- C:\Windows\Installer
2012-05-15 00:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-13 17:40:06 -------- d-----w- C:\Program Files\TeraCopy
.
==================== Find3M ====================
.
2012-05-15 13:55:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-15 13:55:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-15 10:48:00 818496 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 0:58:12,34 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-05-15 12:57:09
System Uptime: 2012-06-03 00:02:30 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8H67
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 478 GiB total, 352,498 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
X: is FIXED (NTFS) - 453 GiB total, 61,277 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_045E&PID_0291\6&DF2EE03&0&6
Manufacturer:
Name:
PNP Device ID: USB\VID_045E&PID_0291\6&DF2EE03&0&6
Service:
.
==== System Restore Points ===================
.
RP34: 2012-05-29 13:54:59 - Microsoft Visual C++ 2005 Redistributable installerades
RP35: 2012-05-29 13:56:36 - DirectX har installerats
RP36: 2012-05-29 14:33:51 - DirectX har installerats
RP37: 2012-06-01 14:57:15 - Windows Update
RP38: 2012-06-02 18:39:36 - Installed Max Payne 3
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Svenska
Adobe Shockwave Player 11.6
Asmedia ASM104x USB 3.0 Host Controller Driver
Battlefield 3™
Battlelog Web Plugins
Bing Bar
BitTorrent
Counter-Strike: Global Offensive Beta
DAEMON Tools Lite
Dead Rising 2
Diablo III
DiRT 3
DiRT Showdown
DNS Leak Fix for OpenVPN version 1.2
Dota 2
ESN Sonar
FlashGet 1.9.6.1073
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
K-Lite Codec Pack 8.7.0 (Full)
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne 3
Microsoft AppLocale
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MOTORM4X
Mozilla Firefox 12.0 (x86 sv-SE)
Mozilla Maintenance Service
MSI Afterburner 2.2.1
NeoDownloader 2.9.1
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Off-Road Drive
OpenAL
OpenOffice.org 3.4
OpenVPN 2.2.1
Origin
Picasa 3
PunkBuster Services
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rigs of Rods 0.38.67
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Ship Simulator Extremes
swMSM
System Requirements Lab CYRI
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
VPNCheck 1.5
.
==== End Of File ===========================
 
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Databasversion: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge med nätverk)
Internet Explorer 9.0.8112.16421
Ägaren :: ÄGAREN-DATOR [administratör]

Skydd: Inaktiverad

2012-06-03 01:33:59
mbam-log-2012-06-03 (01-33-59).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 631213
Förfluten tid: 1 timme(ar), 51 minut(er), 38 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 2
C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner) -> Ta bort vid nästa datorstart.
C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.

(klar)
 
MBAM scan logs from earlier yesterday.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Databasversion: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ägaren :: ÄGAREN-DATOR [administratör]

Skydd: Aktiverad

2012-06-02 19:39:47
mbam-log-2012-06-02 (19-39-47).txt

Skanningstyp: Blixtskanning
Aktiverade skanningsalternativ: Minne | Start | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: Register | Filsystem | P2P
Antal skannade objekt: 206885
Förfluten tid: 22 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 1
C:\Users\Chrilles\AppData\Roaming\dclogs (Stolen.Data) -> Sattes I karantän och togs bort.

Upptäckta filer: 2
C:\Users\Chrilles\AppData\Roaming\dclogs\2012-03-25-1.dc (Stolen.Data) -> Sattes I karantän och togs bort.
C:\Users\Chrilles\AppData\Local\Temp\Soundfx .exe (Backdoor.Agent) -> Sattes I karantän och togs bort.

(klar)

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Databasversion: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge med nätverk)
Internet Explorer 9.0.8112.16421
Ägaren :: ÄGAREN-DATOR [administratör]

Skydd: Inaktiverad

2012-06-02 23:10:23
mbam-log-2012-06-02 (23-10-23).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 468788
Förfluten tid: 36 minut(er), 32 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer:
C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ (Trojan.BitMiner) -> Ta bort vid nästa datorstart.
C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.

(klar)
 
Scanned with aswMBR and this came up.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 14:43:53
-----------------------------
14:43:53.201 OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:53.201 Number of processors: 4 586 0x2A07
14:43:53.201 ComputerName: ÄGAREN-DATOR UserName: Ägaren
14:43:53.887 Initialize success
14:43:58.224 AVAST engine defs: 12060300
14:44:16.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
14:44:16.694 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953868MB BusType: 3
14:44:16.694 Disk 0 MBR read successfully
14:44:16.694 Disk 0 MBR scan
14:44:16.694 Disk 0 Windows 7 default MBR code
14:44:16.710 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:44:16.710 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 489525 MB offset 206848
14:44:16.726 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464240 MB offset 1002754048
14:44:16.757 Disk 0 scanning C:\Windows\system32\drivers
14:44:21.998 Service scanning
14:44:33.527 Modules scanning
14:44:33.527 Disk 0 trace - called modules:
14:44:33.527 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:44:33.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800776e060]
14:44:33.527 3 CLASSPNP.SYS[fffff880021b343f] -> nt!IofCallDriver -> [0xfffffa800668be40]
14:44:33.527 5 ACPI.sys[fffff88000ecf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0xfffffa80074b2060]
14:44:34.868 AVAST engine scan C:\
15:23:10.479 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:23:16.953 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:29:59.574 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\L\00000008.@ **INFECTED** Win32:Trojan-gen
15:30:00.074 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000000.@ **INFECTED** Win32:Malware-gen
15:30:00.183 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
15:30:00.308 File: C:\Windows\Installer\{6ccbf812-07b7-4726-bef0-b612a153384e}\U\80000064.@ **INFECTED** Win32:Malware-gen
16:16:34.105 Scan finished successfully
16:20:55.843 Disk 0 MBR has been saved successfully to "C:\Users\Ägaren\Documents\MBR.dat"
16:20:55.846 The log file has been saved successfully to "C:\Users\Ägaren\Documents\aswMBR.txt"


