Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG warnings about nsc0d8.tmpagent.ymu


  • This topic is locked This topic is locked
15 replies to this topic

#1 wowac

wowac

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 08 February 2012 - 09:50 PM

Hi all,

Was told to post to this forum in order to find an answer. Here is the original thread.

I can't seem to find nsc0d8.tmpagent.ymu when I search for it. AVG was spamming me with warnings saying that it was a severe trojan and I could quarantine it or let it go. I tried searching the 'net for the file name and all I found were a few other descriptions of ymu files.

Here's what happened:

Started running the install package for Finale 2012 (trial version) from their main website
AVG began warning me multiple times about nsc0d8.tmpagent.ymu in my user local temp files
I tried to quarantine the file, yet every time I would click quarantine, another 3-4 warnings would pop up
I attempted to bypass it but the warnings would stay on top of all of active windows
Ended up trying to task manager end process & service and it would go unresponsive yet never close
Ran AVG to see if it would flag anything - said my system was clean
Shut down and rebooted into safe mode w/ networking
Ran AVG again - said I was clean
Finale installation went fine before rebooting, works great, and is the 100% legitimate trial

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 23:24:01
-----------------------------
23:24:01.630 OS Version: Windows x64 6.1.7600
23:24:01.631 Number of processors: 4 586 0x2A07
23:24:01.631 ComputerName: xxxx-PC UserName: xxxx
23:24:02.327 Initialze error C000010E - driver not loaded
23:24:03.977 AVAST engine defs: 12020701
23:24:05.059 Service scanning
23:24:05.994 Modules scanning
23:24:05.996 Disk 0 trace - called modules:
23:24:05.998
23:24:08.358 AVAST engine scan C:\Windows
23:24:14.881 AVAST engine scan C:\Windows\system32
23:25:55.885 AVAST engine scan C:\Windows\system32\drivers
23:26:06.857 AVAST engine scan C:\Users\xxxx
23:29:50.717 AVAST engine scan C:\ProgramData
23:30:07.229 Scan finished successfully
23:30:18.912 The log file has been saved successfully to "C:\Users\xxxx\Downloads\aswMBR.txt"


---------------------------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by xxxx at 21:35:46 on 2012-02-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8169.6433 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
uRun: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe -s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
TCP: Interfaces\{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04} : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
TCP: Interfaces\{C8F95E57-5E66-4067-8479-61FCABF78525} : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qufp0x8f.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-5 586880]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-5 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-7 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-4 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-08 04:31:09 -------- d-----w- C:\Users\xxxx\AppData\Roaming\Malwarebytes
2012-02-08 04:31:06 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-08 04:31:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-08 04:31:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-08 01:13:13 -------- d-----w- C:\Users\xxxx\AppData\Roaming\MakeMusic
2012-02-08 00:52:46 -------- d-----w- C:\ProgramData\MakeMusic
2012-02-08 00:52:33 -------- d-----w- C:\PSFONTS
2012-02-07 23:34:06 30208 ----a-w- C:\Windows\System32\drivers\AegisP.sys
2012-02-07 23:34:01 13931 ----a-w- C:\Windows\SysWow64\drivers\RaCoInst.dat
2012-02-07 23:33:59 870400 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
2012-02-07 23:33:59 303616 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-02-07 23:33:59 -------- d-----w- C:\Program Files (x86)\Medialink
2012-02-06 08:11:52 -------- d--h--w- C:\$AVG
2012-02-05 23:37:19 -------- d-----w- C:\Users\xxxx\AppData\Roaming\Garritan
2012-02-05 17:42:45 -------- d-----w- C:\Users\xxxx\AppData\Local\SWTOR
2012-02-05 17:41:14 -------- dc----w- C:\Users\xxxx\AppData\Local\MigWiz
2012-02-05 17:29:06 -------- d-----w- C:\Users\xxxx\AppData\Local\Apple Computer
2012-02-05 16:58:02 -------- d-----w- C:\Program Files\Star Wars-The Old Republic
2012-02-05 15:59:22 -------- d-----w- C:\Program Files\PeerBlock
2012-02-05 15:56:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 13:48:09 1032112 ----a-w- C:\Windows\PE_Rom.dll
2012-02-05 13:47:13 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2012-02-05 13:44:09 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2012-02-05 13:44:05 94208 ------w- C:\Windows\SysWow64\IccLibDll.dll
2012-02-05 13:39:17 14464 ----a-w- C:\Windows\System32\drivers\AiChargerPlus.sys
2012-02-05 13:38:17 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2012-02-05 13:38:03 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-05 13:38:03 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-05 13:38:03 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-05 13:38:03 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-05 13:37:36 -------- d-----w- C:\ProgramData\ASUS
2012-02-05 13:37:31 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
2012-02-05 13:37:31 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2012-02-05 13:37:31 -------- d-----w- C:\Program Files (x86)\ASUS
2012-02-05 13:37:30 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2012-02-05 13:24:11 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-05 13:24:11 -------- d-----w- C:\Windows\System32\Wat
2012-02-05 13:14:27 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-05 13:14:27 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-05 13:12:06 -------- d-----w- C:\Program Files\Core Temp
2012-02-05 13:10:28 -------- d--h--w- C:\Windows\msdownld.tmp
2012-02-05 13:10:28 -------- d-----w- C:\Windows\SysWow64\directx
2012-02-05 13:08:35 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-05 13:08:35 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-05 13:03:07 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-05 13:03:07 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-05 13:03:07 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-05 13:03:07 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-05 13:03:07 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-05 13:03:07 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-05 13:03:07 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-05 13:03:07 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-05 13:03:07 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-05 13:03:07 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-05 12:56:42 -------- d-----w- C:\Users\xxxx\AppData\Roaming\AVG2012
2012-02-05 12:56:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-05 12:55:39 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-05 12:55:27 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-02-05 12:55:27 -------- d-----w- C:\ProgramData\AVG2012
2012-02-05 12:54:52 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-05 12:54:37 -------- d-----w- C:\Users\xxxx\AppData\Roaming\Intel Corporation
2012-02-05 08:08:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-02-05 08:07:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-02-05 08:06:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-02-05 08:05:51 640896 ----a-w- C:\Windows\System32\winload.efi
2012-02-05 08:04:57 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-02-05 07:44:23 -------- d--h--w- C:\ProgramData\Common Files
2012-02-05 07:38:52 -------- d-----w- C:\ProgramData\MFAData
2012-02-05 07:36:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-05 07:36:50 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-05 07:36:50 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-05 07:36:50 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-02-05 07:35:04 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-02-05 07:34:45 -------- d-----w- C:\Program Files (x86)\Marvell
2012-02-05 07:34:05 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-02-05 01:45:00 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-02-05 01:45:00 -------- d-----w- C:\Program Files\Realtek
2012-02-05 01:40:52 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2012-02-05 01:37:59 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-02-05 01:37:59 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-02-05 01:37:59 1452648 ----a-w- C:\Windows\System32\nvhdagenco6420102.dll
2012-02-05 01:30:45 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-02-05 01:30:36 837952 ----a-r- C:\Windows\System32\easyupdatusapiu64.dll
2012-02-05 01:30:36 5067584 ----a-r- C:\Windows\System32\nvsvc64.dll
2012-02-05 01:30:36 3074368 ----a-r- C:\Windows\System32\nvsvcr.dll
2012-02-05 01:30:36 222528 ----a-r- C:\Windows\System32\nvmctray.dll
2012-02-05 01:30:36 1640768 ----a-r- C:\Windows\System32\nvvsvc.exe
2012-02-05 01:30:36 137536 ----a-r- C:\Windows\System32\nvshext.dll
2012-02-05 01:30:36 10406208 ----a-r- C:\Windows\System32\nvcpl.dll
2012-02-05 01:30:33 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-05 01:30:28 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-02-05 01:30:28 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-02-05 01:28:43 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-02-05 01:27:10 -------- d-----w- C:\Users\xxxx\AppData\Local\Adobe
2012-02-05 01:21:58 -------- d-----w- C:\Windows\Panther
2012-02-05 01:08:35 -------- d--h--w- C:\$WINDOWS.~Q
2012-02-05 01:08:25 -------- d--h--w- C:\$INPLACE.~TR
2012-02-05 01:07:42 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D392CEB-9EF9-4641-88E3-5F8F638B5E5D}\mpengine.dll
2012-02-05 01:07:41 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-05 00:47:21 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-02-05 00:45:23 -------- d-----w- C:\Intel
2012-02-05 00:42:34 133800 ----a-w- C:\Windows\System32\IPROSetMonitor.exe
2012-02-05 00:42:18 314568 ----a-r- C:\Windows\System32\PROUnstl.exe
2012-02-05 00:41:44 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2012-02-05 00:41:44 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2012-02-05 00:41:44 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2012-02-05 00:41:42 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2012-02-05 00:41:11 -------- d-sh--w- C:\Windows\Installer
2012-02-04 21:38:38 -------- d-----w- C:\Users\xxxx\AppData\Local\VirtualStore
2012-02-04 21:38:18 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 21:36:41.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 11 February 2012 - 03:09 AM

