Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by QVO6


  • This topic is locked This topic is locked
19 replies to this topic

#1 razz86

razz86

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 30 March 2013 - 01:42 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/489966/split-from-qvo6com-has-taken-over-all-of-the-web-browsers/ ~ OB

 

Hy there!

My problem i think can''t be solved

I use google chrome for surfing the web...and startpage is this annoying  qvo6.com...i have google.com as a start page...also same problem on internet explorer.

Ive scaned my computer with almoust every program...recommended to me by bleepingcomputer advisor.

Can i escape this hijack?

Attached Files


Edited by Orange Blossom, 30 March 2013 - 02:13 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 30 March 2013 - 02:48 PM


Hello razz86

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 31 March 2013 - 03:21 AM

ComboFix 13-03-31.01 - Razvan 31.03.2013  11:13:25.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.40.1033.18.2047.1078 [GMT 3:00]
Running from: c:\users\Razvan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-31  )))))))))))))))))))))))))))))))
.
.
2013-03-31 08:18 . 2013-03-31 08:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- c:\program files\Enigma Software Group
2013-03-28 12:54 . 2013-03-28 13:16 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-03-28 12:33 . 2013-03-28 12:33 -------- d-----w- c:\programdata\TuneUp Software
2013-03-28 12:33 . 2013-03-28 12:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-28 11:52 . 2013-03-28 11:52 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-28 11:43 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BB0F2C8-6076-47C4-9F58-73B212AE6E38}\mpengine.dll
2013-03-28 11:35 . 2013-03-28 11:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 11:17 . 2013-03-28 11:17 -------- d-----w- c:\windows\ERUNT
2013-03-28 11:17 . 2013-03-30 16:41 -------- d-----w- C:\JRT
2013-03-28 10:30 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll0347.old
2013-03-28 10:30 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll0347.old
2013-03-28 10:30 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll0347.old
2013-03-28 09:56 . 2013-03-28 10:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-28 09:55 . 2013-03-28 10:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-28 09:10 . 2013-03-28 18:27 -------- d-----w- c:\programdata\MFAData
2013-03-28 09:10 . 2013-03-28 09:10 -------- d--h--w- c:\programdata\Common Files
2013-03-28 09:09 . 2013-03-28 11:04 -------- d-----w- c:\program files\PC Tools Security
2013-03-28 08:46 . 2013-03-28 11:04 -------- d-----w- c:\program files\Common Files\PC Tools
2013-03-28 08:46 . 2013-03-28 08:47 -------- d-----w- c:\program files\PC Tools
2013-03-28 08:46 . 2012-11-01 13:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-03-28 08:44 . 2013-03-28 11:01 -------- d-----w- c:\programdata\PC Tools
2013-03-28 06:37 . 2013-03-28 06:37 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 05:26 . 2013-03-28 05:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-28 05:26 . 2013-03-28 05:26 -------- d-----w- c:\windows\system32\Macromed
2013-03-28 05:26 . 2013-03-28 10:16 -------- d-----w- c:\programdata\eSafe
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\program files\Common Files\Trek310
2013-03-27 13:25 . 2007-06-26 08:06 343808 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2013-03-27 13:25 . 2007-04-13 11:52 307200 ----a-w- c:\windows\vsnpstd2.exe
2013-03-27 13:25 . 2007-03-29 13:07 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2013-03-27 13:25 . 2007-03-29 12:52 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2013-03-27 13:25 . 2004-09-24 14:24 57344 ----a-w- c:\windows\system32\rsnpstd2.dll
2013-03-27 13:25 . 2003-08-05 11:48 65536 ----a-w- c:\windows\amcap.exe
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\windows\Album
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\program files\Trek 310
2013-03-27 13:25 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd2.dll
2013-03-27 12:59 . 2013-03-27 13:04 -------- d-----w- C:\XP
2013-03-25 20:20 . 2013-03-25 20:20 -------- d-----w- c:\windows\system32\SPReview
2013-03-25 20:19 . 2013-03-25 20:19 -------- d-----w- c:\windows\system32\EventProviders
2013-03-25 14:02 . 2013-03-25 14:02 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-25 14:02 . 2013-03-25 14:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-03-25 14:02 . 2013-03-25 14:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-25 13:59 . 2013-03-25 14:00 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-03-25 13:25 . 2010-11-20 12:21 381440 ----a-w- c:\windows\system32\wer.dll
2013-03-25 13:24 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-03-25 13:24 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-03-25 13:24 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-03-25 13:24 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-03-25 07:04 . 2013-03-25 07:04 -------- d-----w- c:\windows\system32\Wat
2013-03-25 01:16 . 2013-03-28 11:39 -------- d-----w- c:\windows\Panther
2013-03-25 01:16 . 2013-03-26 06:30 -------- d-----w- C:\Boot
2013-03-25 01:09 . 2013-03-25 01:09 -------- d-----w- C:\Windows.old
2013-03-24 20:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-03-24 20:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-24 20:31 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-03-24 20:04 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-24 20:04 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-24 20:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-24 20:04 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-24 20:04 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-24 20:04 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-24 20:04 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-24 20:04 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-24 20:04 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-24 20:04 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-24 20:03 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-24 20:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-24 20:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-24 20:01 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-24 17:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-03-24 17:35 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2013-03-24 17:35 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-24 17:32 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 17:31 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-03-24 17:18 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-03-24 17:17 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-03-24 17:17 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-03-24 17:17 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2013-03-24 17:13 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-24 17:13 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-03-24 17:13 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-24 17:13 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-03-24 17:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-03-24 17:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-03-24 17:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-03-24 17:13 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-24 17:13 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----w- c:\program files\Common Files\Skype
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----r- c:\program files\Skype
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----w- c:\programdata\Skype
2013-03-24 16:34 . 2013-03-24 16:34 -------- d-----w- c:\program files\AGEIA Technologies
2013-03-24 16:34 . 2013-03-24 16:34 -------- d-----w- c:\users\UpdatusUser
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\CCleaner
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\Common Files\Java
2013-03-24 16:28 . 2013-03-24 16:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-24 16:28 . 2013-03-24 16:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-24 16:28 . 2013-03-24 16:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\Java
2013-03-24 16:11 . 2013-03-24 16:11 -------- d-----w- c:\program files\MSECache
2013-03-24 16:10 . 2013-03-26 07:05 -------- d-----w- c:\program files\PokerStars.EU
2013-03-24 16:10 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2013-03-24 16:10 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2013-03-24 16:09 . 2013-03-24 16:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-24 16:09 . 2013-03-25 11:06 -------- d-----w- c:\program files\Microsoft.NET
2013-03-24 16:09 . 2013-03-24 16:09 -------- d-----w- c:\windows\PCHEALTH
2013-03-24 15:57 . 2013-03-24 15:58 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-24 15:53 . 2013-01-16 23:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-24 15:39 . 2013-03-24 15:40 -------- d-----w- c:\program files\Google
2013-03-24 15:38 . 2013-03-24 15:38 -------- d--h--w- c:\programdata\CanonBJ
2013-03-24 15:38 . 2010-02-04 03:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
2013-03-24 15:38 . 2010-02-04 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
2013-03-24 15:38 . 2013-03-24 15:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-03-24 15:38 . 2009-04-03 14:00 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2013-03-24 15:38 . 2009-04-03 13:59 110592 ----a-w- c:\windows\system32\CNC250I.dll
2013-03-24 15:38 . 2009-04-03 13:57 106496 ----a-w- c:\windows\system32\CNC250U.dll
2013-03-24 15:38 . 2009-03-11 09:34 303104 ----a-w- c:\windows\system32\CNC250L.dll
2013-03-24 15:38 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2013-03-24 15:38 . 2010-02-04 03:00 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2013-03-24 15:38 . 2009-02-04 12:17 90112 ----a-w- c:\windows\system32\CNC250O.dll
2013-03-24 15:38 . 2009-03-18 08:09 178176 ----a-w- c:\windows\system32\CNMIU9W.DLL
2013-03-24 15:37 . 2013-03-25 13:38 -------- d-----w- c:\program files\Canon
2013-03-24 15:34 . 2013-03-31 08:08 -------- d-----w- c:\programdata\NVIDIA
2013-03-24 15:34 . 2010-12-23 05:56 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2013-03-24 15:33 . 2013-03-30 16:37 -------- d-sh--w- c:\windows\Installer
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 06:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-02-12 04:48 . 2013-03-26 10:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-26 10:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 00:35 . 2010-12-12 21:28 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:35 . 2010-12-12 21:28 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-10 00:35 . 2010-12-12 21:28 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 00:35 . 2010-12-12 21:29 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:35 . 2010-12-12 21:28 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-09 16:43 . 2013-02-09 16:43 555808 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-10 07:25 . 2013-01-10 07:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"snpstd2"="c:\windows\vsnpstd2.exe" [2007-04-13 307200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-25 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-30 14:20 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79947752.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31  11:20:00
ComboFix-quarantined-files.txt  2013-03-31 08:20
.
Pre-Run: 124.400.463.872 bytes free
Post-Run: 124.418.789.376 bytes free
.
- - End Of File - - 9606C7FEDA661CDAFD2781DF7AA313D1


