Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The windows security center service can't be started


  • This topic is locked This topic is locked
63 replies to this topic

#1 rainer23

rainer23

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 June 2012 - 03:26 AM

I am using windows 7 in my laptop but whenever i try to open windows security service from open action center which is located on quicklaunch bar menu but it can generate me error. Error code is 1058. Also i cant open my virus protection (microsoft security essentials) it closes immediatly itself. Have also experinced browswr redirecting me to various pages. It All started 19.06.2012.
Tried to switch Security Center manually to automatic bu it switching it back.
Then tried combofix but no change. Here are my combofix log:

ComboFix 12-06-21.01 - Administrator 21.06.2012 9:07.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1257.372.1033.18.8086.5999 [GMT 3:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\9a727e3b-3b75-44f1-aa0c-b5b6cd760030.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 06:11 . 2012-06-21 06:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-21 06:11 . 2012-06-21 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 05:50 . 2012-06-21 05:50 -------- d-----w- c:\users\Administrator
2012-06-21 05:34 . 2012-06-21 05:34 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 05:34 . 2012-06-21 05:34 -------- d-----w- c:\program files (x86)\Java
2012-06-21 05:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:31 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:31 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 11:16 . 2012-06-20 11:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-20 11:16 . 2012-06-20 11:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-19 13:05 . 2012-06-19 13:05 118784 --sha-r- c:\windows\SysWow64\WINSRPCA.dll
2012-06-15 13:49 . 2012-06-15 13:49 -------- d-----w- c:\users\Rainer\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 05:34 . 2011-07-17 12:58 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-15 13:49 . 2012-03-29 05:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 13:49 . 2011-10-20 19:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:13 . 2012-03-29 06:11 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 21:26 . 2012-04-02 21:26 16184 ----a-w- c:\windows\system32\drivers\atrfiltr.sys
2012-04-02 21:17 . 2012-04-02 21:17 752640 ----a-w- c:\windows\SysWow64\opensc-pkcs11.dll
2012-04-02 21:17 . 2012-04-02 21:17 752640 ----a-w- c:\windows\SysWow64\onepin-opensc-pkcs11.dll
2012-04-02 21:17 . 2012-04-02 21:17 752640 ----a-w- c:\windows\SysWow64\esteid-pkcs11.dll
2012-04-02 21:17 . 2012-04-02 21:17 2153984 ----a-w- c:\windows\SysWow64\opensc.dll
2012-04-02 21:06 . 2012-04-02 21:06 276480 ----a-w- c:\windows\system32\esteidcm64.dll
2012-04-02 21:05 . 2012-04-02 21:05 197632 ----a-w- c:\windows\SysWow64\esteidcm.dll
2012-03-30 11:35 . 2012-05-12 07:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2A4E94A4-B275-491A-9E32-CD7A26FC7C3B}]
2012-04-02 21:20 672816 ----a-w- c:\program files (x86)\Estonian ID Card\esteid-plugin-ie.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 atrfiltr;atrfiltr;c:\windows\system32\drivers\atrfiltr.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 cxbu0x64;OMNIKEY 1021;c:\windows\system32\DRIVERS\cxbu0x64.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-05-11 362296]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SmartCardRemoval;Smart Card Removal;c:\program files\Estonian ID Card\SmartCardRemoval.exe [2012-04-02 311856]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-21 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\cdmcbmadpr.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A4E94A4-B275-491A-9E32-CD7A26FC7C3B}]
2012-04-02 21:19 971824 ----a-w- c:\program files\Estonian ID Card\esteid-plugin-ie.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-21 312936]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ee&l=en&s=bsd
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 195.250.187.46 194.126.97.30
TCP: Interfaces\{38D47646-AFEE-4867-92B6-244A9518B5E8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38D47646-AFEE-4867-92B6-244A9518B5E8}\145747F62657373796B6F6F6E6469637: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38D47646-AFEE-4867-92B6-244A9518B5E8}\96E6475627E65647: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Terminal Pro ver 1.0 - c:\windows\UNWISE.EXE
AddRemove-Terminal Pro ver 1.6 - c:\windows\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2295395039-2155789106-1630719526-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cf,
08,9f,b8,e5,0a,b9,9e,b1,17,8e,6c,fd,da
"{2A4E94A4-B275-491A-9E32-CD7A26FC7C3B}"=hex:51,66,7a,6c,4c,1d,3b,1b,b4,88,5e,
3a,47,e2,7c,01,82,3a,86,3a,24,be,3c,22
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,04,
66,c2,86,4a,0e,aa,e3,9f,9a,f3,9b,6d,5a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,20,
80,30,1c,d9,02,92,c4,1a,24,74,4a,23,df
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fd,cd,
8f,5d,d3,60,00,b7,17,5f,15,c9,ad,b2,90
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,44,90,
be,6e,7e,b2,06,93,73,ba,b7,87,58,04,8e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d8,
cb,77,f4,3d,0b,a0,7c,d7,65,c3,87,c8,b0
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,15,
ef,68,9c,48,06,a3,33,dd,a9,2b,94,15,1a
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fa,
ad,57,92,b6,59,a0,e5,4b,e0,cb,48,f5,16
.
[HKEY_USERS\S-1-5-21-2295395039-2155789106-1630719526-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:fa,75,32,e4,71,4f,cd,01
.
[HKEY_USERS\S-1-5-21-2295395039-2155789106-1630719526-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,83,53,97,13,14,a3,43,b3,5e,e7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,83,53,97,13,14,a3,43,b3,5e,e7,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 09:12:38
ComboFix-quarantined-files.txt 2012-06-21 06:12
.
Pre-Run: 624á219á992á064 bytes free
Post-Run: 624á168á722á432 bytes free
.
- - End Of File - - 09C1E6D41068427178D7731F8B17E9BD