Hello wowac and welcome to BC.


Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 wowac

wowac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 11 February 2012 - 10:21 AM

Hello wowac and welcome to BC.


Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.



OTL logfile created on: 2/11/2012 9:36:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 78.85% Memory free
15.95 Gb Paging File | 13.75 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 402.55 Gb Free Space | 86.45% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 276.13 Gb Free Space | 59.29% Space Free | Partition Type: NTFS

Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 09:25:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/31 13:13:44 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/20 04:50:00 | 002,253,120 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/20 04:26:00 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/12/20 11:18:48 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010/12/07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010/12/01 21:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/16 10:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
PRC - [2010/11/10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/11/08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/03 04:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010/10/21 04:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010/10/12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010/09/28 08:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
PRC - [2010/09/24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/06 03:20:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012/02/06 03:20:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2012/02/06 03:20:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorCommon.ni.dll
MOD - [2012/02/06 03:20:20 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5146ed6dcbec6f5cafc972c011e13663\IAStorUtil.ni.dll
MOD - [2012/02/06 03:20:19 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012/02/06 03:20:15 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012/02/06 03:20:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b617b586ac3aef4437fd9479a0d6ab31\System.Xml.ni.dll
MOD - [2012/02/06 03:20:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2012/02/06 03:20:10 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012/02/06 03:20:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/01/20 12:09:34 | 000,964,096 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011/01/13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011/01/12 10:53:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011/01/07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010/12/30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGO.dll
MOD - [2010/12/03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010/12/01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010/11/16 10:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
MOD - [2010/10/15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010/09/27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010/09/19 14:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll
MOD - [2010/08/22 21:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010/08/06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010/08/06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010/07/30 11:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiex.dll
MOD - [2010/07/15 20:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
MOD - [2010/07/15 20:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
MOD - [2010/07/15 20:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
MOD - [2010/06/21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010/06/21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009/05/21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2009/05/20 21:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/20 04:50:00 | 002,253,120 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/20 04:26:00 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/01 21:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/11/03 04:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/21 04:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/07 15:51:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/22 02:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/21 01:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/08/17 12:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel® Watchdog Timer Driver (Intel® WDT)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/03 14:24:28 | 000,870,400 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 60 8D D8 D8 E3 CC 01 [binary data]
IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3354430083-74819090-1019213369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/05 07:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/05 02:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/05 02:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\Mozilla\Extensions
[2012/02/05 10:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qufp0x8f.default\extensions
[2012/02/05 10:43:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qufp0x8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/05 10:49:09 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qufp0x8f.default\extensions\firefox@ghostery.com
[2012/02/05 02:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QUFP0X8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QUFP0X8F.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354430083-74819090-1019213369-1000..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
O4 - HKU\S-1-5-21-3354430083-74819090-1019213369-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3354430083-74819090-1019213369-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8F95E57-5E66-4067-8479-61FCABF78525}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53aa4847-4fcd-11e1-9516-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53aa4847-4fcd-11e1-9516-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d461f640-4f90-11e1-9a26-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d461f640-4f90-11e1-9a26-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 09:25:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2012/02/08 21:35:47 | 000,000,000 | R--D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/08 21:35:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\xxxx\Desktop\dds.scr
[2012/02/07 23:40:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/07 23:31:09 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2012/02/07 23:31:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/07 23:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/07 23:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/07 23:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/07 23:30:38 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xxxx\Desktop\mbam-setup.exe
[2012/02/07 23:11:05 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\xxxx\Desktop\aswMBR.exe
[2012/02/07 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\MakeMusic
[2012/02/07 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Finale Files
[2012/02/07 19:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
[2012/02/07 19:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic
[2012/02/07 19:52:33 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2012/02/07 19:47:47 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Deleteafter3.7.2012
[2012/02/07 18:34:06 | 000,030,208 | ---- | C] (Meetinghouse Data Communications) -- C:\Windows\SysNative\drivers\AegisP.sys
[2012/02/07 18:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medialink
[2012/02/07 18:33:59 | 000,870,400 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012/02/07 18:33:59 | 000,303,616 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012/02/07 18:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medialink
[2012/02/06 03:11:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/06 00:00:24 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/02/06 00:00:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/02/06 00:00:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/02/06 00:00:13 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/02/06 00:00:13 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/02/06 00:00:13 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/02/06 00:00:13 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/02/06 00:00:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/02/06 00:00:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/02/05 18:37:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Garritan
[2012/02/05 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\SWTOR
[2012/02/05 12:42:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\HeroBlade Logs
[2012/02/05 12:41:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\MigWiz
[2012/02/05 12:29:06 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Apple Computer
[2012/02/05 12:29:06 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Apple Computer
[2012/02/05 12:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/05 12:28:44 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/02/05 12:28:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/02/05 12:28:44 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/02/05 12:28:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/05 12:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/05 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/05 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/02/05 12:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/05 12:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/05 12:28:11 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Apple
[2012/02/05 12:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/02/05 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/02/05 12:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/05 12:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/02/05 12:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/02/05 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/02/05 11:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Star Wars-The Old Republic
[2012/02/05 10:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/02/05 10:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/02/05 10:56:58 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/05 10:56:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/05 08:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2012/02/05 08:44:09 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01009.dll
[2012/02/05 08:44:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/02/05 08:39:17 | 000,014,464 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys
[2012/02/05 08:38:17 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2012/02/05 08:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012/02/05 08:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2012/02/05 08:37:31 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012/02/05 08:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/02/05 08:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/02/05 08:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/02/05 08:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/02/05 08:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/02/05 08:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/02/05 08:10:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/02/05 08:03:07 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012/02/05 08:03:07 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012/02/05 08:03:07 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012/02/05 08:03:07 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012/02/05 08:03:07 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012/02/05 08:03:07 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012/02/05 08:03:07 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012/02/05 08:03:07 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012/02/05 07:56:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\AVG2012
[2012/02/05 07:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/05 07:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/05 07:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/05 07:55:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/05 07:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/05 07:54:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Intel Corporation