I couldn't press fix or anything, but just some info.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I cant get Combofix to run, it looks like its installing but it only creates a folder by the name "32788R22FWJFW" which contains shortcuts to my drives or something like that. I tried rkill and in safe mode but still wont work.
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Did you mean that or the text in bootkit_remover_debug_log.txt?
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
18:58:54.0411 1312 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:58:54.0756 1312 ============================================================
18:58:54.0756 1312 Current date / time: 2012/06/03 18:58:54.0756
18:58:54.0756 1312 SystemInfo:
18:58:54.0756 1312
18:58:54.0756 1312 OS Version: 6.1.7601 ServicePack: 1.0
18:58:54.0756 1312 Product type: Workstation
18:58:54.0756 1312 ComputerName: ÄGAREN-DATOR
18:58:54.0756 1312 UserName: Ägaren
18:58:54.0756 1312 Windows directory: C:\Windows
18:58:54.0756 1312 System windows directory: C:\Windows
18:58:54.0756 1312 Running under WOW64
18:58:54.0756 1312 Processor architecture: Intel x64
18:58:54.0756 1312 Number of processors: 4
18:58:54.0756 1312 Page size: 0x1000
18:58:54.0756 1312 Boot type: Safe boot with network
18:58:54.0756 1312 ============================================================
18:58:55.0624 1312 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:55.0626 1312 ============================================================
18:58:55.0626 1312 \Device\Harddisk0\DR0:
18:58:55.0626 1312 MBR partitions:
18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BC1A800
18:58:55.0626 1312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3BC4D000, BlocksNum 0x38AB8000
18:58:55.0626 1312 ============================================================
18:58:55.0639 1312 C: <-> \Device\Harddisk0\DR0\Partition1
18:58:55.0667 1312 X: <-> \Device\Harddisk0\DR0\Partition2
18:58:55.0667 1312 ============================================================
18:58:55.0667 1312 Initialize success
18:58:55.0667 1312 ============================================================
18:59:12.0595 1544 ============================================================
18:59:12.0595 1544 Scan started
18:59:12.0595 1544 Mode: Manual;
18:59:12.0595 1544 ============================================================
18:59:13.0234 1544 1052426drv - ok
18:59:13.0268 1544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:59:13.0270 1544 1394ohci - ok
18:59:13.0331 1544 39377219 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\39377219.sys
18:59:13.0335 1544 39377219 - ok
18:59:13.0381 1544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:59:13.0384 1544 ACPI - ok
18:59:13.0395 1544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:59:13.0396 1544 AcpiPmi - ok
18:59:13.0496 1544 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:13.0498 1544 AdobeARMservice - ok
18:59:13.0582 1544 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:13.0584 1544 AdobeFlashPlayerUpdateSvc - ok
18:59:13.0650 1544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:13.0654 1544 adp94xx - ok
18:59:13.0689 1544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:59:13.0692 1544 adpahci - ok
18:59:13.0700 1544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:59:13.0702 1544 adpu320 - ok
18:59:13.0712 1544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:59:13.0713 1544 AeLookupSvc - ok
18:59:13.0790 1544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:59:13.0794 1544 AFD - ok
18:59:13.0826 1544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:59:13.0827 1544 agp440 - ok
18:59:13.0833 1544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:59:13.0835 1544 ALG - ok
18:59:13.0844 1544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:59:13.0845 1544 aliide - ok
18:59:13.0853 1544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:59:13.0854 1544 amdide - ok
18:59:13.0870 1544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:59:13.0871 1544 AmdK8 - ok
18:59:13.0874 1544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:59:13.0875 1544 AmdPPM - ok
18:59:13.0899 1544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:59:13.0901 1544 amdsata - ok
18:59:13.0911 1544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:13.0913 1544 amdsbs - ok
18:59:13.0920 1544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:59:13.0920 1544 amdxata - ok
18:59:13.0955 1544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:59:13.0956 1544 AppID - ok
18:59:13.0958 1544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:59:13.0958 1544 AppIDSvc - ok
18:59:13.0983 1544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:59:13.0984 1544 Appinfo - ok
18:59:14.0019 1544 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:59:14.0021 1544 AppMgmt - ok
18:59:14.0032 1544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:59:14.0034 1544 arc - ok
18:59:14.0044 1544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:59:14.0045 1544 arcsas - ok
18:59:14.0067 1544 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
18:59:14.0068 1544 asmthub3 - ok
18:59:14.0088 1544 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
18:59:14.0090 1544 asmtxhci - ok
18:59:14.0105 1544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:14.0105 1544 AsyncMac - ok
18:59:14.0124 1544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:59:14.0125 1544 atapi - ok
18:59:14.0176 1544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:59:14.0182 1544 AudioEndpointBuilder - ok
18:59:14.0185 1544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:59:14.0188 1544 AudioSrv - ok
18:59:14.0221 1544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:59:14.0223 1544 AxInstSV - ok
18:59:14.0448 1544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:59:14.0452 1544 b06bdrv - ok
18:59:14.0477 1544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:59:14.0480 1544 b57nd60a - ok
18:59:14.0555 1544 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:59:14.0558 1544 BBSvc - ok
18:59:14.0587 1544 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:59:14.0589 1544 BBUpdate - ok
18:59:14.0606 1544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:59:14.0607 1544 BDESVC - ok
18:59:14.0623 1544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:59:14.0623 1544 Beep - ok
18:59:14.0701 1544 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:59:14.0709 1544 BITS - ok
18:59:14.0721 1544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:14.0722 1544 blbdrive - ok
18:59:14.0736 1544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:59:14.0737 1544 bowser - ok
18:59:14.0739 1544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:14.0739 1544 BrFiltLo - ok
18:59:14.0741 1544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:14.0741 1544 BrFiltUp - ok
18:59:14.0748 1544 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:59:14.0749 1544 BridgeMP - ok
18:59:14.0777 1544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:59:14.0779 1544 Browser - ok
18:59:14.0789 1544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:59:14.0792 1544 Brserid - ok
18:59:14.0795 1544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:14.0795 1544 BrSerWdm - ok
18:59:14.0797 1544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:14.0798 1544 BrUsbMdm - ok
18:59:14.0799 1544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:14.0800 1544 BrUsbSer - ok
18:59:14.0803 1544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:14.0803 1544 BTHMODEM - ok
18:59:14.0808 1544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:59:14.0809 1544 bthserv - ok
18:59:14.0818 1544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:59:14.0819 1544 cdfs - ok
18:59:14.0838 1544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:59:14.0840 1544 cdrom - ok
18:59:14.0861 1544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:59:14.0862 1544 CertPropSvc - ok
18:59:14.0879 1544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:59:14.0880 1544 circlass - ok
18:59:14.0899 1544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:59:14.0902 1544 CLFS - ok
18:59:14.0998 1544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:15.0002 1544 clr_optimization_v2.0.50727_32 - ok
18:59:15.0026 1544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:15.0028 1544 clr_optimization_v2.0.50727_64 - ok
18:59:15.0097 1544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:15.0132 1544 clr_optimization_v4.0.30319_32 - ok
18:59:15.0156 1544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:15.0159 1544 clr_optimization_v4.0.30319_64 - ok
18:59:15.0161 1544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:15.0161 1544 CmBatt - ok
18:59:15.0185 1544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:59:15.0186 1544 cmdide - ok
18:59:15.0218 1544 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:59:15.0222 1544 CNG - ok
18:59:15.0231 1544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:59:15.0232 1544 Compbatt - ok
18:59:15.0272 1544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:59:15.0272 1544 CompositeBus - ok
18:59:15.0282 1544 COMSysApp - ok
18:59:15.0293 1544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:15.0294 1544 crcdisk - ok
18:59:15.0322 1544 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:59:15.0324 1544 CryptSvc - ok
18:59:15.0359 1544 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:59:15.0364 1544 CSC - ok
18:59:15.0431 1544 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:59:15.0437 1544 CscService - ok
18:59:15.0477 1544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:59:15.0482 1544 DcomLaunch - ok
18:59:15.0508 1544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:59:15.0511 1544 defragsvc - ok
18:59:15.0564 1544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:59:15.0565 1544 DfsC - ok
18:59:15.0589 1544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:59:15.0592 1544 Dhcp - ok
18:59:15.0598 1544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:59:15.0599 1544 discache - ok
18:59:15.0609 1544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:59:15.0610 1544 Disk - ok
18:59:15.0633 1544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:59:15.0634 1544 Dnscache - ok
18:59:15.0668 1544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:59:15.0671 1544 dot3svc - ok
18:59:15.0683 1544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:59:15.0685 1544 DPS - ok
18:59:15.0709 1544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:59:15.0710 1544 drmkaud - ok
18:59:15.0753 1544 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:59:15.0754 1544 dtsoftbus01 - ok
18:59:15.0823 1544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:59:15.0918 1544 DXGKrnl - ok
18:59:15.0942 1544 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
18:59:15.0944 1544 eamonm - ok
18:59:15.0959 1544 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:59:15.0960 1544 EapHost - ok