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 31 March 2013 - 03:29 AM


Hello razz86

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 31 March 2013 - 11:24 AM

Aint got no account at google chrome

Ive unninstalled  chrome...and for the moment my true google.com start page is working...no more that annoying qvo6.com

But when i used my internet explorer  10 to download chrome...guess what on internet explorer i still got this annoyni qvo6.com  :bubbles: and i use blank page on internet explorer

Should i unninstall internet explorer?



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 31 March 2013 - 01:53 PM


Hello razz86

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 31 March 2013 - 11:36 PM

It doesnt work for internet explorer..ive downloaded microsoft fixIT, ive made manually all the reset

Its still Aliveee :(



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 01 April 2013 - 12:10 AM


Hello razz86

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 04 April 2013 - 01:14 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 04 April 2013 - 02:25 AM

OTL logfile created on: 04.04.2013 10:14:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Razvan\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
4,00 Gb Paging File | 2,97 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 116,00 Gb Free Space | 79,19% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 145,15 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 155,86 Gb Free Space | 90,20% Space Free | Partition Type: NTFS
 
Computer Name: RAZVAN_SUFRAGER | User Name: Razvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Razvan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\vsnpstd2.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Windows\vsnpstd2.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\Razvan\AppData\Local\Temp\catchme.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (snpstd2) -- C:\Windows\System32\drivers\snpstd2.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1275954205-4142111476-191088982-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disc Google = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: căutare Google = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Gmail = C:\Users\Razvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.31 11:18:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [snpstd2] C:\Windows\vsnpstd2.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1275954205-4142111476-191088982-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275954205-4142111476-191088982-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1275954205-4142111476-191088982-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6499CE14-5C54-497C-B99A-47AB0272B127}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 11:18:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Razvan\Desktop\OTL.exe
[2013.04.01 08:03:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.01 08:03:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.01 08:03:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.01 08:03:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.01 08:03:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.01 08:03:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.01 08:03:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.01 08:03:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.01 08:03:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.01 08:03:05 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.01 08:03:05 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.01 08:03:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.01 08:03:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.01 08:03:04 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.01 08:03:03 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.01 08:01:19 | 000,272,384 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9W.DLL
[2013.04.01 07:59:22 | 000,000,000 | ---D | C] -- C:\Windows\ro-RO
[2013.04.01 07:59:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2013.04.01 07:56:25 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.01 07:52:53 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\portcls.sys.mui
[2013.04.01 07:52:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\serscan.sys.mui
[2013.04.01 07:52:35 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\ataport.sys.mui
[2013.04.01 07:52:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\amdide.sys.mui
[2013.04.01 07:52:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\tcpip.sys.mui
[2013.04.01 07:52:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\scfilter.sys.mui
[2013.04.01 07:50:42 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\hidbth.sys.mui
[2013.04.01 07:50:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthport.sys.mui
[2013.04.01 07:50:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\BTHUSB.SYS.mui
[2013.04.01 07:50:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthenum.sys.mui
[2013.04.01 07:49:41 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.04.01 07:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.01 07:41:04 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.04.01 07:41:04 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.04.01 07:41:03 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.04.01 07:41:03 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.04.01 07:41:02 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.04.01 07:40:58 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.04.01 07:40:58 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.04.01 07:40:28 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.01 07:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.01 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.03.31 20:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013.03.31 20:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.31 19:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.31 11:20:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.31 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\temp
[2013.03.31 11:18:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.31 11:12:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.31 11:12:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.31 11:12:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.31 11:12:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.31 11:11:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.28 21:26:57 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Avg2013
[2013.03.28 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\ESET
[2013.03.28 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\ESET
[2013.03.28 16:16:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.03.28 15:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.28 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.03.28 15:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.03.28 15:33:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.28 14:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.28 14:36:22 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.28 14:36:22 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.28 14:36:22 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.28 14:36:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.28 14:36:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.28 14:36:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.28 14:36:21 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.28 14:36:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.28 14:36:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.28 14:36:21 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.28 14:36:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.28 14:36:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.28 14:36:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.28 14:36:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.28 14:36:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.28 14:36:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.28 14:36:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.28 14:36:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.28 14:36:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.28 14:36:20 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.28 14:36:20 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.28 14:36:20 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.28 14:36:20 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.28 14:36:20 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.28 14:36:20 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.28 14:36:20 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.28 14:36:20 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.28 14:36:20 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.28 14:36:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.28 14:36:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.28 14:36:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.28 14:36:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.28 14:36:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.28 14:36:19 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.28 14:36:19 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.28 14:36:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.28 14:35:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.28 14:35:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.28 14:35:42 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.28 14:35:42 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.28 14:35:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.28 14:35:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.28 14:35:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.28 14:35:42 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.28 14:35:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.28 14:35:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.28 14:35:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.28 14:35:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.28 14:35:41 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.28 14:35:41 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.28 14:35:41 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.28 14:35:41 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.28 14:35:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.28 14:35:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.28 14:35:41 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.28 14:35:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.28 14:35:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.28 14:17:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.28 14:17:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.28 13:41:31 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\PC Tools
[2013.03.28 13:30:50 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0347.old
[2013.03.28 13:30:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0347.old
[2013.03.28 12:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.28 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.28 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\TuneUp Software
[2013.03.28 12:10:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.28 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\MFAData
[2013.03.28 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.28 12:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2013.03.28 11:46:35 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2013.03.28 11:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2013.03.28 11:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2013.03.28 11:44:42 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\TestApp
[2013.03.28 11:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.03.28 09:38:04 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Malwarebytes
[2013.03.28 09:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.28 09:37:49 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Programs
[2013.03.28 08:27:10 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Macromedia
[2013.03.28 08:26:59 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.28 08:26:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013.03.28 08:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.03.28 08:26:23 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\eIntaller
[2013.03.27 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Trek310
[2013.03.27 16:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trek 310
[2013.03.27 16:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trek 310
[2013.03.27 16:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Album
[2013.03.27 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\InstallShield
[2013.03.27 15:59:23 | 000,000,000 | ---D | C] -- C:\XP
[2013.03.26 13:54:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013.03.26 13:54:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2013.03.26 13:54:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2013.03.26 13:54:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013.03.26 13:54:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.03.26 13:54:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.03.26 13:54:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013.03.26 13:54:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013.03.25 23:20:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.25 23:19:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.03.25 17:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.25 17:02:59 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.25 17:02:55 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\DAEMON Tools Lite
[2013.03.25 17:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.25 17:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.03.25 16:59:16 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2013.03.25 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\DAEMON Tools
[2013.03.25 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.25 16:26:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2013.03.25 16:26:09 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.03.25 16:26:09 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.03.25 16:26:09 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2013.03.25 16:26:08 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.03.25 16:26:07 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.03.25 16:26:07 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.03.25 16:26:06 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.03.25 16:26:06 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2013.03.25 16:26:05 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013.03.25 16:26:05 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013.03.25 16:26:05 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.03.25 16:26:03 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.03.25 16:26:03 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.03.25 16:26:02 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2013.03.25 16:26:02 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013.03.25 16:26:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013.03.25 16:26:00 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2013.03.25 16:25:59 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.03.25 16:25:59 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2013.03.25 16:25:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2013.03.25 16:25:59 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2013.03.25 16:25:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2013.03.25 16:25:58 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2013.03.25 16:25:57 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2013.03.25 16:25:57 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2013.03.25 16:25:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2013.03.25 16:25:57 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2013.03.25 16:25:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013.03.25 16:25:56 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2013.03.25 16:25:55 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2013.03.25 16:25:55 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.03.25 16:25:55 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2013.03.25 16:25:55 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2013.03.25 16:25:55 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2013.03.25 16:25:55 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.03.25 16:25:54 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.03.25 16:25:54 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2013.03.25 16:25:54 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2013.03.25 16:25:54 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013.03.25 16:25:53 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013.03.25 16:25:53 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2013.03.25 16:25:52 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013.03.25 16:25:52 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2013.03.25 