[2012/02/05 03:09:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/05 03:09:27 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/02/05 03:09:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/02/05 03:09:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/02/05 03:09:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/02/05 03:09:27 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/02/05 03:09:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/02/05 03:09:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/02/05 03:09:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/02/05 03:09:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/02/05 03:09:18 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/02/05 03:09:18 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/02/05 03:09:15 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/05 03:09:15 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/05 03:09:12 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/02/05 03:09:12 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/02/05 03:09:12 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/02/05 03:09:12 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/02/05 03:09:12 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/02/05 03:09:12 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/02/05 03:09:07 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/02/05 03:09:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/02/05 03:09:06 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/02/05 03:09:06 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/02/05 03:09:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/02/05 03:09:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/02/05 03:09:02 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/02/05 03:08:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/02/05 03:08:59 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/02/05 03:08:59 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/02/05 03:08:59 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/02/05 03:08:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/02/05 03:08:59 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/02/05 03:08:58 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/02/05 03:08:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/02/05 03:08:55 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/05 03:08:55 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/05 03:08:55 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/05 03:08:55 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/05 03:08:55 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/05 03:08:54 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/05 03:08:54 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/05 03:08:54 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/05 03:08:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/05 03:08:54 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/05 03:08:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/05 03:08:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/05 03:08:54 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/05 03:08:46 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/02/05 03:08:42 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/05 03:08:42 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/02/05 03:08:42 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/02/05 03:08:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/02/05 03:08:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/02/05 03:08:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/02/05 03:08:33 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/02/05 03:08:32 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/02/05 03:08:23 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/02/05 03:08:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/02/05 03:08:22 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/02/05 03:08:22 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/02/05 03:08:22 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/02/05 03:08:22 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/02/05 03:08:22 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/02/05 03:08:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/02/05 03:08:22 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/02/05 03:08:22 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/02/05 03:08:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/02/05 03:08:22 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/02/05 03:08:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/02/05 03:08:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/02/05 03:08:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/02/05 03:08:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/02/05 03:08:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/02/05 03:08:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/02/05 03:08:01 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/05 03:08:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/05 03:07:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/02/05 03:07:46 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/05 03:07:43 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/02/05 03:07:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/02/05 03:07:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/02/05 03:07:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/02/05 03:07:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/02/05 03:07:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/02/05 03:07:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/02/05 03:07:37 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/05 03:07:37 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/05 03:07:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/02/05 03:07:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/02/05 03:07:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/02/05 03:07:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/02/05 03:07:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/02/05 03:07:24 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/02/05 03:07:11 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/02/05 03:07:11 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/02/05 03:07:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/02/05 03:07:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/02/05 03:07:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/02/05 03:07:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/02/05 03:07:09 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/02/05 03:07:09 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/02/05 03:07:08 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/02/05 03:07:08 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/02/05 03:07:08 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/02/05 03:07:08 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/02/05 03:07:08 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/05 03:07:07 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/02/05 03:07:07 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/02/05 03:07:07 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/02/05 03:07:07 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/02/05 03:07:07 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/02/05 03:07:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/02/05 03:07:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/02/05 03:07:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/02/05 03:07:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/02/05 03:06:58 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/05 03:06:56 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/02/05 03:06:42 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/02/05 03:06:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/02/05 03:06:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/02/05 03:06:34 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/02/05 03:06:34 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/02/05 03:06:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/02/05 03:06:33 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/02/05 03:06:30 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/02/05 03:06:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/05 03:06:24 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/05 03:06:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/05 03:06:14 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/02/05 03:06:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/05 03:06:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/02/05 03:06:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/02/05 03:06:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/02/05 03:06:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/02/05 03:06:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/02/05 03:06:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/02/05 03:06:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/02/05 03:06:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/02/05 03:05:51 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/02/05 03:05:51 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/02/05 03:05:51 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/02/05 03:05:51 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/02/05 03:05:51 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/02/05 03:05:51 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/02/05 03:05:51 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/02/05 03:05:49 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/02/05 03:05:49 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/02/05 03:05:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/02/05 03:05:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/05 03:05:41 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/05 03:05:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/05 03:05:40 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/05 03:05:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/05 03:05:40 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/05 03:05:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/05 03:05:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/05 03:05:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/05 03:05:40 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/05 03:05:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/05 03:05:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/05 03:05:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/05 03:05:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/05 03:05:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/05 03:05:20 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/02/05 03:05:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/02/05 03:05:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/02/05 03:05:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/02/05 03:05:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/02/05 03:05:20 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/02/05 03:05:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/02/05 03:05:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/02/05 03:05:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/02/05 03:05:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/02/05 03:05:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/02/05 03:05:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/02/05 03:05:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/02/05 03:05:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/02/05 03:05:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/02/05 03:05:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/02/05 03:05:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/02/05 03:05:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/02/05 03:05:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/02/05 03:05:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/02/05 03:05:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/02/05 03:05:16 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/02/05 03:05:15 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/02/05 03:05:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/02/05 03:05:15 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/02/05 03:05:15 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/02/05 03:05:15 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/02/05 03:05:15 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/02/05 03:05:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/02/05 03:05:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/02/05 03:05:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/05 03:05:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/02/05 03:05:04 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/02/05 03:04:52 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/02/05 03:04:49 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/02/05 03:04:49 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/02/05 03:04:47 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/02/05 03:04:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/02/05 03:04:40 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/02/05 03:04:40 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/02/05 03:04:36 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/02/05 03:04:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/02/05 03:04:32 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/02/05 03:04:31 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/02/05 03:04:31 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/05 03:04:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/02/05 03:04:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/05 02:44:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/05 02:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/05 02:37:22 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Mozilla
[2012/02/05 02:37:22 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Mozilla
[2012/02/05 02:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/05 02:36:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/02/05 02:36:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/02/05 02:36:50 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/02/05 02:35:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/02/05 02:35:04 | 000,438,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/02/05 02:35:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\InstallShield