18:59:16.0241 1544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:59:16.0300 1544 ebdrv - ok
18:59:16.0404 1544 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:59:16.0405 1544 EFS - ok
18:59:16.0426 1544 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
18:59:16.0427 1544 ehdrv - ok
18:59:16.0469 1544 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:59:16.0483 1544 ehRecvr - ok
18:59:16.0536 1544 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:59:16.0538 1544 ehSched - ok
18:59:16.0623 1544 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
18:59:16.0663 1544 ekrn - ok
18:59:16.0752 1544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:59:16.0757 1544 elxstor - ok
18:59:16.0770 1544 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:59:16.0771 1544 epfwwfpr - ok
18:59:16.0793 1544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:59:16.0793 1544 ErrDev - ok
18:59:16.0850 1544 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:59:16.0853 1544 EventSystem - ok
18:59:16.0879 1544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:59:16.0881 1544 exfat - ok
18:59:16.0900 1544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:59:16.0903 1544 fastfat - ok
18:59:16.0957 1544 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:59:16.0970 1544 Fax - ok
18:59:16.0972 1544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:59:16.0973 1544 fdc - ok
18:59:16.0984 1544 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:59:16.0985 1544 fdPHost - ok
18:59:16.0992 1544 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:59:16.0992 1544 FDResPub - ok
18:59:16.0996 1544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:59:16.0996 1544 FileInfo - ok
18:59:16.0998 1544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:59:16.0999 1544 Filetrace - ok
18:59:17.0001 1544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:17.0001 1544 flpydisk - ok
18:59:17.0032 1544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:59:17.0035 1544 FltMgr - ok
18:59:17.0091 1544 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:59:17.0105 1544 FontCache - ok
18:59:17.0191 1544 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:17.0192 1544 FontCache3.0.0.0 - ok
18:59:17.0205 1544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:59:17.0206 1544 FsDepends - ok
18:59:17.0227 1544 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:59:17.0228 1544 Fs_Rec - ok
18:59:17.0263 1544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:59:17.0265 1544 fvevol - ok
18:59:17.0290 1544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:17.0291 1544 gagp30kx - ok
18:59:17.0340 1544 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:59:17.0351 1544 gpsvc - ok
18:59:17.0410 1544 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:17.0412 1544 gusvc - ok
18:59:17.0429 1544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:59:17.0429 1544 hcw85cir - ok
18:59:17.0466 1544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:59:17.0469 1544 HdAudAddService - ok
18:59:17.0510 1544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:59:17.0511 1544 HDAudBus - ok
18:59:17.0520 1544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:17.0521 1544 HidBatt - ok
18:59:17.0535 1544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:59:17.0537 1544 HidBth - ok
18:59:17.0539 1544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:59:17.0540 1544 HidIr - ok
18:59:17.0563 1544 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:59:17.0563 1544 hidserv - ok
18:59:17.0580 1544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:59:17.0580 1544 HidUsb - ok
18:59:17.0604 1544 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:59:17.0605 1544 hkmsvc - ok
18:59:17.0638 1544 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:59:17.0640 1544 HomeGroupListener - ok
18:59:17.0652 1544 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:59:17.0654 1544 HomeGroupProvider - ok
18:59:17.0679 1544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:59:17.0680 1544 HpSAMD - ok
18:59:17.0728 1544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:59:17.0740 1544 HTTP - ok
18:59:17.0751 1544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:59:17.0752 1544 hwpolicy - ok
18:59:17.0778 1544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:59:17.0779 1544 i8042prt - ok
18:59:17.0803 1544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:59:17.0807 1544 iaStorV - ok
18:59:17.0894 1544 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:17.0914 1544 idsvc - ok
18:59:17.0928 1544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:59:17.0929 1544 iirsp - ok
18:59:17.0980 1544 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:59:17.0990 1544 IKEEXT - ok
18:59:18.0140 1544 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
18:59:18.0190 1544 IntcAzAudAddService - ok
18:59:18.0297 1544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:59:18.0298 1544 intelide - ok
18:59:18.0321 1544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:59:18.0322 1544 intelppm - ok
18:59:18.0343 1544 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:59:18.0344 1544 IPBusEnum - ok
18:59:18.0365 1544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:18.0367 1544 IpFilterDriver - ok
18:59:18.0455 1544 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:59:18.0460 1544 iphlpsvc - ok
18:59:18.0492 1544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:59:18.0493 1544 IPMIDRV - ok
18:59:18.0512 1544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:59:18.0514 1544 IPNAT - ok
18:59:18.0518 1544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:59:18.0519 1544 IRENUM - ok
18:59:18.0523 1544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:59:18.0524 1544 isapnp - ok
18:59:18.0556 1544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:59:18.0559 1544 iScsiPrt - ok
18:59:18.0572 1544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:18.0572 1544 kbdclass - ok
18:59:18.0583 1544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:18.0583 1544 kbdhid - ok
18:59:18.0604 1544 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:18.0605 1544 KeyIso - ok
18:59:18.0618 1544 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:59:18.0619 1544 KSecDD - ok
18:59:18.0635 1544 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:59:18.0636 1544 KSecPkg - ok
18:59:18.0650 1544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:59:18.0651 1544 ksthunk - ok
18:59:18.0702 1544 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:59:18.0706 1544 KtmRm - ok
18:59:18.0740 1544 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:59:18.0743 1544 LanmanServer - ok
18:59:18.0766 1544 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:59:18.0768 1544 LanmanWorkstation - ok
18:59:18.0796 1544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:59:18.0797 1544 lltdio - ok
18:59:18.0818 1544 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:59:18.0822 1544 lltdsvc - ok
18:59:18.0830 1544 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:59:18.0831 1544 lmhosts - ok
18:59:18.0847 1544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:18.0848 1544 LSI_FC - ok
18:59:18.0852 1544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:18.0854 1544 LSI_SAS - ok
18:59:18.0870 1544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:18.0872 1544 LSI_SAS2 - ok
18:59:18.0876 1544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:18.0878 1544 LSI_SCSI - ok
18:59:18.0900 1544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:59:18.0902 1544 luafv - ok
18:59:18.0925 1544 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:59:18.0926 1544 MBAMProtector - ok
18:59:19.0068 1544 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:19.0082 1544 MBAMService - ok
18:59:19.0115 1544 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:59:19.0117 1544 Mcx2Svc - ok
18:59:19.0119 1544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:59:19.0120 1544 megasas - ok
18:59:19.0130 1544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:19.0133 1544 MegaSR - ok
18:59:19.0147 1544 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:19.0148 1544 MMCSS - ok
18:59:19.0167 1544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:59:19.0168 1544 Modem - ok
18:59:19.0196 1544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:59:19.0197 1544 monitor - ok
18:59:19.0215 1544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:59:19.0216 1544 mouclass - ok
18:59:19.0254 1544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:59:19.0255 1544 mouhid - ok
18:59:19.0285 1544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:59:19.0286 1544 mountmgr - ok
18:59:19.0314 1544 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:59:19.0315 1544 MozillaMaintenance - ok
18:59:19.0339 1544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:59:19.0341 1544 mpio - ok
18:59:19.0344 1544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:59:19.0346 1544 mpsdrv - ok
18:59:19.0364 1544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:59:19.0366 1544 MRxDAV - ok
18:59:19.0393 1544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:19.0395 1544 mrxsmb - ok
18:59:19.0421 1544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:19.0424 1544 mrxsmb10 - ok
18:59:19.0452 1544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:19.0453 1544 mrxsmb20 - ok
18:59:19.0466 1544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:59:19.0466 1544 msahci - ok
18:59:19.0477 1544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:59:19.0478 1544 msdsm - ok
18:59:19.0503 1544 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:59:19.0505 1544 MSDTC - ok
18:59:19.0516 1544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:59:19.0516 1544 Msfs - ok
18:59:19.0525 1544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:59:19.0526 1544 mshidkmdf - ok
18:59:19.0532 1544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:59:19.0533 1544 msisadrv - ok
18:59:19.0571 1544 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:59:19.0573 1544 MSiSCSI - ok
18:59:19.0574 1544 msiserver - ok
18:59:19.0593 1544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:59:19.0594 1544 MSKSSRV - ok
18:59:19.0608 1544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:19.0608 1544 MSPCLOCK - ok
18:59:19.0612 1544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:59:19.0613 1544 MSPQM - ok
18:59:19.0641 1544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:59:19.0644 1544 MsRPC - ok
18:59:19.0660 1544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:59:19.0660 1544 mssmbios - ok
18:59:19.0670 1544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:59:19.0671 1544 MSTEE - ok
18:59:19.0712 1544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:19.0713 1544 MTConfig - ok
18:59:19.0906 1544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:59:19.0952 1544 Mup - ok
 