16:25:52 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.03.25 16:25:52 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2013.03.25 16:25:51 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2013.03.25 16:25:51 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2013.03.25 16:25:51 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2013.03.25 16:25:51 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2013.03.25 16:25:50 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.03.25 16:25:50 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2013.03.25 16:25:49 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2013.03.25 16:25:49 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2013.03.25 16:25:49 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.03.25 16:25:49 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2013.03.25 16:25:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2013.03.25 16:25:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013.03.25 16:25:48 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2013.03.25 16:25:47 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013.03.25 16:25:47 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2013.03.25 16:25:47 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2013.03.25 16:25:47 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.03.25 16:25:47 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2013.03.25 16:25:46 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2013.03.25 16:25:46 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2013.03.25 16:25:45 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2013.03.25 16:25:45 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2013.03.25 16:25:44 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2013.03.25 16:25:44 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2013.03.25 16:25:43 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2013.03.25 16:25:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2013.03.25 16:25:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2013.03.25 16:25:41 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013.03.25 16:25:41 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.03.25 16:25:40 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013.03.25 16:25:40 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2013.03.25 16:25:40 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2013.03.25 16:25:40 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2013.03.25 16:25:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2013.03.25 16:25:40 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2013.03.25 16:25:39 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013.03.25 16:25:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2013.03.25 16:25:39 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2013.03.25 16:25:38 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2013.03.25 16:25:37 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2013.03.25 16:25:37 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2013.03.25 16:25:37 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2013.03.25 16:25:37 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2013.03.25 16:25:37 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2013.03.25 16:25:37 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2013.03.25 16:25:37 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2013.03.25 16:25:37 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2013.03.25 16:25:37 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2013.03.25 16:25:37 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2013.03.25 16:25:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.03.25 16:25:37 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.03.25 16:25:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013.03.25 16:25:36 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2013.03.25 16:25:36 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2013.03.25 16:25:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2013.03.25 16:25:35 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2013.03.25 16:25:35 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2013.03.25 16:25:35 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2013.03.25 16:25:35 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2013.03.25 16:25:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2013.03.25 16:25:35 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2013.03.25 16:25:34 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2013.03.25 16:25:34 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2013.03.25 16:25:34 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2013.03.25 16:25:34 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2013.03.25 16:25:34 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2013.03.25 16:25:34 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2013.03.25 16:25:34 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.03.25 16:25:34 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2013.03.25 16:25:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2013.03.25 16:25:34 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2013.03.25 16:25:34 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2013.03.25 16:25:34 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2013.03.25 16:25:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2013.03.25 16:25:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2013.03.25 16:25:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.03.25 16:25:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2013.03.25 16:25:33 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2013.03.25 16:25:33 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2013.03.25 16:25:33 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2013.03.25 16:25:33 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2013.03.25 16:25:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2013.03.25 16:25:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2013.03.25 16:25:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2013.03.25 16:25:33 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2013.03.25 16:25:33 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013.03.25 16:25:33 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2013.03.25 16:25:33 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2013.03.25 16:25:33 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.03.25 16:25:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2013.03.25 16:25:32 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2013.03.25 16:25:32 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.03.25 16:25:32 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.03.25 16:25:32 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2013.03.25 16:25:32 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.03.25 16:25:32 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2013.03.25 16:25:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2013.03.25 16:25:31 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2013.03.25 16:25:31 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2013.03.25 16:25:31 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2013.03.25 16:25:31 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2013.03.25 16:25:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2013.03.25 16:25:31 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2013.03.25 16:25:31 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2013.03.25 16:25:31 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2013.03.25 16:25:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2013.03.25 16:25:31 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2013.03.25 16:25:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013.03.25 16:25:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2013.03.25 16:25:31 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2013.03.25 16:25:31 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2013.03.25 16:25:31 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2013.03.25 16:25:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2013.03.25 16:25:30 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2013.03.25 16:25:30 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2013.03.25 16:25:30 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2013.03.25 16:25:30 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2013.03.25 16:25:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2013.03.25 16:25:30 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2013.03.25 16:25:30 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2013.03.25 16:25:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.03.25 16:25:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2013.03.25 16:25:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2013.03.25 16:25:30 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2013.03.25 16:25:29 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2013.03.25 16:25:29 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2013.03.25 16:25:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2013.03.25 16:25:29 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2013.03.25 16:25:29 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2013.03.25 16:25:29 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.03.25 16:25:29 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2013.03.25 16:25:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2013.03.25 16:25:29 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2013.03.25 16:25:29 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2013.03.25 16:25:29 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2013.03.25 16:25:29 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2013.03.25 16:25:29 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2013.03.25 16:25:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2013.03.25 16:25:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2013.03.25 16:25:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2013.03.25 16:25:29 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.03.25 16:25:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2013.03.25 16:25:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2013.03.25 16:25:28 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2013.03.25 16:25:28 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2013.03.25 16:25:28 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2013.03.25 16:25:28 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2013.03.25 16:25:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2013.03.25 16:25:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013.03.25 16:25:28 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2013.03.25 16:25:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2013.03.25 16:25:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2013.03.25 16:25:27 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2013.03.25 16:25:27 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2013.03.25 16:25:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2013.03.25 16:25:27 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2013.03.25 16:25:27 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2013.03.25 16:25:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2013.03.25 16:25:27 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2013.03.25 16:25:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.03.25 16:25:27 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2013.03.25 16:25:27 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2013.03.25 16:25:27 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2013.03.25 16:25:27 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.03.25 16:25:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2013.03.25 16:25:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2013.03.25 16:25:27 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2013.03.25 16:25:27 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2013.03.25 16:25:27 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2013.03.25 16:25:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2013.03.25 16:25:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.03.25 16:25:27 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2013.03.25 16:25:26 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2013.03.25 16:25:26 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2013.03.25 16:25:26 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2013.03.25 16:25:26 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2013.03.25 16:25:26 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2013.03.25 16:25:26 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2013.03.25 16:25:26 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2013.03.25 16:25:26 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2013.03.25 16:25:26 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2013.03.25 16:25:26 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2013.03.25 16:25:26 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2013.03.25 16:25:26 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2013.03.25 16:25:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2013.03.25 16:25:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2013.03.25 16:25:25 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2013.03.25 16:25:25 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2013.03.25 16:25:25 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.03.25 16:25:25 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013.03.25 16:25:25 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013.03.25 16:25:25 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2013.03.25 16:25:25 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2013.03.25 16:25:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2013.03.25 16:25:25 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2013.03.25 16:25:25 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2013.03.25 16:25:25 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2013.03.25 16:25:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2013.03.25 16:25:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013.03.25 16:25:25 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013.03.25 16:25:25 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2013.03.25 16:25:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2013.03.25 16:25:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2013.03.25 16:25:25 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2013.03.25 16:25:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2013.03.25 16:25:25 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013.03.25 16:25:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2013.03.25 16:25:25 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2013.03.25 16:25:24 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2013.03.25 16:25:24 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2013.03.25 16:25:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2013.03.25 16:25:24 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2013.03.25 16:25:24 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2013.03.25 16:25:24 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2013.03.25 16:25:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2013.03.25 16:25:24 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2013.03.25 16:25:24 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2013.03.25 16:25:24 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2013.03.25 16:25:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2013.03.25 16:25:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.03.25 16:25:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2013.03.25 16:25:23 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2013.03.25 16:25:23 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2013.03.25 16:25:23 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2013.03.25 16:25:23 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2013.03.25 16:25:23 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2013.03.25 16:25:23 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2013.03.25 16:25:23 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2013.03.25 16:25:23 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2013.03.25 16:25:23 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2013.03.25 16:25:23 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2013.03.25 16:25:23 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013.03.25 16:25:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2013.03.25 16:25:23 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2013.03.25 16:25:23 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2013.03.25 16:25:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013.03.25 16:25:22 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2013.03.25 16:25:22 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2013.03.25 16:25:22 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2013.03.25 16:25:22 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2013.03.25 