[2012/02/05 02:34:50 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2012/02/05 02:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/02/05 02:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012/02/05 02:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012/02/05 02:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/04 20:45:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/02/04 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/04 20:44:52 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/02/04 20:44:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/02/04 20:44:52 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/02/04 20:44:52 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012/02/04 20:44:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/02/04 20:44:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/02/04 20:44:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/02/04 20:44:52 | 000,118,464 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012/02/04 20:44:52 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012/02/04 20:44:52 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012/02/04 20:44:52 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/02/04 20:44:51 | 002,654,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/02/04 20:44:51 | 002,096,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/02/04 20:44:51 | 001,242,728 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/02/04 20:44:51 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/02/04 20:44:51 | 000,618,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/02/04 20:44:51 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/02/04 20:44:50 | 000,561,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012/02/04 20:44:50 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/02/04 20:44:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/02/04 20:44:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/02/04 20:44:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/02/04 20:44:50 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/02/04 20:44:50 | 000,082,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/02/04 20:44:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/02/04 20:44:49 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/02/04 20:44:49 | 001,770,328 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/02/04 20:44:49 | 001,716,368 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/02/04 20:44:49 | 000,419,472 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/02/04 20:44:49 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/02/04 20:44:49 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/02/04 20:44:49 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/02/04 20:44:49 | 000,125,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/02/04 20:44:49 | 000,106,640 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/02/04 20:44:49 | 000,072,336 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/02/04 20:44:47 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/02/04 20:44:47 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/02/04 20:44:47 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/02/04 20:44:46 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/02/04 20:44:46 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/02/04 20:44:46 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/02/04 20:44:46 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/02/04 20:44:46 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/02/04 20:44:46 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/02/04 20:44:46 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/02/04 20:44:46 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/02/04 20:44:46 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/02/04 20:44:46 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/02/04 20:44:46 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/02/04 20:44:46 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/02/04 20:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/02/04 20:44:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/04 20:44:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/02/04 20:44:43 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/02/04 20:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/02/04 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
[2012/02/04 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2012/02/04 20:39:40 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/02/04 20:39:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/02/04 20:39:40 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/02/04 20:39:40 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/02/04 20:39:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/02/04 20:39:40 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/02/04 20:39:40 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/02/04 20:39:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/02/04 20:39:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/02/04 20:39:40 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/02/04 20:39:40 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/02/04 20:39:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/02/04 20:39:39 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/02/04 20:39:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/02/04 20:39:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/02/04 20:39:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/02/04 20:39:39 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/02/04 20:39:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/02/04 20:39:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/02/04 20:39:39 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/02/04 20:39:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/02/04 20:39:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/02/04 20:39:38 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/02/04 20:39:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/02/04 20:39:38 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/02/04 20:39:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/02/04 20:39:38 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/02/04 20:39:38 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/02/04 20:39:38 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/02/04 20:39:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/02/04 20:39:38 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/02/04 20:39:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/02/04 20:39:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/02/04 20:39:38 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/02/04 20:39:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/02/04 20:39:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/02/04 20:39:37 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/02/04 20:39:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/02/04 20:39:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/02/04 20:39:37 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/02/04 20:39:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/02/04 20:39:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012/02/04 20:39:37 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/02/04 20:39:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012/02/04 20:39:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/02/04 20:39:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/02/04 20:39:36 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/02/04 20:39:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/02/04 20:39:36 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/02/04 20:39:36 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/02/04 20:39:36 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/02/04 20:39:36 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/02/04 20:39:36 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/02/04 20:39:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/02/04 20:39:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/02/04 20:39:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/02/04 20:39:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/02/04 20:39:36 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/02/04 20:39:36 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/02/04 20:39:36 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/02/04 20:39:36 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/02/04 20:39:36 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/02/04 20:39:36 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/02/04 20:39:36 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/02/04 20:39:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/02/04 20:39:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/02/04 20:39:36 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/02/04 20:39:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/02/04 20:39:36 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/02/04 20:39:36 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/02/04 20:39:36 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/02/04 20:39:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/02/04 20:39:35 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/02/04 20:39:35 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/02/04 20:39:35 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/02/04 20:39:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/02/04 20:39:35 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/02/04 20:39:35 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/02/04 20:39:35 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/02/04 20:39:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/02/04 20:39:35 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/02/04 20:39:35 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/02/04 20:39:34 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/02/04 20:39:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/02/04 20:39:34 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/02/04 20:39:34 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/02/04 20:39:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/02/04 20:39:34 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/02/04 20:39:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/02/04 20:39:34 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/02/04 20:39:34 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/02/04 20:39:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/02/04 20:39:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/02/04 20:39:34 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/02/04 20:39:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/02/04 20:39:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/02/04 20:39:34 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/02/04 20:39:34 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/02/04 20:39:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/02/04 20:39:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/02/04 20:39:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/02/04 20:39:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/02/04 20:39:33 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/02/04 20:39:33 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/02/04 20:39:33 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/02/04 20:39:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/02/04 20:39:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/02/04 20:39:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/02/04 20:39:33 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/02/04 20:39:33 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/02/04 20:39:32 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/02/04 20:39:32 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/02/04 20:39:32 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/02/04 20:39:32 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/02/04 20:39:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/02/04 20:39:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/02/04 20:39:32 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/02/04 20:39:32 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/02/04 20:39:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/02/04 20:39:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/02/04 20:39:32 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/02/04 20:39:32 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/02/04 20:39:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/02/04 20:39:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/02/04 20:39:32 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/02/04 20:39:32 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/02/04 20:39:32 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/02/04 20:39:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/02/04 20:39:32 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/02/04 20:39:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/02/04 20:39:31 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/02/04 20:39:31 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/02/04 20:39:31 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/02/04 20:39:31 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/02/04 20:39:31 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/02/04 20:39:31 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/02/04 20:39:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/02/04 20:39:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/02/04 20:39:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/02/04 20:39:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/02/04 20:39:31 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/02/04 20:39:31 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/02/04 20:39:31 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/02/04 20:39:31 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/02/04 20:39:31 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/02/04 20:39:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/02/04 20:39:31 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/02/04 20:39:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/02/04 20:39:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/02/04 20:39:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/02/04 20:39:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/02/04 20:39:30 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/02/04 20:39:30 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/02/04 20:39:30 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/02/04 20:39:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/02/04 20:39:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/02/04 20:39:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/02/04 20:39:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/02/04 20:39:30 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/02/04 20:39:30 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/02/04 20:39:30 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/02/04 20:39:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/02/04 20:39:30 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/02/04 20:39:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/02/04 20:39:29 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/02/04 20:39:29 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/02/04 20:39:28 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/02/04 20:39:28 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/02/04 20:39:28 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/02/04 20:39:28 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/02/04 20:39:28 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/02/04 20:39:28 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/02/04 20:39:28 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/02/04 20:39:28 