18:59:20.0000 1544 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:59:20.0005 1544 napagent - ok
18:59:20.0037 1544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:59:20.0040 1544 NativeWifiP - ok
18:59:20.0080 1544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:59:20.0099 1544 NDIS - ok
18:59:20.0133 1544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:20.0134 1544 NdisCap - ok
18:59:20.0152 1544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:20.0152 1544 NdisTapi - ok
18:59:20.0175 1544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:20.0176 1544 Ndisuio - ok
18:59:20.0201 1544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:20.0203 1544 NdisWan - ok
18:59:20.0224 1544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:59:20.0225 1544 NDProxy - ok
18:59:20.0227 1544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:59:20.0228 1544 NetBIOS - ok
18:59:20.0250 1544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:59:20.0252 1544 NetBT - ok
18:59:20.0271 1544 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:20.0271 1544 Netlogon - ok
18:59:20.0311 1544 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:59:20.0333 1544 Netman - ok
18:59:20.0378 1544 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:59:20.0383 1544 netprofm - ok
18:59:20.0502 1544 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:20.0504 1544 NetTcpPortSharing - ok
18:59:20.0514 1544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:20.0515 1544 nfrd960 - ok
18:59:20.0544 1544 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:59:20.0547 1544 NlaSvc - ok
18:59:20.0550 1544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:59:20.0551 1544 Npfs - ok
18:59:20.0557 1544 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:59:20.0558 1544 nsi - ok
18:59:20.0568 1544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:59:20.0569 1544 nsiproxy - ok
18:59:20.0645 1544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:59:20.0693 1544 Ntfs - ok
18:59:20.0783 1544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:59:20.0783 1544 Null - ok
18:59:20.0827 1544 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
18:59:20.0829 1544 NVHDA - ok
18:59:21.0403 1544 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:59:21.0555 1544 nvlddmkm - ok
18:59:21.0609 1544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:59:21.0611 1544 nvraid - ok
18:59:21.0637 1544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:59:21.0639 1544 nvstor - ok
18:59:21.0707 1544 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
18:59:21.0727 1544 nvsvc - ok
18:59:21.0836 1544 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:59:21.0858 1544 nvUpdatusService - ok
18:59:21.0895 1544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:59:21.0897 1544 nv_agp - ok
18:59:21.0920 1544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:59:21.0921 1544 ohci1394 - ok
18:59:22.0003 1544 OpenVPNService (d29d5e61a5722630bb58940d1e4e231a) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
18:59:22.0003 1544 OpenVPNService - ok
18:59:22.0050 1544 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:22.0053 1544 p2pimsvc - ok
18:59:22.0082 1544 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:59:22.0087 1544 p2psvc - ok
18:59:22.0117 1544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:59:22.0118 1544 Parport - ok
18:59:22.0141 1544 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:59:22.0142 1544 partmgr - ok
18:59:22.0156 1544 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:59:22.0158 1544 PcaSvc - ok
18:59:22.0172 1544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:59:22.0174 1544 pci - ok
18:59:22.0183 1544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:59:22.0184 1544 pciide - ok
18:59:22.0192 1544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:22.0194 1544 pcmcia - ok
18:59:22.0207 1544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:59:22.0208 1544 pcw - ok
18:59:22.0238 1544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:59:22.0253 1544 PEAUTH - ok
18:59:22.0326 1544 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:59:22.0358 1544 PeerDistSvc - ok
18:59:22.0462 1544 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:59:22.0463 1544 PerfHost - ok
18:59:22.0616 1544 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
18:59:22.0617 1544 PEVSystemStart - ok
18:59:22.0730 1544 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:59:22.0742 1544 pla - ok
18:59:22.0810 1544 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:59:22.0814 1544 PlugPlay - ok
18:59:22.0832 1544 PnkBstrA - ok
18:59:22.0845 1544 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:59:22.0846 1544 PNRPAutoReg - ok
18:59:22.0872 1544 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:22.0874 1544 PNRPsvc - ok
18:59:22.0904 1544 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:59:22.0908 1544 PolicyAgent - ok
18:59:22.0931 1544 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:59:22.0932 1544 Power - ok
18:59:22.0973 1544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:59:22.0974 1544 PptpMiniport - ok
18:59:22.0991 1544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:59:22.0991 1544 Processor - ok
18:59:23.0015 1544 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:59:23.0017 1544 ProfSvc - ok
18:59:23.0037 1544 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:23.0038 1544 ProtectedStorage - ok
18:59:23.0070 1544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:59:23.0071 1544 Psched - ok
18:59:23.0156 1544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:59:23.0194 1544 ql2300 - ok
18:59:23.0333 1544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:23.0334 1544 ql40xx - ok
18:59:23.0343 1544 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:59:23.0345 1544 QWAVE - ok
18:59:23.0348 1544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:59:23.0349 1544 QWAVEdrv - ok
18:59:23.0358 1544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:59:23.0359 1544 RasAcd - ok
18:59:23.0374 1544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:23.0374 1544 RasAgileVpn - ok
18:59:23.0391 1544 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:59:23.0393 1544 RasAuto - ok
18:59:23.0403 1544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:23.0405 1544 Rasl2tp - ok
18:59:23.0430 1544 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:59:23.0434 1544 RasMan - ok
18:59:23.0439 1544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:23.0440 1544 RasPppoe - ok
18:59:23.0444 1544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:59:23.0445 1544 RasSstp - ok
18:59:23.0471 1544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:59:23.0474 1544 rdbss - ok
18:59:23.0487 1544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:23.0487 1544 rdpbus - ok
18:59:23.0494 1544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:23.0495 1544 RDPCDD - ok
18:59:23.0515 1544 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:59:23.0517 1544 RDPDR - ok
18:59:23.0533 1544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:59:23.0533 1544 RDPENCDD - ok
18:59:23.0544 1544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:59:23.0545 1544 RDPREFMP - ok
18:59:23.0590 1544 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:59:23.0591 1544 RdpVideoMiniport - ok
18:59:23.0612 1544 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:59:23.0614 1544 RDPWD - ok