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 25 June 2012 - 07:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 26 June 2012 - 12:37 AM

Hello, I'm here and waiting.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 26 June 2012 - 03:04 PM

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Still, you didn't do that fortunately.


Can you run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 27 June 2012 - 12:47 AM

Sorry about combofix but if i startid to find solutions for my problem i found so many recommendations to use it so i did.
Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 08:36:54
-----------------------------
08:36:54.820 OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:54.820 Number of processors: 4 586 0x2A07
08:36:54.830 ComputerName: RAINER-PC UserName: Rainer
08:36:57.440 Initialize success
08:37:48.800 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:37:48.810 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
08:37:48.830 Disk 0 MBR read successfully
08:37:48.830 Disk 0 MBR scan
08:37:48.840 Disk 0 Windows VISTA default MBR code
08:37:48.850 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:37:48.860 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
08:37:48.870 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695299 MB offset 41172992
08:37:48.890 Disk 0 scanning C:\Windows\system32\drivers
08:37:54.150 Service scanning
08:38:04.320 Modules scanning
08:38:04.330 Disk 0 trace - called modules:
08:38:04.390 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
08:38:04.400 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800966d060]
08:38:04.720 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80094c1930]
08:38:04.730 5 stdcfltn.sys[fffff88001b4ac52] -> nt!IofCallDriver -> [0xfffffa8007b13950]
08:38:04.740 7 ACPI.sys[fffff88000f767a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b17050]
08:38:04.760 Scan finished successfully
08:38:39.810 Disk 0 MBR has been saved successfully to "C:\Users\Rainer\Desktop\MBR.dat"
08:38:39.814 The log file has been saved successfully to "C:\Users\Rainer\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 27 June 2012 - 06:41 PM

Please run FSS, looks like there's nothing there but if there was then this can damage a number of processes - including the WSCS

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#7 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 28 June 2012 - 12:55 AM

log:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Rainer (administrator) on 28-06-2012 at 08:51:24
Running from "C:\Users\Rainer\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 28 June 2012 - 05:38 PM

The following steps involve registry editing. Please create new restore point before proceeding.

1. Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

2. In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the
password or provide confirmation.

3. Click the System Protection tab, and then click Create.

4. In the System Protection dialog box, type a description, and then click Create.


Next


Please go to Start and then Run, type regedit and click OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right-Click Root and select Permissions...

Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.

Click Apply and OK.

Download Seven.zip file from here:

Unzip it.

You'll find several files inside.

Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.

Double-click the WinDefend reg file and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.

Run FSS and post the log.
Posted Image
m0le is a proud member of UNITE

#9 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 29 June 2012 - 01:50 AM

Done, but no changes, all the same :(
First i could not change the root permissions: Unable to save permission change on root Access is denied.
Then i tried this and it helped:
Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on Advanced

Click on owner tab

Select the account in which you are logged in as owner

Place a tick on Replace owner on subcontainers and objects

Now try to add everyone to the security tab.