16:25:22 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2013.03.25 16:25:22 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2013.03.25 16:25:22 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013.03.25 16:25:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2013.03.25 16:25:22 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2013.03.25 16:25:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013.03.25 16:25:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2013.03.25 16:25:21 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2013.03.25 16:25:21 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2013.03.25 16:25:21 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2013.03.25 16:25:21 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2013.03.25 16:25:21 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013.03.25 16:25:21 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2013.03.25 16:25:21 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2013.03.25 16:25:21 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2013.03.25 16:25:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2013.03.25 16:25:21 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.03.25 16:25:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2013.03.25 16:25:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2013.03.25 16:25:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2013.03.25 16:25:21 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2013.03.25 16:25:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2013.03.25 16:25:20 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013.03.25 16:25:20 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2013.03.25 16:25:20 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2013.03.25 16:25:20 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2013.03.25 16:25:20 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2013.03.25 16:25:20 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2013.03.25 16:25:20 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2013.03.25 16:25:20 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013.03.25 16:25:20 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2013.03.25 16:25:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2013.03.25 16:25:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2013.03.25 16:25:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2013.03.25 16:25:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2013.03.25 16:25:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2013.03.25 16:25:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2013.03.25 16:25:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2013.03.25 16:25:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2013.03.25 16:25:19 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2013.03.25 16:25:19 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2013.03.25 16:25:19 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2013.03.25 16:25:19 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2013.03.25 16:25:19 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2013.03.25 16:25:19 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2013.03.25 16:25:19 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2013.03.25 16:25:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2013.03.25 16:25:19 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2013.03.25 16:25:19 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2013.03.25 16:25:19 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2013.03.25 16:25:19 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2013.03.25 16:25:19 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2013.03.25 16:25:19 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2013.03.25 16:25:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2013.03.25 16:25:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2013.03.25 16:25:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2013.03.25 16:25:19 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2013.03.25 16:25:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2013.03.25 16:25:19 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2013.03.25 16:25:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2013.03.25 16:25:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2013.03.25 16:25:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2013.03.25 16:25:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2013.03.25 16:25:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2013.03.25 16:25:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2013.03.25 16:25:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2013.03.25 16:25:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2013.03.25 16:25:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2013.03.25 16:25:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2013.03.25 16:25:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2013.03.25 16:25:19 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.03.25 16:25:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2013.03.25 16:25:18 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013.03.25 16:25:18 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2013.03.25 16:25:18 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2013.03.25 16:25:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2013.03.25 16:25:18 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2013.03.25 16:25:18 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2013.03.25 16:25:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2013.03.25 16:25:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2013.03.25 16:25:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2013.03.25 16:25:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2013.03.25 16:25:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2013.03.25 16:25:17 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2013.03.25 16:25:17 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2013.03.25 16:25:17 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2013.03.25 16:25:17 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2013.03.25 16:25:17 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013.03.25 16:25:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2013.03.25 16:25:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2013.03.25 16:25:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2013.03.25 16:25:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2013.03.25 16:25:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2013.03.25 16:25:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2013.03.25 16:25:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2013.03.25 16:25:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2013.03.25 16:25:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2013.03.25 16:25:16 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2013.03.25 16:25:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2013.03.25 16:25:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.03.25 16:25:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.03.25 16:25:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2013.03.25 16:25:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2013.03.25 16:25:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2013.03.25 16:25:16 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2013.03.25 16:25:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2013.03.25 16:25:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2013.03.25 16:25:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2013.03.25 16:25:15 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2013.03.25 16:25:15 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2013.03.25 16:25:15 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2013.03.25 16:25:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2013.03.25 16:25:15 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2013.03.25 16:25:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2013.03.25 16:25:15 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2013.03.25 16:25:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2013.03.25 16:25:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2013.03.25 16:25:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2013.03.25 16:25:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2013.03.25 16:25:15 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2013.03.25 16:25:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.03.25 16:25:14 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.03.25 16:25:14 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2013.03.25 16:25:14 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2013.03.25 16:25:14 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.03.25 16:25:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2013.03.25 16:25:14 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2013.03.25 16:25:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2013.03.25 16:25:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2013.03.25 16:25:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2013.03.25 16:25:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2013.03.25 16:25:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2013.03.25 16:25:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2013.03.25 16:25:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2013.03.25 16:25:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2013.03.25 16:25:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2013.03.25 16:25:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2013.03.25 16:25:13 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2013.03.25 16:25:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2013.03.25 16:25:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2013.03.25 16:25:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2013.03.25 16:25:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2013.03.25 16:25:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2013.03.25 16:25:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2013.03.25 16:25:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2013.03.25 16:25:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2013.03.25 16:25:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2013.03.25 16:25:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2013.03.25 16:25:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2013.03.25 16:25:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2013.03.25 16:25:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2013.03.25 16:25:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2013.03.25 16:25:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2013.03.25 16:25:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2013.03.25 16:25:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2013.03.25 16:25:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2013.03.25 16:25:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2013.03.25 16:25:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2013.03.25 16:25:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2013.03.25 16:25:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2013.03.25 16:25:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2013.03.25 16:25:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2013.03.25 16:25:11 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2013.03.25 16:25:11 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2013.03.25 16:25:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2013.03.25 16:25:11 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2013.03.25 16:25:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2013.03.25 16:25:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2013.03.25 16:25:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2013.03.25 16:25:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2013.03.25 16:25:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2013.03.25 16:25:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2013.03.25 16:25:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2013.03.25 16:25:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2013.03.25 16:25:10 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2013.03.25 16:25:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2013.03.25 16:25:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2013.03.25 16:25:10 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2013.03.25 16:25:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2013.03.25 16:25:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2013.03.25 16:25:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2013.03.25 16:25:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2013.03.25 16:25:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2013.03.25 16:25:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2013.03.25 16:25:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013.03.25 16:25:09 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.03.25 16:25:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2013.03.25 16:25:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2013.03.25 16:25:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2013.03.25 16:25:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2013.03.25 16:25:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2013.03.25 16:25:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2013.03.25 16:25:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2013.03.25 16:25:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2013.03.25 16:25:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013.03.25 16:25:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013.03.25 16:25:08 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2013.03.25 16:25:08 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2013.03.25 16:25:08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2013.03.25 16:25:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2013.03.25 16:25:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2013.03.25 16:24:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2013.03.25 16:24:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2013.03.25 16:11:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.03.25 16:11:35 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.03.25 16:11:32 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2013.03.25 16:11:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2013.03.25 12:44:45 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Adobe
[2013.03.25 12:44:45 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Adobe
[2013.03.25 10:04:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013.03.25 04:16:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.03.25 04:16:05 | 000,000,000 | ---D | C] -- C:\Boot