18:59:23.0637 1544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:59:23.0639 1544 rdyboost - ok
18:59:23.0664 1544 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:59:23.0665 1544 RemoteAccess - ok
18:59:23.0677 1544 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:59:23.0680 1544 RemoteRegistry - ok
18:59:23.0685 1544 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:59:23.0686 1544 RpcEptMapper - ok
18:59:23.0704 1544 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:59:23.0705 1544 RpcLocator - ok
18:59:23.0733 1544 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:59:23.0736 1544 RpcSs - ok
18:59:23.0747 1544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:59:23.0748 1544 rspndr - ok
18:59:23.0788 1544 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:59:23.0790 1544 RTL8167 - ok
18:59:23.0812 1544 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:59:23.0813 1544 s3cap - ok
18:59:23.0837 1544 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:23.0838 1544 SamSs - ok
18:59:23.0855 1544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:59:23.0856 1544 sbp2port - ok
18:59:23.0987 1544 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:59:24.0046 1544 SBSDWSCService - ok
18:59:24.0092 1544 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:59:24.0095 1544 SCardSvr - ok
18:59:24.0148 1544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:59:24.0149 1544 scfilter - ok
18:59:24.0193 1544 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:59:24.0230 1544 Schedule - ok
18:59:24.0250 1544 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:59:24.0251 1544 SCPolicySvc - ok
18:59:24.0270 1544 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:59:24.0272 1544 SDRSVC - ok
18:59:24.0286 1544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:59:24.0287 1544 secdrv - ok
18:59:24.0320 1544 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:59:24.0321 1544 seclogon - ok
18:59:24.0336 1544 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:59:24.0337 1544 SENS - ok
18:59:24.0351 1544 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:59:24.0352 1544 SensrSvc - ok
18:59:24.0362 1544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:59:24.0363 1544 Serenum - ok
18:59:24.0373 1544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:59:24.0374 1544 Serial - ok
18:59:24.0397 1544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:59:24.0398 1544 sermouse - ok
18:59:24.0420 1544 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:59:24.0422 1544 SessionEnv - ok
18:59:24.0442 1544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:59:24.0443 1544 sffdisk - ok
18:59:24.0452 1544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:59:24.0453 1544 sffp_mmc - ok
18:59:24.0455 1544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:59:24.0455 1544 sffp_sd - ok
18:59:24.0462 1544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:24.0463 1544 sfloppy - ok
18:59:24.0496 1544 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:59:24.0500 1544 ShellHWDetection - ok
18:59:24.0515 1544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:24.0515 1544 SiSRaid2 - ok
18:59:24.0534 1544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:24.0535 1544 SiSRaid4 - ok
18:59:24.0539 1544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:59:24.0540 1544 Smb - ok
18:59:24.0548 1544 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:59:24.0549 1544 SNMPTRAP - ok
18:59:24.0557 1544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:59:24.0558 1544 spldr - ok
18:59:24.0582 1544 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:59:24.0588 1544 Spooler - ok
18:59:24.0766 1544 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:59:24.0805 1544 sppsvc - ok
18:59:24.0884 1544 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:59:24.0906 1544 sppuinotify - ok
18:59:25.0110 1544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:59:25.0115 1544 srv - ok
18:59:25.0144 1544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:59:25.0147 1544 srv2 - ok
18:59:25.0167 1544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:59:25.0169 1544 srvnet - ok
18:59:25.0198 1544 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:59:25.0201 1544 SSDPSRV - ok
18:59:25.0205 1544 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:59:25.0206 1544 SstpSvc - ok
18:59:25.0257 1544 Steam Client Service - ok
18:59:25.0365 1544 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:59:25.0369 1544 Stereo Service - ok
18:59:25.0390 1544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:59:25.0390 1544 stexstor - ok
18:59:25.0428 1544 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:59:25.0445 1544 stisvc - ok
18:59:25.0463 1544 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:59:25.0464 1544 storflt - ok
18:59:25.0472 1544 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:59:25.0473 1544 storvsc - ok
18:59:25.0497 1544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:59:25.0498 1544 swenum - ok
18:59:25.0515 1544 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:59:25.0520 1544 swprv - ok
18:59:25.0521 1544 Synth3dVsc - ok
18:59:25.0603 1544 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:59:25.0626 1544 SysMain - ok
18:59:25.0726 1544 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:59:25.0728 1544 TabletInputService - ok
18:59:25.0775 1544 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
18:59:25.0776 1544 tap0901 - ok
18:59:25.0796 1544 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:59:25.0799 1544 TapiSrv - ok
18:59:25.0803 1544 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:59:25.0804 1544 TBS - ok
18:59:25.0890 1544 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:59:25.0908 1544 Tcpip - ok
18:59:26.0036 1544 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:59:26.0044 1544 TCPIP6 - ok
18:59:26.0114 1544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:59:26.0115 1544 tcpipreg - ok
18:59:26.0133 1544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:59:26.0133 1544 TDPIPE - ok
18:59:26.0147 1544 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:59:26.0148 1544 TDTCP - ok
18:59:26.0181 1544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:59:26.0182 1544 tdx - ok
18:59:26.0242 1544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:59:26.0242 1544 TermDD - ok
18:59:26.0283 1544 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:59:26.0297 1544 TermService - ok
18:59:26.0308 1544 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:59:26.0309 1544 Themes - ok
18:59:26.0337 1544 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:26.0337 1544 THREADORDER - ok
18:59:26.0351 1544 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:59:26.0353 1544 TrkWks - ok
18:59:26.0386 1544 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:59:26.0388 1544 TrustedInstaller - ok
18:59:26.0409 1544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:26.0410 1544 tssecsrv - ok
18:59:26.0433 1544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:59:26.0434 1544 TsUsbFlt - ok
18:59:26.0435 1544 tsusbhub - ok
18:59:26.0464 1544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:59:26.0465 1544 tunnel - ok
18:59:26.0475 1544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:59:26.0476 1544 uagp35 - ok
18:59:26.0493 1544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:59:26.0496 1544 udfs - ok