After the registry edit and restart the FSS log was the same:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Rainer (administrator) on 29-06-2012 at 09:35:57
Running from "C:\Users\Rainer\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 29 June 2012 - 06:25 PM

Download Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections


Checkmark Restart System When Finished option
click the Start button

Restart the PC and let me know if that worked.
Posted Image
m0le is a proud member of UNITE

#11 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 30 June 2012 - 02:05 AM

Done, but all the problems are same, no change.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 30 June 2012 - 05:39 PM

Is it just needing to be turned on?

1. Click Start, type Services.msc in Start Search bar, and then press Enter.

2. In the right pane, double-click Security Center.

3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.

4. Restart the computer.
Posted Image
m0le is a proud member of UNITE

#13 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 July 2012 - 10:05 AM

Yes i need it to be back turned on because now i dont have virus protection. Microsoft security essentials closes itself if i try to open it. Also tried uninstall it and new install it, didnt help.
Your last instructions wont work because after restart its back to unabled.
And still having probles in google search, if opening some search option it redirecting me to random pages.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 01 July 2012 - 07:11 PM

Okay, then we still have an unwanted guest

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#15 rainer23

rainer23
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 02 July 2012 - 06:09 AM

Log:

Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 13:55:30
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-30] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-04-21] (NVIDIA Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [520330 2011-08-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Rainer\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [4527424 2011-08-17] (DT Soft Ltd)
HKU\Rainer\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 195.250.187.46 194.126.97.30
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Tcpip\..\Interfaces\{38D47646-AFEE-4867-92B6-244A9518B5E8}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel« Corporation)