[2013.03.25 04:09:10 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.03.24 23:31:53 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.03.24 23:31:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.03.24 23:31:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.03.24 23:04:45 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013.03.24 23:04:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013.03.24 23:04:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013.03.24 23:04:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013.03.24 23:04:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013.03.24 23:01:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2013.03.24 20:35:12 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013.03.24 20:35:12 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2013.03.24 20:34:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2013.03.24 20:34:39 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.03.24 20:34:39 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.03.24 20:34:38 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.03.24 20:34:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.03.24 20:34:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.03.24 20:34:38 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.03.24 20:34:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2013.03.24 20:34:12 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.03.24 20:34:12 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.03.24 20:34:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.03.24 20:34:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.03.24 20:34:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.03.24 20:34:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.03.24 20:34:12 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.03.24 20:34:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.03.24 20:34:12 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.03.24 20:34:12 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.03.24 20:34:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.03.24 20:34:12 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.03.24 20:34:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.03.24 20:34:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.03.24 20:34:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.03.24 20:34:12 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.03.24 20:34:04 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.03.24 20:34:04 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2013.03.24 20:33:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.03.24 20:33:46 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.03.24 20:33:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013.03.24 20:33:40 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.24 20:33:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.24 20:33:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.03.24 20:33:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.03.24 20:33:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.03.24 20:33:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.03.24 20:33:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.03.24 20:33:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.03.24 20:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.03.24 20:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.03.24 20:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.03.24 20:33:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.24 20:33:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.03.24 20:33:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.03.24 20:33:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.03.24 20:33:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.03.24 20:33:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.03.24 20:33:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.03.24 20:33:05 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.03.24 20:33:05 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.03.24 20:32:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013.03.24 20:32:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.03.24 20:32:50 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013.03.24 20:32:50 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.03.24 20:32:50 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.03.24 20:32:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013.03.24 20:32:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013.03.24 20:32:49 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.03.24 20:32:44 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013.03.24 20:32:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.24 20:32:36 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2013.03.24 20:32:36 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2013.03.24 20:32:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013.03.24 20:32:29 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.03.24 20:32:29 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2013.03.24 20:32:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.03.24 20:32:26 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2013.03.24 20:32:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013.03.24 20:32:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.03.24 20:32:19 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.24 20:32:12 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2013.03.24 20:32:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2013.03.24 20:32:12 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013.03.24 20:32:12 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2013.03.24 20:32:12 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2013.03.24 20:32:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.03.24 20:32:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.03.24 20:32:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013.03.24 20:32:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.03.24 20:32:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013.03.24 20:31:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2013.03.24 20:31:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013.03.24 20:31:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.03.24 20:31:32 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.03.24 20:31:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013.03.24 20:31:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.03.24 20:31:17 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013.03.24 20:18:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.03.24 20:17:43 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.03.24 20:17:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.03.24 20:13:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.24 20:13:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.24 20:13:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.24 20:13:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.24 20:13:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.24 20:13:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.24 20:13:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.24 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screamer Radio
[2013.03.24 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Screamer Radio
[2013.03.24 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Skype
[2013.03.24 19:35:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.03.24 19:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.24 19:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.24 19:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.24 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.03.24 19:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.03.24 19:33:27 | 020,534,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.03.24 19:33:27 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.03.24 19:33:27 | 012,862,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.03.24 19:33:27 | 008,944,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.03.24 19:33:27 | 007,964,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.03.24 19:33:27 | 006,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.03.24 19:33:27 | 002,726,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.03.24 19:33:27 | 001,990,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.03.24 19:33:27 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220294.dll
[2013.03.24 19:33:27 | 000,892,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.03.24 19:33:27 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3220162.dll
[2013.03.24 19:33:27 | 000,154,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.03.24 19:33:27 | 000,028,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.03.24 19:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.24 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.24 19:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.24 19:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.24 19:28:24 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.24 19:28:24 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.24 19:28:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.24 19:28:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.24 19:28:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.24 19:28:19 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.24 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.24 19:23:44 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Wargaming.net
[2013.03.24 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\Razvan\Documents\Battlefield 2
[2013.03.24 19:17:15 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.03.24 19:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.03.24 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\PokerStars.EU
[2013.03.24 19:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2013.03.24 19:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU
[2013.03.24 19:10:06 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2013.03.24 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.24 19:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2013.03.24 19:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.03.24 19:09:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.24 19:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013.03.24 19:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.03.24 19:07:06 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\WinRAR
[2013.03.24 19:06:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013.03.24 19:02:00 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.24 19:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.24 19:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.03.24 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.03.24 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.03.24 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.03.24 18:53:39 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.03.24 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\uTorrent
[2013.03.24 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Diagnostics
[2013.03.24 18:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.03.24 18:39:51 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Google
[2013.03.24 18:39:19 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Apps
[2013.03.24 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Deployment
[2013.03.24 18:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.03.24 18:38:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.03.24 18:38:35 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2013.03.24 18:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2013.03.24 18:38:33 | 001,310,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC250C.dll
[2013.03.24 18:38:33 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC250L.dll
[2013.03.24 18:38:33 | 000,110,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC250I.dll
[2013.03.24 18:38:33 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC250U.dll
[2013.03.24 18:38:33 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2013.03.24 18:38:20 | 000,090,112 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC250O.dll
[2013.03.24 18:38:16 | 000,178,176 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIU9W.DLL
[2013.03.24 18:38:10 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.03.24 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013.03.24 18:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.03.24 18:34:16 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32hda.dll
[2013.03.24 18:33:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.24 18:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.03.24 18:33:40 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll
[2013.03.24 18:33:40 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll
[2013.03.24 18:33:27 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.03.24 18:33:23 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2013.03.24 18:33:22 | 015,038,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.03.24 18:33:06 | 002,528,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.03.24 18:33:06 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2013.03.24 18:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.24 18:32:47 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013.03.24 18:32:47 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013.03.24 18:32:47 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013.03.24 18:32:47 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013.03.24 18:32:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013.03.24 18:32:47 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013.03.24 18:32:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013.03.24 18:32:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013.03.24 18:32:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013.03.24 18:32:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013.03.24 18:32:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013.03.24 18:32:47 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013.03.24 18:32:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013.03.24 18:32:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013.03.24 18:32:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013.03.24 18:32:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013.03.24 18:32:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013.03.24 18:32:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013.03.24 18:32:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013.03.24 18:32:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013.03.24 18:32:45 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013.03.24 18:32:45 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013.03.24 18:32:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013.03.24 18:32:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013.03.24 18:32:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013.03.24 18:32:45 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013.03.24 18:32:45 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013.03.24 18:32:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013.03.24 18:32:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013.03.24 18:32:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013.03.24 18:32:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013.03.24 18:32:44 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013.03.24 18:32:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013.03.24 18:32:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013.03.24 18:32:44 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013.03.24 18:32:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013.03.24 18:32:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013.03.24 18:32:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013.03.24 18:32:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013.03.24 18:32:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013.03.24 18:32:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013.03.24 18:32:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013.03.24 18:32:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013.03.24 18:32:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013.03.24 18:32:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013.03.24 18:32:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013.03.24 18:32:43 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013.03.24 18:32:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013.03.24 18:32:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013.03.24 18:32:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013.03.24 18:32:43 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013.03.24 18:32:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013.03.24 18:32:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013.03.24 18:32:43 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013.03.24 18:32:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013.03.24 18:32:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013.03.24 18:32:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013.03.24 18:32:42 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013.03.24 18:32:42 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013.03.24 18:32:42 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013.03.24 18:32:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013.03.24 18:32:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013.03.24 18:32:42 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013.03.24 18:32:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013.03.24 18:32:42 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013.03.24 18:32:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013.03.24 18:32:42 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013.03.24 18:32:41 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013.03.24 18:32:41 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013.03.24 18:32:41 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013.03.24 18:32:41 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013.03.24 18:32:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013.03.24 18:32:41 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013.03.24 18:32:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013.03.24 18:32:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013.03.24 18:32:41 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013.03.24 18:32:41 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013.03.24 18:32:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013.03.24 18:32:41 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013.03.24 18:32:41 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013.03.24 18:32:41 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013.03.24 18:32:41 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013.03.24 18:32:39 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013.03.24 18:32:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013.03.24 18:32:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013.03.24 18:32:39 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013.03.24 18:32:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013.03.24 18:32:38 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013.03.24 18:32:38 