18:59:26.0521 1544 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:59:26.0522 1544 UI0Detect - ok
18:59:26.0539 1544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:59:26.0540 1544 uliagpkx - ok
18:59:26.0560 1544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:59:26.0560 1544 umbus - ok
18:59:26.0572 1544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:59:26.0573 1544 UmPass - ok
18:59:26.0595 1544 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:59:26.0598 1544 UmRdpService - ok
18:59:26.0621 1544 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:59:26.0624 1544 upnphost - ok
18:59:26.0642 1544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:26.0643 1544 usbccgp - ok
18:59:26.0677 1544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:59:26.0678 1544 usbcir - ok
18:59:26.0696 1544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:59:26.0697 1544 usbehci - ok
18:59:26.0723 1544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:59:26.0726 1544 usbhub - ok
18:59:26.0740 1544 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:59:26.0741 1544 usbohci - ok
18:59:26.0750 1544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:59:26.0751 1544 usbprint - ok
18:59:26.0766 1544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:26.0767 1544 USBSTOR - ok
18:59:26.0775 1544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:59:26.0776 1544 usbuhci - ok
18:59:26.0785 1544 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:59:26.0786 1544 UxSms - ok
18:59:26.0816 1544 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:26.0816 1544 VaultSvc - ok
18:59:26.0835 1544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:59:26.0836 1544 vdrvroot - ok
18:59:26.0862 1544 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:59:26.0867 1544 vds - ok
18:59:26.0870 1544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:26.0870 1544 vga - ok
18:59:26.0875 1544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:59:26.0876 1544 VgaSave - ok
18:59:26.0877 1544 VGPU - ok
18:59:26.0900 1544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:59:26.0903 1544 vhdmp - ok
18:59:26.0916 1544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:59:26.0917 1544 viaide - ok
18:59:26.0931 1544 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:59:26.0933 1544 vmbus - ok
18:59:26.0947 1544 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:59:26.0948 1544 VMBusHID - ok
18:59:26.0970 1544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:59:26.0971 1544 volmgr - ok
18:59:27.0027 1544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:59:27.0031 1544 volmgrx - ok
18:59:27.0058 1544 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
18:59:27.0061 1544 volsnap - ok
18:59:27.0084 1544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:27.0086 1544 vsmraid - ok
18:59:27.0225 1544 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:59:27.0239 1544 VSS - ok
18:59:27.0318 1544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:59:27.0319 1544 vwifibus - ok
18:59:27.0336 1544 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:59:27.0340 1544 W32Time - ok
18:59:27.0350 1544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:59:27.0351 1544 WacomPen - ok
18:59:27.0365 1544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:27.0366 1544 WANARP - ok
18:59:27.0368 1544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:27.0368 1544 Wanarpv6 - ok
18:59:27.0437 1544 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:27.0460 1544 WatAdminSvc - ok
18:59:27.0556 1544 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:59:27.0569 1544 wbengine - ok
18:59:27.0676 1544 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:59:27.0679 1544 WbioSrvc - ok
18:59:27.0708 1544 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:59:27.0712 1544 wcncsvc - ok
18:59:27.0723 1544 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:59:27.0724 1544 WcsPlugInService - ok
18:59:27.0730 1544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:59:27.0731 1544 Wd - ok
18:59:27.0761 1544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:59:27.0776 1544 Wdf01000 - ok
18:59:27.0791 1544 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:27.0793 1544 WdiServiceHost - ok
18:59:27.0794 1544 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:27.0795 1544 WdiSystemHost - ok
18:59:27.0858 1544 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:59:27.0861 1544 WebClient - ok
18:59:27.0891 1544 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:59:27.0894 1544 Wecsvc - ok
18:59:27.0898 1544 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:59:27.0900 1544 wercplsupport - ok
18:59:27.0913 1544 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:59:27.0915 1544 WerSvc - ok
18:59:27.0933 1544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:27.0934 1544 WfpLwf - ok
18:59:27.0950 1544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:59:27.0951 1544 WIMMount - ok
18:59:27.0982 1544 WinDefend - ok
18:59:27.0984 1544 WinHttpAutoProxySvc - ok
18:59:28.0067 1544 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:59:28.0070 1544 Winmgmt - ok
18:59:28.0155 1544 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:59:28.0205 1544 WinRM - ok
18:59:28.0346 1544 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:59:28.0371 1544 Wlansvc - ok
18:59:28.0407 1544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:59:28.0407 1544 WmiAcpi - ok
18:59:28.0428 1544 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:59:28.0430 1544 wmiApSrv - ok
18:59:28.0445 1544 WMPNetworkSvc - ok
18:59:28.0454 1544 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:59:28.0456 1544 WPCSvc - ok
18:59:28.0484 1544 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:59:28.0486 1544 WPDBusEnum - ok
18:59:28.0497 1544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:59:28.0498 1544 ws2ifsl - ok
18:59:28.0512 1544 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:59:28.0514 1544 wscsvc - ok
18:59:28.0515 1544 WSearch - ok
18:59:28.0612 1544 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:59:28.0640 1544 wuauserv - ok
18:59:28.0713 1544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:59:28.0714 1544 WudfPf - ok
18:59:28.0741 1544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:28.0743 1544 WUDFRd - ok
18:59:28.0764 1544 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:59:28.0765 1544 wudfsvc - ok
18:59:28.0781 1544 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:59:28.0784 1544 WwanSvc - ok
18:59:28.0791 1544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:59:29.0030 1544 \Device\Harddisk0\DR0 - ok
18:59:29.0032 1544 Boot (0x1200) (e6b30dd4a63db0c2bbcc6c8027627d97) \Device\Harddisk0\DR0\Partition0
18:59:29.0032 1544 \Device\Harddisk0\DR0\Partition0 - ok
18:59:29.0041 1544 Boot (0x1200) (c6c11e50ca31cfda8fd047beb0c25515) \Device\Harddisk0\DR0\Partition1
18:59:29.0042 1544 \Device\Harddisk0\DR0\Partition1 - ok
18:59:29.0065 1544 Boot (0x1200) (54043c7cc5d8c9051e618723e4a05bb8) \Device\Harddisk0\DR0\Partition2
18:59:29.0066 1544 \Device\Harddisk0\DR0\Partition2 - ok
18:59:29.0066 1544 ============================================================
18:59:29.0066 1544 Scan finished
18:59:29.0066 1544 ============================================================
18:59:29.0070 1896 Detected object count: 0
18:59:29.0070 1896 Actual detected object count: 0