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation)
2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
4 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 SmartCardRemoval; "C:\Program Files\Estonian ID Card\SmartCardRemoval.exe" [311856 2012-04-02] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-11-22] ()
3 atrfiltr; C:\Windows\System32\Drivers\atrfiltr.sys [16184 2012-04-02] (Windows ® Win 7 DDK provider)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [58128 2011-01-24] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [274944 2011-01-24] (Intel Corporation)
3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [271424 2011-10-25] (DT Soft Ltd)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-01-24] (Intel Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-11-22] ()
3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [121960 2010-12-12] ()
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-02 13:55 - 2012-07-02 13:55 - 00000000 ____D C:\FRST
2012-07-02 05:39 - 2012-07-02 05:39 - 01430427 ____A C:\Users\Rainer\Downloads\FRST64.exe
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{2CE0A092-D3EF-41AB-AEA7-F66F94DFAA98}
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{0713896E-F339-42C6-88D2-EAC0EA14FF05}
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\{2CE0A092-D3EF-41AB-AEA7-F66F94DFAA98}
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\{0713896E-F339-42C6-88D2-EAC0EA14FF05}
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\AppData\Local\{2CE0A092-D3EF-41AB-AEA7-F66F94DFAA98}
2012-07-02 00:29 - 2012-07-02 00:29 - 00000000 ____D C:\Users\Rainer\AppData\Local\{0713896E-F339-42C6-88D2-EAC0EA14FF05}
2012-07-01 12:20 - 2012-07-01 12:27 - 00000000 ____D C:\Users\Rainer\Desktop\Kala
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{5156F8FF-6DD8-459B-B8E7-F040D501DBD2}
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{1D3D8288-ED4F-4CED-879F-F55CEDD725F6}
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{5156F8FF-6DD8-459B-B8E7-F040D501DBD2}
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{1D3D8288-ED4F-4CED-879F-F55CEDD725F6}
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{5156F8FF-6DD8-459B-B8E7-F040D501DBD2}
2012-07-01 09:35 - 2012-07-01 09:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{1D3D8288-ED4F-4CED-879F-F55CEDD725F6}
2012-06-30 01:56 - 2012-06-30 01:59 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-06-30 01:56 - 2012-06-30 01:59 - 00000042 ____A C:\repairs_running.dat
2012-06-30 01:56 - 2004-06-11 18:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-06-30 01:52 - 2012-06-30 01:52 - 00002293 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-06-30 01:52 - 2012-06-30 01:52 - 00002293 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-06-30 01:52 - 2012-06-30 01:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-06-30 01:49 - 2012-06-30 01:49 - 04623766 ____A C:\Users\Rainer\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{854D5494-99E4-44B4-810E-F22DC52E7068}
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{0BFE273D-1D24-4C7D-B292-1AAAA5B5DD35}
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\Local Settings\{854D5494-99E4-44B4-810E-F22DC52E7068}
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\Local Settings\{0BFE273D-1D24-4C7D-B292-1AAAA5B5DD35}
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\AppData\Local\{854D5494-99E4-44B4-810E-F22DC52E7068}
2012-06-30 01:42 - 2012-06-30 01:42 - 00000000 ____D C:\Users\Rainer\AppData\Local\{0BFE273D-1D24-4C7D-B292-1AAAA5B5DD35}
2012-06-29 01:27 - 2012-06-29 01:27 - 00000314 ____A C:\Users\Rainer\Desktop\helped.txt
2012-06-29 00:55 - 2012-06-29 00:55 - 00000000 ____D C:\Users\Rainer\Desktop\reg
2012-06-29 00:49 - 2012-06-29 00:50 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{F159339C-0D8E-4DE2-B8C1-540B1F2ED7C9}
2012-06-29 00:49 - 2012-06-29 00:50 - 00000000 ____D C:\Users\Rainer\Local Settings\{F159339C-0D8E-4DE2-B8C1-540B1F2ED7C9}
2012-06-29 00:49 - 2012-06-29 00:50 - 00000000 ____D C:\Users\Rainer\AppData\Local\{F159339C-0D8E-4DE2-B8C1-540B1F2ED7C9}
2012-06-29 00:49 - 2012-06-29 00:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{3DC960EE-610D-4773-A71D-5C011B812BBD}
2012-06-29 00:49 - 2012-06-29 00:49 - 00000000 ____D C:\Users\Rainer\Local Settings\{3DC960EE-610D-4773-A71D-5C011B812BBD}
2012-06-29 00:49 - 2012-06-29 00:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\{3DC960EE-610D-4773-A71D-5C011B812BBD}
2012-06-28 00:51 - 2012-06-29 01:36 - 00002453 ____A C:\Users\Rainer\Downloads\FSS.txt
2012-06-28 00:46 - 2012-06-28 00:46 - 00340645 ____A C:\Users\Rainer\Downloads\FSS.exe
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{90741428-AA8E-4851-AE42-9D637F65B939}
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{81E81C18-7F66-4FED-BDD0-5A1FC748D827}
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\Local Settings\{90741428-AA8E-4851-AE42-9D637F65B939}
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\Local Settings\{81E81C18-7F66-4FED-BDD0-5A1FC748D827}
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\AppData\Local\{90741428-AA8E-4851-AE42-9D637F65B939}
2012-06-28 00:42 - 2012-06-28 00:42 - 00000000 ____D C:\Users\Rainer\AppData\Local\{81E81C18-7F66-4FED-BDD0-5A1FC748D827}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{E08CF549-F1CB-4FCD-9B89-7CA157527F01}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{681DEC49-6AE6-4D38-B012-3811BBE7B666}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\Local Settings\{E08CF549-F1CB-4FCD-9B89-7CA157527F01}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\Local Settings\{681DEC49-6AE6-4D38-B012-3811BBE7B666}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\AppData\Local\{E08CF549-F1CB-4FCD-9B89-7CA157527F01}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Rainer\AppData\Local\{681DEC49-6AE6-4D38-B012-3811BBE7B666}
2012-06-27 00:38 - 2012-06-27 00:38 - 00001805 ____A C:\Users\Rainer\Desktop\aswMBR.txt
2012-06-27 00:38 - 2012-06-27 00:38 - 00000512 ____A C:\Users\Rainer\Desktop\MBR.dat.dat
2012-06-27 00:36 - 2012-06-27 00:36 - 04731392 ____A (AVAST Software) C:\Users\Rainer\Downloads\aswMBR.exe
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{AFEF5432-62AE-4FD4-829B-8793B1E88158}
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{8DB5F20D-B8CB-4857-85ED-803DB2DB0A08}