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013.03.24 18:32:38 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013.03.24 18:32:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013.03.24 18:30:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013.03.24 18:30:21 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013.03.24 18:30:20 | 002,630,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013.03.24 18:30:20 | 001,539,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013.03.24 18:30:20 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013.03.24 18:30:20 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013.03.24 18:30:20 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013.03.24 18:30:20 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013.03.24 18:30:20 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013.03.24 18:30:20 | 000,056,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2013.03.24 18:30:19 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013.03.24 18:30:19 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013.03.24 18:30:19 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013.03.24 18:30:19 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013.03.24 18:30:19 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013.03.24 18:30:19 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013.03.24 18:30:19 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013.03.24 18:30:19 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013.03.24 18:30:19 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013.03.24 18:30:19 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013.03.24 18:30:18 | 000,954,128 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2013.03.24 18:30:18 | 000,783,632 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2013.03.24 18:30:18 | 000,705,808 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2013.03.24 18:30:18 | 000,296,864 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013.03.24 18:30:18 | 000,269,584 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2013.03.24 18:30:18 | 000,239,376 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2013.03.24 18:30:18 | 000,146,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013.03.24 18:30:18 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2013.03.24 18:30:18 | 000,101,136 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2013.03.24 18:30:18 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013.03.24 18:30:18 | 000,093,456 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2013.03.24 18:30:18 | 000,058,128 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2013.03.24 18:30:18 | 000,056,592 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2013.03.24 18:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.03.24 18:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013.03.24 18:30:16 | 000,838,176 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.03.24 18:30:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2013.03.24 18:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.03.24 18:28:07 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2013.03.24 18:27:41 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013.03.24 18:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.03.24 18:25:32 | 000,000,000 | R--D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.24 18:25:32 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Searches
[2013.03.24 18:25:32 | 000,000,000 | R--D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.24 18:25:32 | 000,000,000 | -H-D | C] -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.03.24 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Identities
[2013.03.24 18:25:22 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Contacts
[2013.03.24 18:25:14 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\VirtualStore
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\AppData\Local\Temporary Internet Files
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Templates
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Start Menu
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\SendTo
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Recent
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\PrintHood
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\NetHood
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Documents\My Videos
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Documents\My Pictures
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Documents\My Music
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\My Documents
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Local Settings
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\AppData\Local\History
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Cookies
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\Application Data
[2013.03.24 18:25:09 | 000,000,000 | -HSD | C] -- C:\Users\Razvan\AppData\Local\Application Data
[2013.03.24 18:25:07 | 000,000,000 | --SD | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Videos
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Saved Games
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Pictures
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Music
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Links
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Favorites
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Downloads
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Documents
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\Desktop
[2013.03.24 18:25:07 | 000,000,000 | R--D | C] -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.24 18:25:07 | 000,000,000 | -H-D | C] -- C:\Users\Razvan\AppData
[2013.03.24 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Local\Microsoft
[2013.03.24 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\Razvan\AppData\Roaming\Media Center Programs
[2013.03.24 18:23:04 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.03.24 18:20:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.24 18:18:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 10:13:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 10:13:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 10:12:11 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.04 10:12:11 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.04 10:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 10:08:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.04 10:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 10:07:45 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 22:21:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.02 11:18:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Razvan\Desktop\OTL.exe
[2013.04.01 07:56:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.01 07:56:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.01 07:49:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.04.01 07:24:26 | 000,002,225 | ---- | M] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.03.31 19:16:37 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.31 11:18:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.28 14:36:22 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.28 14:36:22 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.28 14:36:22 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.28 14:36:22 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.28 14:36:22 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.28 14:36:21 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.28 14:36:21 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.28 14:36:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.28 14:36:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.28 14:36:21 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.28 14:36:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.28 14:36:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.28 14:36:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.28 14:36:21 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.28 14:36:21 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.28 14:36:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.28 14:36:21 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.28 14:36:21 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.28 14:36:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.28 14:36:20 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.28 14:36:20 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.28 14:36:20 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.28 14:36:20 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.28 14:36:20 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.28 14:36:20 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.28 14:36:20 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.28 14:36:20 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.28 14:36:20 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.28 14:36:20 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.28 14:36:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.28 14:36:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.28 14:36:20 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.28 14:36:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.28 14:36:20 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.28 14:36:19 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.28 14:36:19 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.28 14:36:19 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.28 14:35:42 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.28 14:35:42 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.28 14:35:42 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.28 14:35:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.28 14:35:42 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.28 14:35:42 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.28 14:35:42 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.28 14:35:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.28 14:35:42 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.28 14:35:42 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.28 14:35:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.28 14:35:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.28 14:35:42 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.28 14:35:41 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.28 14:35:41 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.28 14:35:41 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.28 14:35:41 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.28 14:35:41 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.28 14:35:41 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.28 14:35:41 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.28 14:35:41 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.28 14:35:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.28 13:39:01 | 001,403,590 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2013.03.28 08:26:34 | 000,001,651 | ---- | M] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.03.26 12:44:17 | 000,357,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.26 09:21:55 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013.03.25 17:02:59 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.25 04:16:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.03.25 04:16:06 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2013.03.24 20:18:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.24 19:35:15 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.03.24 19:28:15 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.24 19:28:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.24 19:28:15 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.24 19:28:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.24 19:28:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.24 19:28:15 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.24 19:16:57 | 000,001,103 | ---- | M] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013.03.24 19:10:44 | 000,001,066 | ---- | M] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk
[2013.03.24 19:10:44 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.03.24 19:10:09 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.03.24 19:00:18 | 000,000,602 | ---- | M] () -- C:\Users\Razvan\Desktop\Battlefield.lnk
[2013.03.24 18:54:06 | 000,000,839 | ---- | M] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.03.24 18:39:13 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2013.03.24 18:38:49 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2013.03.24 18:23:37 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2013.03.24 18:21:06 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.03.07 01:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.03.07 01:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.03.07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.03.07 01:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.07 01:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 07:56:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 07:41:02 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.04.01 07:41:01 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.03.31 19:16:37 | 000,002,225 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.03.31 19:16:37 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.31 19:16:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.31 19:16:23 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 11:12:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.31 11:12:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.31 11:12:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.31 11:12:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.31 11:12:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.28 14:36:20 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.28 13:30:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0347.old
[2013.03.28 11:46:39 | 001,403,590 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2013.03.27 16:25:14 | 000,343,808 | ---- | C] () -- C:\Windows\System32\drivers\snpstd2.sys
[2013.03.27 16:25:14 | 000,307,200 | ---- | C] () -- C:\Windows\vsnpstd2.exe
[2013.03.27 16:25:14 | 000,065,536 | ---- | C] () -- C:\Windows\amcap.exe
[2013.03.27 16:25:14 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd2.dll
[2013.03.27 16:25:14 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd2.dll
[2013.03.27 16:25:14 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\dsnpstd2.ax
[2013.03.27 16:25:14 | 000,015,532 | ---- | C] () -- C:\Windows\snpstd2.ini
[2013.03.27 16:25:14 | 000,013,023 | ---- | C] () -- C:\Windows\snpstd2.src
[2013.03.27 16:25:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd2.dll
[2013.03.25 16:26:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.03.25 16:26:01 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.03.25 16:25:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.03.25 16:25:12 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013.03.25 16:25:08 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013.03.25 04:16:07 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013.03.25 04:16:06 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
[2013.03.25 04:16:05 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013.03.24 23:04:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.24 23:04:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.24 20:18:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.24 19:35:15 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.03.24 19:16:57 | 000,001,103 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013.03.24 19:10:44 | 000,001,066 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk
[2013.03.24 19:10:44 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2013.03.24 19:10:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.03.24 19:00:18 | 000,000,602 | ---- | C] () -- C:\Users\Razvan\Desktop\Battlefield.lnk
[2013.03.24 18:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.24 18:54:06 | 000,000,839 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.03.24 18:39:13 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2013.03.24 18:38:49 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2013.03.24 18:38:33 | 000,012,288 | ---- | C] () -- C:\Windows\System32\CNC173AD.TBL
[2013.03.24 18:38:16 | 000,001,651 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.03.24 18:33:40 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.03.24 18:25:33 | 000,001,657 | ---- | C] () -- C:\Users\Razvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.24 18:25:08 | 000,000,290 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013.03.24 18:25:08 | 000,000,272 | ---- | C] () -- C:\Users\Razvan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013.03.24 18:23:37 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2013.03.24 18:20:55 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.24 18:20:47 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.03.24 18:17:19 | 1609,965,568 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
 