Also, I am in safe mode at the moment, if it makes any difference.
 
Why are you in safe mode?

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Make sure your Combofix is located on your Desktop.
Go Start and in "Start search" type in:
cmd
Hold SHIFT and CTRL keys, press Enter.
Command prompt window will open.
Paste following command:

"%userprofile%\desktop\ComboFix.exe" /KillAll /nombr

Press Enter.
See if Combofix will run.
Try normal and safe mode.
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 2012-06-03 19:51:00 - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ägaren\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,98 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,27% Memory free
15,96 Gb Paging File | 14,18 Gb Available in Paging File | 88,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 478,05 Gb Total Space | 346,55 Gb Free Space | 72,49% Space Free | Partition Type: NTFS
Drive E: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 453,36 Gb Total Space | 60,05 Gb Free Space | 13,25% Space Free | Partition Type: NTFS

Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-03 19:49:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Downloads\OTL.exe
PRC - [2012-05-20 18:20:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-05-15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-04-17 17:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011-06-15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-15 21:34:34 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010-11-20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-09-22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010-11-20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-05-20 18:20:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-05-19 11:47:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-05-15 22:42:44 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-07-07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-07-01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011-06-26 08:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
SRV - [2011-06-15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-06-02 22:17:50 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\39377219.sys -- (39377219)
DRV:64bit: - [2012-05-23 13:58:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-04-18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-08-09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011-08-04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011-08-04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011-07-01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011-06-10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-06-02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-06-02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 1F 2E 1D A9 32 CD 01 [binary data]
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\..\SearchScopes\{FA8674F3-AF74-4640-B55E-3FBCE4393507}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ägaren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-05-27 22:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-15 21:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-05-27 22:26:12 | 000,000,000 | ---D | M]