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/02/04 20:39:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/02/04 20:39:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/02/04 20:39:28 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/02/04 20:39:28 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/02/04 20:39:28 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/02/04 20:39:28 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/02/04 20:39:27 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/02/04 20:39:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/02/04 20:37:59 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2012/02/04 20:37:59 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/02/04 20:37:59 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/02/04 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/02/04 20:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/04 20:30:36 | 010,406,208 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/02/04 20:30:36 | 005,067,584 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/02/04 20:30:36 | 003,074,368 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/02/04 20:30:36 | 000,837,952 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012/02/04 20:30:36 | 000,222,528 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/02/04 20:30:36 | 000,137,536 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/02/04 20:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/02/04 20:30:28 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/02/04 20:30:28 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/02/04 20:29:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/02/04 20:29:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/02/04 20:29:38 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/02/04 20:29:37 | 007,042,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/02/04 20:29:35 | 024,743,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/02/04 20:29:34 | 018,872,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/02/04 20:29:30 | 015,694,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/02/04 20:29:28 | 013,205,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/02/04 20:29:27 | 002,543,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/02/04 20:29:27 | 002,401,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/02/04 20:29:27 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/02/04 20:29:27 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/02/04 20:29:26 | 005,581,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/02/04 20:29:25 | 007,585,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/02/04 20:29:23 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/02/04 20:29:20 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/02/04 20:29:20 | 002,808,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/02/04 20:29:19 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/02/04 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/02/04 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/04 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Macromedia
[2012/02/04 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Adobe
[2012/02/04 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Adobe
[2012/02/04 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/02/04 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/04 20:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/04 20:21:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/04 20:08:35 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/02/04 20:08:25 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012/02/04 19:47:21 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/02/04 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/02/04 19:45:23 | 000,000,000 | ---D | C] -- C:\Intel
[2012/02/04 19:42:34 | 000,133,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IPROSetMonitor.exe
[2012/02/04 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/02/04 19:42:18 | 000,314,568 | R--- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2012/02/04 19:41:44 | 000,313,520 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1c62x64.sys
[2012/02/04 19:41:44 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1cmsg.dll
[2012/02/04 19:41:44 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2012/02/04 19:41:42 | 000,091,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstC.dll
[2012/02/04 19:41:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/04 19:34:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/04 19:32:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/04 17:27:14 | 000,000,000 | --SD | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Videos
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Saved Games
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Pictures
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Music
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Links
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Favorites
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Downloads
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Documents
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Desktop
[2012/02/04 17:27:14 | 000,000,000 | R--D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\AppData\Local\Temporary Internet Files
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Templates
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Start Menu
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\SendTo
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Recent
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\PrintHood
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\NetHood
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Documents\My Videos
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Documents\My Pictures
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Documents\My Music
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\My Documents
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Local Settings
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\AppData\Local\History
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Cookies
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\Application Data
[2012/02/04 17:27:14 | 000,000,000 | -HSD | C] -- C:\Users\xxxx\AppData\Local\Application Data
[2012/02/04 17:27:14 | 000,000,000 | -H-D | C] -- C:\Users\xxxx\AppData
[2012/02/04 17:27:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Temp
[2012/02/04 17:27:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Microsoft
[2012/02/04 17:27:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Media Center Programs
[2012/02/04 17:23:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/04 16:38:49 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Searches
[2012/02/04 16:38:49 | 000,000,000 | R--D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/04 16:38:49 | 000,000,000 | -H-D | C] -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/04 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Identities
[2012/02/04 16:38:39 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Contacts
[2012/02/04 16:38:38 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\VirtualStore
[2012/02/04 16:38:18 | 000,000,000 | -HSD | C] -- C:\Recovery
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 09:25:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2012/02/11 02:36:12 | 088,657,622 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/11 01:21:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/09 02:45:31 | 000,064,122 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/08 21:40:15 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 21:40:15 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 21:37:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/08 21:37:22 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/08 21:37:22 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/08 21:35:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\xxxx\Desktop\dds.scr
[2012/02/08 21:32:53 | 2129,334,271 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 21:28:29 | 000,000,000 | ---- | M] () -- C:\Users\xxxx\defogger_reenable
[2012/02/08 21:28:14 | 000,050,477 | ---- | M] () -- C:\Users\xxxx\Desktop\Defogger.exe
[2012/02/07 23:40:45 | 1043,943,872 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/07 23:31:06 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 23:30:43 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxxx\Desktop\mbam-setup.exe
[2012/02/07 23:11:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\xxxx\Desktop\aswMBR.exe
[2012/02/07 20:20:45 | 000,291,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/07 19:53:21 | 000,000,729 | ---- | M] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2012/02/07 19:53:21 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2012/02/07 19:07:04 | 000,030,208 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\SysNative\drivers\AegisP.sys
[2012/02/07 18:37:38 | 000,000,829 | ---- | M] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_sta
[2012/02/07 18:37:38 | 000,000,825 | ---- | M] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_prof
[2012/02/07 18:36:55 | 000,001,001 | ---- | M] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_wsc
[2012/02/05 22:53:01 | 000,001,484 | ---- | M] () -- C:\Users\xxxx\Desktop\SWTOR.lnk
[2012/02/05 12:29:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/05 10:59:22 | 000,001,736 | ---- | M] () -- C:\Users\xxxx\Desktop\PeerBlock.lnk
[2012/02/05 10:56:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/05 10:03:33 | 000,007,605 | ---- | M] () -- C:\Users\xxxx\AppData\Local\Resmon.ResmonCfg
[2012/02/05 08:48:10 | 001,032,112 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012/02/05 08:44:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2012/02/05 08:36:43 | 000,027,214 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/02/05 08:36:34 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/02/05 08:16:09 | 000,001,388 | ---- | M] () -- C:\Users\xxxx\Desktop\CT.lnk
[2012/02/05 07:56:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG.lnk
[2012/02/05 07:56:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 07:56:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/05 02:37:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Firefox.lnk
[2012/02/04 19:50:29 | 000,001,437 | ---- | M] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 17:34:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/02/04 17:34:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/02/04 17:32:41 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/04 16:51:00 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/04 16:51:00 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 02:36:12 | 088,657,622 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/09 02:45:31 | 000,064,122 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/08 21:28:29 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\defogger_reenable
[2012/02/08 21:28:14 | 000,050,477 | ---- | C] () -- C:\Users\xxxx\Desktop\Defogger.exe
[2012/02/07 23:40:45 | 1043,943,872 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/07 23:31:06 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 19:53:21 | 000,000,729 | ---- | C] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2012/02/07 19:53:21 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2012/02/07 18:37:38 | 000,000,829 | ---- | C] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_sta
[2012/02/07 18:37:38 | 000,000,825 | ---- | C] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_prof
[2012/02/07 18:36:55 | 000,001,001 | ---- | C] () -- C:\Users\xxxx\AppData\Local\RT2870_{5E3FE9F0-DF21-4F8A-B1C8-DE3D738F9E04}_wsc
[2012/02/07 18:34:01 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/07 18:34:01 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
[2012/02/07 18:34:01 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012/02/07 18:34:01 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\drivers\RaCoInst.dat
[2012/02/05 22:53:01 | 000,001,484 | ---- | C] () -- C:\Users\xxxx\Desktop\SWTOR.lnk
[2012/02/05 12:29:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/05 12:28:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/05 10:59:22 | 000,001,736 | ---- | C] () -- C:\Users\xxxx\Desktop\PeerBlock.lnk
[2012/02/05 10:03:33 | 000,007,605 | ---- | C] () -- C:\Users\xxxx\AppData\Local\Resmon.ResmonCfg
[2012/02/05 08:48:09 | 001,032,112 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/02/05 08:44:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2012/02/05 08:44:05 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2012/02/05 08:37:31 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/02/05 08:37:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/02/05 08:16:09 | 000,001,388 | ---- | C] () -- C:\Users\xxxx\Desktop\CT.lnk
[2012/02/05 07:56:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG.lnk
[2012/02/05 07:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 07:56:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/05 02:37:13 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/05 02:37:13 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Firefox.lnk
[2012/02/04 20:30:28 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/02/04 20:26:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/04 19:50:29 | 000,001,437 | ---- | C] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 19:42:18 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/02/04 19:41:44 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2012/02/04 19:40:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/04 19:40:30 | 000,027,214 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/04 19:38:34 | 000,001,409 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/04 17:36:22 | 2129,334,271 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/04 17:32:41 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/02/04 17:27:14 | 000,000,290 | ---- | C] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/04 17:27:14 | 000,000,272 | ---- | C] () -- C:\Users\xxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/04 16:50:58 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/02/04 16:50:58 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/10/20 04:26:12 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/08/03 00:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/04 00:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