< End of report >


#11 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 04 April 2013 - 02:27 AM

OTL Extras logfile created on: 04.04.2013 10:14:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Razvan\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
4,00 Gb Paging File | 2,97 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 116,00 Gb Free Space | 79,19% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 145,15 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 155,86 Gb Free Space | 90,20% Space Free | Partition Type: NTFS
 
Computer Name: RAZVAN_SUFRAGER | User Name: Razvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1275954205-4142111476-191088982-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ED6110-4B3A-4E09-B806-B6F18F43E80F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{071BA413-C1A1-4978-9938-03672E0C49D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F644C96-2681-4A97-8197-19B9F1BFAD96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1294D57C-C508-4FE1-AA8A-BBFB31F2CAA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{199279C5-8FDD-40F0-92B2-A098CA96A292}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3ACA6C38-6210-4A9B-9E65-1D639D3A91C6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{473781D8-3198-4C3B-B2CC-A4170A2F3EAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F6B60AC-0EC6-489D-86C6-4651B8FAAD3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55642445-95B7-497B-8493-C19F47A8AAB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63A068E6-A774-4E60-AD96-57FF498B2530}" = lport=138 | protocol=17 | dir=in | app=system | 
"{727B467B-4D3F-4880-9248-3C895C168440}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8778B656-865B-4919-830C-567194486D3F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E90E616-5160-4A81-B534-B0D1F2D42718}" = rport=139 | protocol=6 | dir=out | app=system | 
"{954BC4D6-B9CF-4B4C-9770-9BCB927CEABB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96737918-D544-415C-9C30-849C5C9C8569}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9AF34281-D311-4B8F-BB17-18E6777654A2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C3D512C5-BBA7-4B09-A9D6-B3665B8C3DB7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6C4B4BE-C5F5-43DE-8D87-993103DF8CD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDE268EC-6035-4B29-89F8-4E2A416204C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E186DC51-ECE2-48AB-AD45-919BC8506D6A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EE026E68-7073-484E-960B-78BE8450AE41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD42DA-F50E-4A52-B156-2BCFC1AE3238}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{04CC9290-CFD4-4AEF-83A5-E2641F5B0B1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1371F820-6078-4E92-9FD2-65E8D6A9448F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1B7F7F54-36E9-454F-80FB-11F25FE18627}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{28997D14-A9BF-4F38-B641-13AA0332DE83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FDEB469-F8DD-48AA-B4F2-F307112BF7B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3121CF9E-EDE5-4B8E-B91E-8A14FAA59E10}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{38077DD1-FB45-4C3A-877B-85EB62F60CD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F64D12D-C75A-49F9-922F-3572DF30D485}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4335F255-179A-4B41-96E7-0C3A43360B4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4536D9D4-4EBD-457A-8A5B-9ED803E8558B}" = protocol=6 | dir=out | app=system | 
"{63BC51A9-8EA8-4CB1-8FB7-A4C00FC18057}" = protocol=17 | dir=in | app=c:\users\razvan\appdata\roaming\utorrent\utorrent.exe | 
"{79E27F54-2E27-43D6-9130-81637C300E31}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"{7A6F744A-35B4-422E-98DC-6D32A6E4AF85}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{810E74C7-CD3F-4036-895E-69E781FE3ED5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{881C6584-A028-4F85-B7C2-447C8D944B26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ACD9CECF-E12F-47CA-AC9A-4F3FE03D24A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C943EF4B-F80D-4666-BB6A-A12F5A1B43AF}" = protocol=6 | dir=in | app=c:\users\razvan\appdata\roaming\utorrent\utorrent.exe | 
"{D01D8AFD-8A94-4F27-ACC8-21D8CFEDC52C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{E201E6A0-3CD7-49CF-A27F-FDAE0C46C6BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4C10FE8-BF56-484D-9D52-5515424405E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE62F364-7B7D-4435-A83E-77588BEDE63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5FB8ED2-5FD6-4D22-9F65-9B66B3D897E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{CD0C9457-776C-4B17-B1AD-82710995AEDF}E:\games\tanky\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\tanky\worldoftanks.exe | 
"TCP Query User{DD9BA48F-A7E5-4643-AF14-AC4F5540978B}E:\games\steam\steamapps\razzz986\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\razzz986\team fortress 2\hl2.exe | 
"TCP Query User{E4682275-0FBD-46C0-9AA6-0617E714DBB2}E:\games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=e:\games\battlefield 2\bf2.exe | 
"TCP Query User{F9A30D42-A839-4D50-A9D3-97C281F138FD}F:\easysetupassistant\wr941n\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\wr941n\easysetupassistant.exe | 
"UDP Query User{20625E15-4B9B-4085-87BF-EE46419431FA}E:\games\steam\steamapps\razzz986\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\razzz986\team fortress 2\hl2.exe | 
"UDP Query User{2721A045-E960-477B-8B5A-AA251A93D4DD}F:\easysetupassistant\wr941n\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\wr941n\easysetupassistant.exe | 
"UDP Query User{3168DBDE-A7B2-4F6C-80EC-517E42F53FFE}E:\games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=e:\games\battlefield 2\bf2.exe | 
"UDP Query User{35EC46AB-B019-4C52-8847-F7AA790FB8B3}E:\games\tanky\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\tanky\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0939D72F-1348-49F2-941A-8DEE1CF8E2A8}" = Trek 310
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"Steam App 440" = Team Fortress 2
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.00 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 03.04.2013 13:34:42 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7001
Description = Serviciul UPnP Device Host depinde de serviciul SSDP Discovery care
 nu a pornit din cauza erorii următoare:   %%1058
 
Error - 04.04.2013 03:07:35 | Computer Name = Razvan_sufrager | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
 
Error - 04.04.2013 03:08:02 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7026
Description = Următoarele drivere boot-start sau system-start nu s-au încărcat: 
  sptd
 
Error - 04.04.2013 03:08:21 | Computer Name = Razvan_sufrager | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.04.2013 03:08:21 | Computer Name = Razvan_sufrager | Source = DCOM | ID = 10005
Description = 
 
Error - 04.04.2013 03:08:21 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7001
Description = Serviciul UPnP Device Host depinde de serviciul SSDP Discovery care
 nu a pornit din cauza erorii următoare:   %%1058
 
Error - 04.04.2013 03:08:21 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7001
Description = Serviciul UPnP Device Host depinde de serviciul SSDP Discovery care
 nu a pornit din cauza erorii următoare:   %%1058
 
Error - 04.04.2013 03:10:04 | Computer Name = Razvan_sufrager | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.04.2013 03:10:04 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7001
Description = Serviciul UPnP Device Host depinde de serviciul SSDP Discovery care
 nu a pornit din cauza erorii următoare:   %%1058
 
Error - 04.04.2013 03:10:04 | Computer Name = Razvan_sufrager | Source = Service Control Manager | ID = 7001
Description = Serviciul UPnP Device Host depinde de serviciul SSDP Discovery care
 nu a pornit din cauza erorii următoare:   %%1058
 
 
< End of report >


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 04 April 2013 - 02:52 AM


Hello razz86

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 April 2013 - 12:35 AM

its not the chrome 

its internet explorer 10 the problem...but if i am not using internet explorer 10 ....is this qvo6 virus still in my computer?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 05 April 2013 - 12:42 AM


Hello razz86

I am not seeing it in the reports that is why I am asking - can you check to see if it is in IE

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 razz86

razz86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 05 April 2013 - 02:52 PM