[2012-05-15 21:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Extensions
[2012-05-23 07:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions
[2012-05-23 07:03:56 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012-05-20 10:24:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\r3cyqdc7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-05-15 21:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{BEE6EB20-01E0-EBD1-DA83-080329FB9A3A}
File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\ÄGAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3CYQDC7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:05:56 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-04-21 04:05:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-04-21 04:05:56 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-04-21 04:05:56 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-04-21 04:05:57 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-04-21 04:05:57 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2012-06-03 10:18:40 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15214 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1000..\Run: [VPNCheck] File not found
O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3856055600-2435477386-2425398921-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = File not found
O4 - Startup: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39377219.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDFEB4F4-C1D5-4A6A-8517-3EA096F8E806}: DhcpNameServer = 80.67.0.2 91.213.246.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFC1798-E68E-4286-B124-E67DE135FAAE}: NameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-01-05 21:30:20 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-06-03 18:37:31 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\your_name.exe
[2012-06-03 18:13:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-06-03 18:07:38 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\something.exe
[2012-06-03 18:04:03 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\ComboFix.exe
[2012-06-03 17:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012-06-03 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012-06-03 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012-06-03 14:49:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012-06-03 13:03:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Need for Speed World
[2012-06-03 12:48:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Electronic_Arts_Inc
[2012-06-03 11:45:50 | 004,535,659 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\Combo--Fix.exe
[2012-06-03 10:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-06-03 10:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-06-03 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012-06-03 01:04:22 | 004,534,467 | R--- | C] (Swearware) -- C:\Users\Ägaren\Desktop\Combo-Fix.exe
[2012-06-02 22:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-06-02 22:17:13 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\39377219.sys
[2012-06-02 19:35:11 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Malwarebytes
[2012-06-02 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-06-02 19:35:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-06-02 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-06-02 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-06-02 19:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012-06-02 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012-06-02 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Chromium
[2012-06-02 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012-06-02 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Rockstar Games
[2012-06-02 13:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
[2012-06-01 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\European Bus Simulator 2012
[2012-06-01 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\European Bus Simulator 2012
[2012-06-01 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012
[2012-05-30 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rigs of Rods 0.38.67
[2012-05-30 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Rigs of Rods 0.38
[2012-05-29 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Roaming
[2012-05-29 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Quest3D
[2012-05-29 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\ShipSimExtremes Userdata
[2012-05-29 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[2012-05-29 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012-05-29 13:59:03 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Motorm4x
[2012-05-29 13:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012-05-28 17:56:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012-05-28 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012-05-28 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\ESET
[2012-05-28 17:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012-05-28 17:51:21 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012-05-27 22:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\UlisesSoft
[2012-05-27 22:29:12 | 000,000,000 | ---D | C] -- C:\CRACK
[2012-05-27 22:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012-05-27 22:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012-05-27 22:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-27 21:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012-05-27 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\SystemRequirementsLab
[2012-05-26 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012-05-26 21:09:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012-05-26 21:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\My Games
[2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\FLT
[2012-05-26 18:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012-05-26 18:35:51 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-05-26 18:35:51 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-05-26 18:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012-05-26 18:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiRT Showdown
[2012-05-26 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012-05-26 17:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012-05-26 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGA
[2012-05-26 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGA
[2012-05-26 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2012-05-25 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\FlashGet
[2012-05-25 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet
[2012-05-25 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet
[2012-05-25 17:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGA
[2012-05-24 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS
[2012-05-24 16:58:24 | 000,000,000 | ---D | C] -- C:\KISS
[2012-05-24 16:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION
[2012-05-24 16:20:52 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012-05-24 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012-05-24 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012-05-24 13:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012-05-24 13:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012-05-24 09:51:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-05-23 13:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-05-23 13:58:41 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-05-23 13:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012-05-23 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\DAEMON Tools Lite
[2012-05-23 13:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012-05-22 21:19:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012-05-22 21:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012-05-22 21:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012-05-22 21:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-05-22 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader1
[2012-05-22 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader
[2012-05-22 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\NeoDownloader
[2012-05-22 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader
[2012-05-21 21:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012-05-21 21:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012-05-21 21:27:09 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012-05-21 21:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012-05-21 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Notepad++
[2012-05-21 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012-05-20 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\OpenOffice.org
[2012-05-20 16:41:31 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012-05-20 16:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012-05-20 16:38:15 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
[2012-05-20 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\NVIDIA
[2012-05-20 11:53:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\PunkBuster
[2012-05-20 11:53:10 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Battlefield 3
[2012-05-20 11:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012-05-20 11:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012-05-20 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\.minecraft
[2012-05-19 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Unity
[2012-05-19 14:26:07 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Unity
[2012-05-18 23:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012-05-18 21:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012-05-18 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Origin
[2012-05-18 21:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Origin
[2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012-05-18 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012-05-18 21:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012-05-17 23:36:19 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Diablo III
[2012-05-17 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012-05-17 23:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012-05-17 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012-05-17 21:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-05-17 13:23:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Hitman Blood Money
[2012-05-17 13:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012-05-16 17:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012-05-16 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012-05-16 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\QuickScan
[2012-05-16 17:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012-05-16 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\WinRAR
[2012-05-16 17:12:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-05-16 17:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-05-16 15:10:20 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\vlc
[2012-05-16 13:16:10 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\BitTorrent
[2012-05-16 13:06:06 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Documents\Multisoft
[2012-05-15 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Media Player Classic
[2012-05-15 22:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-05-15 22:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012-05-15 22:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012-05-15 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012-05-15 22:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
[2012-05-15 22:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012-05-15 22:17:19 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Google
[2012-05-15 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Guavi
[2012-05-15 22:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNCheck
[2012-05-15 22:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VPNCheck
[2012-05-15 22:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012-05-15 22:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012-05-15 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Mozilla
[2012-05-15 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Mozilla
[2012-05-15 21:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-05-15 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-05-15 21:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-05-15 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012-05-15 20:46:36 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-05-15 20:46:36 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-05-15 20:44:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-05-15 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-05-15 20:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012-05-15 20:13:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\TeraCopy
[2012-05-15 20:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012-05-15 16:56:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012-05-15 16:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012-05-15 16:55:16 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Adobe
[2012-05-15 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Macromedia
[2012-05-15 16:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Adobe
[2012-05-15 16:54:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012-05-15 16:54:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-05-15 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012-05-15 16:44:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012-05-15 16:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012-05-15 16:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012-05-15 16:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012-05-15 15:46:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012-05-15 15:46:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012-05-15 15:43:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012-05-15 15:42:47 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012-05-15 15:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012-05-15 15:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012-05-15 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012-05-15 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-05-15 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012-05-15 13:41:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012-05-15 13:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012-05-15 13:14:04 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012-05-15 13:12:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012-05-15 13:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-05-15 13:12:14 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012-05-15 13:12:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012-05-15 13:12:14 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012-05-15 13:12:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012-05-15 13:12:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012-05-15 13:12:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012-05-15 13:12:14 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012-05-15 13:12:14 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012-05-15 13:12:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012-05-15 13:12:11 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012-05-15 13:12:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012-05-15 13:12:11 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012-05-15 13:12:11 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012-05-15 13:12:11 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012-05-15 13:12:11 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012-05-15 13:12:09 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012-05-15 13:12:09 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012-05-15 13:12:09 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012-05-15 13:12:09 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012-05-15 13:12:09 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012-05-15 13:12:09 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012-05-15 13:12:09 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012-05-15 13:12:08 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012-05-15 13:12:08 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012-05-15 13:12:08 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012-05-15 13:12:08 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012-05-15 13:12:06 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012-05-15 13:12:05 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012-05-15 13:12:05 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012-05-15 13:12:05 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012-05-15 13:12:05 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012-05-15 13:12:05 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012-05-15 13:12:05 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012-05-15 13:12:05 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012-05-15 13:12:05 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012-05-15 13:12:05 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012-05-15 13:12:04 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012-05-15 13:12:04 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012-05-15 13:12:04 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012-05-15 13:12:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012-05-15 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012-05-15 13:12:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012-05-15 13:11:52 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012-05-15 13:11:11 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012-05-15 13:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012-05-15 13:10:58 | 000,000,000 | ---D | C] -- C:\Intel
[2012-05-15 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2012-05-15 13:08:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Searches
[2012-05-15 12:57:46 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012-05-15 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Identities
[2012-05-15 12:57:33 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Contacts
[2012-05-15 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\VirtualStore
[2012-05-15 12:57:12 | 000,000,000 | --SD | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Videos
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Saved Games
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Pictures
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Music
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Links
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Favorites
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Downloads
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Documents
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\Desktop
[2012-05-15 12:57:12 | 000,000,000 | R--D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Tidigare
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Temporary Internet Files
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Start-meny
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Skrivare
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\SendTo
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Recent
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Programdata
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\AppData\Local\Programdata
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Nätverket
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Mina videoklipp
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Mina dokument
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Mina bilder
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Documents\Min musik
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Mallar
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Lokala inställningar
[2012-05-15 12:57:12 | 000,000,000 | -HSD | C] -- C:\Users\Ägaren\Cookies
[2012-05-15 12:57:12 | 000,000,000 | -H-D | C] -- C:\Users\Ägaren\AppData
[2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Temp
[2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Microsoft
[2012-05-15 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Media Center Programs
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start-meny
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Skrivbord
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Programdata
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina videoklipp
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina bilder
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Min musik
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Mallar
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriter
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokument
[2012-05-15 12:57:04 | 000,000,000 | -HSD | C] -- C:\Program Files\Delade filer
[2012-05-15 12:57:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012-05-15 12:42:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012-05-15 12:42:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012-05-13 19:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
You must log in or register to reply here.

Similar threads

S
Solved "generic32.CEMU" "win64/patched.A" "generic31.ZCS" "generic29.ANPX" "generic15.CGSY" the lists go on
2
Replies
46
Views
10K
Broni
Broni
N
Inactive Infected with Sirefef and Win64/Patched.A.Gen - problem
Replies
3
Views
2K
Broni
Broni
negdcom
  • Locked
Inactive [A] Sirefef variant please help
Replies
19
Views
2K
Broni
Broni

Latest posts

Back