< End of report >

--------------------------

OTL Extras logfile created on: 2/11/2012 9:36:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 78.85% Memory free
15.95 Gb Paging File | 13.75 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 402.55 Gb Free Space | 86.45% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 276.13 Gb Free Space | 59.29% Space Free | Partition Type: NTFS

Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3354430083-74819090-1019213369-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 15.6.25.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Finale 2012" = Finale 2012
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 2.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2012 9:38:40 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 2/10/2012 9:38:41 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2012 9:38:41 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 2/10/2012 9:38:41 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 2/10/2012 9:38:42 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2012 9:38:42 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001

Error - 2/10/2012 9:38:42 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001

Error - 2/10/2012 9:38:43 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2012 9:38:43 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000

Error - 2/10/2012 9:38:43 AM | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000

[ System Events ]
Error - 2/7/2012 9:20:54 PM | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO AsUpIO Avgldx64 Avgmfx64 discache spldr Wanarpv6

Error - 2/7/2012 9:20:58 PM | Computer Name = xxxx-PC | Source = DCOM | ID = 10005
Description =

Error - 2/7/2012 9:21:05 PM | Computer Name = xxxx-PC | Source = DCOM | ID = 10005
Description =

Error - 2/7/2012 9:21:07 PM | Computer Name = xxxx-PC | Source = DCOM | ID = 10005
Description =

Error - 2/7/2012 9:21:08 PM | Computer Name = xxxx-PC | Source = DCOM | ID = 10005
Description =

Error - 2/7/2012 9:21:08 PM | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2012 9:21:08 PM | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2012 9:21:08 PM | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 2/8/2012 12:40:48 AM | Computer Name = xxxx-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:28 PM on ?2/?7/?2012 was unexpected.