ComboFix 13-04-05.01 - Razvan 05.04.2013  22:44:14.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.40.1033.18.2047.1092 [GMT 3:00]
Running from: c:\users\Razvan\Desktop\ComboFix.exe
Command switches used :: c:\users\Razvan\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-05 to 2013-04-05  )))))))))))))))))))))))))))))))
.
.
2013-04-05 19:50 . 2013-04-05 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 08:15 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C59F3F83-37A0-4A37-8E07-08DB744B5D25}\mpengine.dll
2013-04-01 05:01 . 2010-04-24 02:00 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2013-04-01 04:59 . 2013-04-01 04:59 -------- d-----w- c:\windows\ro-RO
2013-04-01 04:59 . 2013-04-01 04:59 -------- d-----w- c:\windows\system32\wbem\ro-RO
2013-04-01 04:59 . 2013-04-01 04:59 -------- d-----w- c:\windows\system32\drivers\ro-RO
2013-04-01 04:56 . 2013-04-01 04:56 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-01 04:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-04-01 04:49 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-01 04:49 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-01 04:49 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-04-01 04:49 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-01 04:41 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-01 04:41 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-01 04:41 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-01 04:41 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-01 04:41 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-01 04:41 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-01 04:41 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-01 04:40 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-01 04:40 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-01 04:40 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-01 04:40 . 2013-04-01 04:40 -------- d-----w- c:\program files\AVAST Software
2013-04-01 04:39 . 2013-04-01 04:40 -------- d-----w- c:\programdata\AVAST Software
2013-03-31 17:03 . 2013-04-04 07:43 -------- d-----w- c:\program files\Common Files\Steam
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- c:\program files\Enigma Software Group
2013-03-28 12:54 . 2013-03-28 13:16 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-28 12:54 . 2013-03-28 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-03-28 12:33 . 2013-03-28 12:33 -------- d-----w- c:\programdata\TuneUp Software
2013-03-28 12:33 . 2013-03-28 12:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-28 11:52 . 2013-03-28 11:52 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-28 11:35 . 2013-03-28 11:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 11:17 . 2013-03-28 11:17 -------- d-----w- c:\windows\ERUNT
2013-03-28 11:17 . 2013-03-30 16:41 -------- d-----w- C:\JRT
2013-03-28 10:30 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll0347.old
2013-03-28 10:30 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll0347.old
2013-03-28 10:30 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll0347.old
2013-03-28 09:56 . 2013-03-28 10:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-28 09:55 . 2013-03-28 10:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-28 09:10 . 2013-03-28 18:27 -------- d-----w- c:\programdata\MFAData
2013-03-28 09:10 . 2013-03-28 09:10 -------- d--h--w- c:\programdata\Common Files
2013-03-28 09:09 . 2013-03-28 11:04 -------- d-----w- c:\program files\PC Tools Security
2013-03-28 08:46 . 2013-03-28 11:04 -------- d-----w- c:\program files\Common Files\PC Tools
2013-03-28 08:46 . 2013-03-28 08:47 -------- d-----w- c:\program files\PC Tools
2013-03-28 08:46 . 2012-11-01 13:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-03-28 08:44 . 2013-03-28 11:01 -------- d-----w- c:\programdata\PC Tools
2013-03-28 06:37 . 2013-03-28 06:37 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 05:26 . 2013-04-01 04:56 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-28 05:26 . 2013-03-28 05:26 -------- d-----w- c:\windows\system32\Macromed
2013-03-28 05:26 . 2013-03-28 10:16 -------- d-----w- c:\programdata\eSafe
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\program files\Common Files\Trek310
2013-03-27 13:25 . 2007-06-26 08:06 343808 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2013-03-27 13:25 . 2007-04-13 11:52 307200 ----a-w- c:\windows\vsnpstd2.exe
2013-03-27 13:25 . 2007-03-29 13:07 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2013-03-27 13:25 . 2007-03-29 12:52 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2013-03-27 13:25 . 2004-09-24 14:24 57344 ----a-w- c:\windows\system32\rsnpstd2.dll
2013-03-27 13:25 . 2003-08-05 11:48 65536 ----a-w- c:\windows\amcap.exe
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\windows\Album
2013-03-27 13:25 . 2013-03-27 13:25 -------- d-----w- c:\program files\Trek 310
2013-03-27 13:25 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd2.dll
2013-03-27 12:59 . 2013-03-27 13:04 -------- d-----w- C:\XP
2013-03-25 20:20 . 2013-03-25 20:20 -------- d-----w- c:\windows\system32\SPReview
2013-03-25 20:19 . 2013-03-25 20:19 -------- d-----w- c:\windows\system32\EventProviders
2013-03-25 14:02 . 2013-03-25 14:02 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-25 14:02 . 2013-03-25 14:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-03-25 14:02 . 2013-03-25 14:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-25 13:59 . 2013-03-25 14:00 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-03-25 13:25 . 2010-11-20 12:21 381440 ----a-w- c:\windows\system32\wer.dll
2013-03-25 13:24 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-03-25 13:24 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-03-25 13:24 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-03-25 13:24 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-03-25 07:04 . 2013-03-25 07:04 -------- d-----w- c:\windows\system32\Wat
2013-03-25 01:16 . 2013-03-28 11:39 -------- d-----w- c:\windows\Panther
2013-03-25 01:16 . 2013-03-26 06:30 -------- d-----w- C:\Boot
2013-03-25 01:09 . 2013-03-25 01:09 -------- d-----w- C:\Windows.old
2013-03-24 20:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-03-24 20:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-24 20:31 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-03-24 20:04 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-24 20:04 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-24 20:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-24 20:04 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-24 20:04 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-24 20:04 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-24 20:04 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-24 20:04 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-24 20:04 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-24 20:04 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-24 20:03 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-24 20:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-24 20:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-24 20:01 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-24 17:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-03-24 17:35 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2013-03-24 17:35 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-03-24 17:32 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 17:31 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-03-24 17:18 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-03-24 17:17 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-03-24 17:17 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-03-24 17:17 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2013-03-24 17:13 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-24 17:13 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-03-24 17:13 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-24 17:13 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-03-24 17:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-03-24 17:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-03-24 17:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-03-24 17:13 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-24 17:13 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----w- c:\program files\Common Files\Skype
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----r- c:\program files\Skype
2013-03-24 16:35 . 2013-03-24 16:35 -------- d-----w- c:\programdata\Skype
2013-03-24 16:34 . 2013-03-24 16:34 -------- d-----w- c:\program files\AGEIA Technologies
2013-03-24 16:34 . 2013-03-24 16:34 -------- d-----w- c:\users\UpdatusUser
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\CCleaner
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\Common Files\Java
2013-03-24 16:28 . 2013-03-24 16:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-24 16:28 . 2013-03-24 16:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-24 16:28 . 2013-03-24 16:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 16:28 . 2013-03-24 16:28 -------- d-----w- c:\program files\Java
2013-03-24 16:11 . 2013-03-24 16:11 -------- d-----w- c:\program files\MSECache
2013-03-24 16:10 . 2013-03-26 07:05 -------- d-----w- c:\program files\PokerStars.EU
2013-03-24 16:10 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 06:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-02-12 04:48 . 2013-03-26 10:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-26 10:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 00:35 . 2010-12-12 21:28 4115232 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:35 . 2010-12-12 21:28 3010336 ----a-w- c:\windows\system32\nvsvc.dll
2013-02-10 00:35 . 2010-12-12 21:28 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 00:35 . 2010-12-12 21:29 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:35 . 2010-12-12 21:28 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-02-09 16:43 . 2013-02-09 16:43 555808 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-10 07:25 . 2013-01-10 07:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"snpstd2"="c:\windows\vsnpstd2.exe" [2007-04-13 307200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-25 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ   GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-31 16:16 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 04:56]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 16:16]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 16:16]
.
.
------- Supplementary Scan -------
.
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-05  22:51:14
ComboFix-quarantined-files.txt  2013-04-05 19:51
ComboFix2.txt  2013-03-31 08:20
.
Pre-Run: 125.469.880.320 bytes free
Post-Run: 125.429.383.168 bytes free
.
- - End Of File - - A500561CFF817160179BD5C1A7665D6D





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users