Error - 2/8/2012 12:40:55 AM | Computer Name = xxxx-PC | Source = BugCheck | ID = 1001
Description =


< End of report >

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 11 February 2012 - 10:42 AM

Hi,

No need to quote my post, just click the "Add Reply" button below.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 wowac

wowac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 11 February 2012 - 02:32 PM

FYI this is probably from when I rooted my phone and this doesn't seem related to the ymu issue. Could be wrong.

er@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ff8026ceca07f41a5bd79ea7cdf5489
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-11 07:25:57
# local_time=2012-02-11 02:25:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 80530147 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=192952
# found=2
# cleaned=0
# scan_time=1660
E:\External Items\xxxx\Android Stuff\exploits.zip Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I
E:\External Items\xxxx\android-sdk-windows\platform-tools\psneuter Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 11 February 2012 - 10:09 PM

Let's make sure that they are not infected.

:step1: Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    E:\External Items\xxxx\Android Stuff\exploits.zip

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


:step2: Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 wowac

wowac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 12 February 2012 - 11:57 AM

I keep getting "Error: returned status code 403 Forbidden" when I try to upload the file. It happens in Firefox and Internet Explorer. Any thoughts? Should I go through the next step without using virscan.org?

My internet connection is fine and I can access other sites within my browser. I can't seem to even use the links on the left-hand side of virscan.org without it giving me a stale page with "Unable to access" on it.

The only reason I ask is because according to this xda thread post #1287 says the file is a false positive. Thanks for your help so far!!

Edited by wowac, 12 February 2012 - 12:00 PM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 13 February 2012 - 07:12 AM

Please proceed with step#2 (Combofix).

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 wowac

wowac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 13 February 2012 - 06:52 PM

ComboFix 12-02-13.01 - xxxx 02/13/2012 18:38:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8169.6745 [GMT -5:00]
Running from: c:\users\xxxx\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 23:40 . 2012-02-13 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 04:31 . 2012-02-09 02:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 04:31 . 2012-02-08 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-08 04:31 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 00:52 . 2012-02-08 00:52 -------- d-----w- c:\programdata\MakeMusic
2012-02-08 00:52 . 2012-02-08 00:52 -------- d-----w- C:\PSFONTS
2012-02-07 23:34 . 2012-02-08 00:07 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-02-07 23:34 . 2009-03-03 19:09 13931 ----a-w- c:\windows\SysWow64\drivers\RaCoInst.dat
2012-02-07 23:33 . 2012-02-07 23:33 -------- d-----w- c:\program files (x86)\Medialink
2012-02-07 23:33 . 2009-03-03 19:24 870400 ----a-w- c:\windows\system32\drivers\netr28ux.sys
2012-02-07 23:33 . 2009-03-03 19:09 303616 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-02-06 08:11 . 2012-02-06 08:11 -------- d-----w- C:\$AVG
2012-02-05 17:28 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-05 16:58 . 2012-02-06 20:18 -------- d-----w- c:\program files\Star Wars-The Old Republic
2012-02-05 15:59 . 2012-02-05 15:59 -------- d-----w- c:\program files\PeerBlock
2012-02-05 15:56 . 2012-02-05 15:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 15:56 . 2012-02-05 15:56 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 13:48 . 2012-02-05 13:48 1032112 ----a-w- c:\windows\PE_Rom.dll
2012-02-05 13:47 . 2012-02-05 13:47 -------- d-----w- c:\programdata\ASUS OC Profiles
2012-02-05 13:44 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-02-05 13:44 . 2010-09-19 19:52 94208 ------w- c:\windows\SysWow64\IccLibDll.dll
2012-02-05 13:44 . 2012-02-05 13:44 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-05 13:39 . 2010-11-08 19:57 14464 ----a-w- c:\windows\system32\drivers\AiChargerPlus.sys
2012-02-05 13:38 . 2008-12-03 01:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2012-02-05 13:37 . 2012-02-05 13:37 -------- d-----w- c:\programdata\ASUS
2012-02-05 13:37 . 2012-02-05 13:38 -------- d-----w- c:\program files (x86)\ASUS
2012-02-05 13:37 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2012-02-05 13:37 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2012-02-05 13:37 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-02-05 13:24 . 2012-02-05 13:24 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-05 13:24 . 2012-02-05 13:24 -------- d-----w- c:\windows\system32\Wat
2012-02-05 13:21 . 2012-02-05 13:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-05 13:14 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-05 13:14 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-05 13:12 . 2012-02-05 13:17 -------- d-----w- c:\program files\Core Temp
2012-02-05 13:10 . 2012-02-05 13:10 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-05 13:08 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-05 13:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-05 13:03 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-05 13:03 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-05 13:03 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-05 13:03 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-05 13:03 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-05 13:03 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-05 13:03 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-05 13:03 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-05 13:03 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-05 13:03 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-05 12:56 . 2012-02-05 12:56 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-05 12:55 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-05 12:55 . 2012-02-13 12:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-05 12:55 . 2012-02-05 13:10 -------- d-----w- c:\programdata\AVG2012
2012-02-05 12:54 . 2012-02-05 12:54 -------- d-----w- c:\program files (x86)\AVG
2012-02-05 08:08 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-02-05 08:07 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-05 08:06 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-05 08:05 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-02-05 08:04 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-05 07:44 . 2012-02-05 07:44 -------- d--h--w- c:\programdata\Common Files
2012-02-05 07:38 . 2012-02-13 13:00 -------- d-----w- c:\programdata\MFAData
2012-02-05 07:36 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-05 07:36 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-05 07:36 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-05 07:36 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-05 07:35 . 2010-11-06 04:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-05 07:34 . 2012-02-05 07:34 -------- d-----w- c:\program files (x86)\Marvell
2012-02-05 07:34 . 2012-02-05 07:34 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-02-05 01:45 . 2012-02-05 01:45 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-02-05 01:45 . 2012-02-05 01:45 -------- d-----w- c:\program files\Realtek
2012-02-05 01:40 . 2012-02-05 13:08 -------- d-----w- c:\program files (x86)\EVGA Precision
2012-02-05 01:37 . 2011-07-07 20:51 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-02-05 01:37 . 2011-07-07 20:51 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-02-05 01:37 . 2011-07-07 20:51 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-02-05 01:31 . 2012-02-05 01:31 -------- d-----w- c:\users\UpdatusUser
2012-02-05 01:30 . 2012-02-13 23:42 -------- d-----w- c:\programdata\NVIDIA
2012-02-05 01:30 . 2012-02-05 01:38 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-02-05 01:30 . 2011-10-20 09:50 837952 ----a-r- c:\windows\system32\easyupdatusapiu64.dll
2012-02-05 01:30 . 2011-10-20 09:50 5067584 ----a-r- c:\windows\system32\nvsvc64.dll
2012-02-05 01:30 . 2011-10-20 09:50 3074368 ----a-r- c:\windows\system32\nvsvcr.dll
2012-02-05 01:30 . 2011-10-20 09:50 222528 ----a-r- c:\windows\system32\nvmctray.dll
2012-02-05 01:30 . 2011-10-20 09:50 1640768 ----a-r- c:\windows\system32\nvvsvc.exe
2012-02-05 01:30 . 2011-10-20 09:50 137536 ----a-r- c:\windows\system32\nvshext.dll
2012-02-05 01:30 . 2011-10-20 09:50 10406208 ----a-r- c:\windows\system32\nvcpl.dll
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-02-05 01:30 . 2011-10-20 09:50 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-05 01:30 . 2011-10-20 09:50 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-05 01:28 . 2012-02-05 01:31 -------- d-----w- c:\program files\NVIDIA Corporation
2012-02-05 01:27 . 2012-02-05 01:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-05 01:26 . 2012-02-05 01:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-05 01:21 . 2012-02-05 00:38 -------- d-----w- c:\windows\Panther
2012-02-05 01:08 . 2012-02-04 22:32 -------- d-----w- C:\$WINDOWS.~Q
2012-02-05 01:08 . 2012-02-05 01:08 -------- d-----w- C:\$INPLACE.~TR
2012-02-05 01:07 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392CEB-9EF9-4641-88E3-5F8F638B5E5D}\mpengine.dll
2012-02-05 01:07 . 2012-01-27 05:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-05 00:47 . 2010-10-04 05:02 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-02-05 00:47 . 2012-02-05 13:44 -------- d-----w- c:\program files (x86)\Intel
2012-02-05 00:45 . 2012-02-05 00:45 -------- d-----w- C:\Intel
2012-02-05 00:42 . 2010-08-12 20:00 133800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-02-05 00:42 . 2012-02-05 00:42 -------- d-----w- c:\program files\Intel
2012-02-05 00:42 . 2010-05-07 09:41 314568 ----a-r- c:\windows\system32\PROUnstl.exe
2012-02-05 00:41 . 2010-09-21 06:34 313520 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-02-05 00:41 . 2010-07-30 16:56 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2012-02-05 00:41 . 2009-05-26 02:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2012-02-05 00:41 . 2010-07-26 17:30 91840 ----a-w- c:\windows\system32\NicInstC.dll
2012-02-05 00:41 . 2012-02-08 00:52 -------- d-sh--w- c:\windows\Installer
2012-02-04 22:27 . 2012-02-09 02:28 -------- d-----w- c:\users\xxxx
2012-02-04 21:38 . 2012-02-05 00:38 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-20 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
S3 ALSysIO;ALSysIO;c:\users\xxxx\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.199.254
FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qufp0x8f.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-02-13 18:45:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 23:45
.
Pre-Run: 431,768,879,104 bytes free
Post-Run: 431,394,324,480 bytes free
.
- - End Of File - - 2CF76A856AA8245D6197E215C83808E7

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 13 February 2012 - 09:05 PM

Do you still experience the AVG warnings?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 wowac

wowac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 13 February 2012 - 10:29 PM

I haven't had an AVG warning since - it was only during the Finale installation process. The files related to this might also include Garritan or MakeMusic. I received one outbound warning from Malwarebytes while I was browsing the web. Do you think it was something flagged in the temp files during the install? Maybe a bug in AVG for installation processes? Any ideas?

My computer seems to function perfect but I haven't ran anything other than Firefox and CoreTemp. I just built it a few weeks ago.

Edited by wowac, 13 February 2012 - 10:30 PM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 14 February 2012 - 07:36 AM

Do you think it was something flagged in the temp files during the install?

Most likely and I think it's a false detection from AVG since your installing a legitimate software from the authors site.

Please observe the computer for a couple more days then let me know if all is good so we can properly remove all the tools. :)

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 19 February 2012 - 08:53 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 20 February 2012 - 11:12 PM

This topic has been re-opened at the request of the person who originally posted.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 20 February 2012 - 11:17 PM

Hi Sempai,

Thanks for your help on my possible trojan. Could you help me remove all of the software that was installed on my computer from both threads? Link to original thread is at the top post.




Uninstall:

1. ComboFix

  • Click Start > Run > copy-paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


2. Malwarebytes' Anti-Malware <-- Optional, you can keep it to use for on demand malware scan.
  • Go to Control Panel > Programs > Programs and Features > locate and remove Malwarebytes' Anti-Malware.

3. ESET online scanner
  • Go to Control Panel > Programs > Programs and Features > locate and remove ESET Online Scanner.


Delete:

1. DDS
2. aswMBR



Others:
  • Please run defogger and click Enable button to enable your CD Emulation drivers. Reboot if ask.
  • You can now delete defogger.



Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.
  • Reboot when ask.



Your log is clean, take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users