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\{AFEF5432-62AE-4FD4-829B-8793B1E88158}
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\{8DB5F20D-B8CB-4857-85ED-803DB2DB0A08}
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\AppData\Local\{AFEF5432-62AE-4FD4-829B-8793B1E88158}
2012-06-26 00:32 - 2012-06-26 00:32 - 00000000 ____D C:\Users\Rainer\AppData\Local\{8DB5F20D-B8CB-4857-85ED-803DB2DB0A08}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{B5F32EB8-3706-4517-AF8E-C1BF87453422}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{353680D5-4F55-42EE-9691-B74B2AC9B584}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{B5F32EB8-3706-4517-AF8E-C1BF87453422}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{353680D5-4F55-42EE-9691-B74B2AC9B584}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{B5F32EB8-3706-4517-AF8E-C1BF87453422}
2012-06-25 00:35 - 2012-06-25 00:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{353680D5-4F55-42EE-9691-B74B2AC9B584}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{D7EAABED-864B-4DD3-ABC7-87AF5850B662}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{1F1230C4-2642-458F-B8B2-ED021A9DCB4E}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\Local Settings\{D7EAABED-864B-4DD3-ABC7-87AF5850B662}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\Local Settings\{1F1230C4-2642-458F-B8B2-ED021A9DCB4E}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\AppData\Local\{D7EAABED-864B-4DD3-ABC7-87AF5850B662}
2012-06-24 10:12 - 2012-06-24 10:12 - 00000000 ____D C:\Users\Rainer\AppData\Local\{1F1230C4-2642-458F-B8B2-ED021A9DCB4E}
2012-06-22 00:32 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{E93D5BFA-7E68-4F08-9B40-C7E7EA5B0EC2}
2012-06-22 00:32 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\{E93D5BFA-7E68-4F08-9B40-C7E7EA5B0EC2}
2012-06-22 00:32 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\AppData\Local\{E93D5BFA-7E68-4F08-9B40-C7E7EA5B0EC2}
2012-06-22 00:31 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{6660CF20-8F96-4394-91FC-F8340693EDA8}
2012-06-22 00:31 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\Local Settings\{6660CF20-8F96-4394-91FC-F8340693EDA8}
2012-06-22 00:31 - 2012-06-22 00:32 - 00000000 ____D C:\Users\Rainer\AppData\Local\{6660CF20-8F96-4394-91FC-F8340693EDA8}
2012-06-21 03:07 - 2012-06-21 01:13 - 00016896 ____A C:\Users\Rainer\Desktop\combofix.txt
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{C5EB2D82-3D7D-4440-9DBB-3280E2B297B1}
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{2C0A8F00-36D9-4FBE-9798-BA2717330ED6}
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\Local Settings\{C5EB2D82-3D7D-4440-9DBB-3280E2B297B1}
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\Local Settings\{2C0A8F00-36D9-4FBE-9798-BA2717330ED6}
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\AppData\Local\{C5EB2D82-3D7D-4440-9DBB-3280E2B297B1}
2012-06-21 02:50 - 2012-06-21 02:50 - 00000000 ____D C:\Users\Rainer\AppData\Local\{2C0A8F00-36D9-4FBE-9798-BA2717330ED6}
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-21 01:13 - 2012-06-21 01:13 - 00016896 ____A C:\Users\Administrator\Desktop\combofix.txt
2012-06-21 01:12 - 2012-06-21 01:12 - 00016896 ____A C:\ComboFix.txt
2012-06-21 01:07 - 2012-06-21 01:12 - 00000000 ____D C:\Qoobox
2012-06-21 01:07 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-21 01:07 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-21 01:07 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-21 01:07 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-21 01:07 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-21 01:07 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-21 01:07 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-21 01:07 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-21 01:00 - 2012-06-21 01:01 - 04563474 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-06-21 00:51 - 2012-06-21 00:51 - 00000000 ____D C:\Users\Administrator\Application Data\Adobe
2012-06-21 00:51 - 2012-06-21 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-06-21 00:50 - 2012-06-21 00:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\Application Data\Roxio
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\Application Data\Intel
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\Application Data\Dell
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\Application Data\Creative
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Roxio
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2012-06-21 00:50 - 2012-06-21 00:50 - 00000000 ____D C:\users\Administrator
2012-06-21 00:50 - 2011-10-20 12:34 - 00000000 ____D C:\Users\Administrator\Local Settings\SoftThinks
2012-06-21 00:50 - 2011-10-20 12:34 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\SoftThinks
2012-06-21 00:50 - 2011-10-20 12:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\SoftThinks
2012-06-21 00:50 - 2011-10-19 12:17 - 00000000 ____D C:\Users\Administrator\Local Settings\Microsoft Help
2012-06-21 00:50 - 2011-10-19 12:17 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Microsoft Help
2012-06-21 00:50 - 2011-10-19 12:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-06-21 00:50 - 2011-07-17 08:20 - 00000000 ____D C:\Users\Administrator\Application Data\Macromedia
2012-06-21 00:50 - 2011-07-17 08:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-06-21 00:34 - 2012-06-21 00:34 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-21 00:34 - 2012-06-21 00:34 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-21 00:34 - 2012-06-21 00:34 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-21 00:34 - 2012-06-21 00:34 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-21 00:34 - 2012-06-21 00:34 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-21 00:31 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 00:31 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 00:31 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 00:31 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 00:31 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 00:31 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 00:31 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 00:31 - 2012-06-02 07:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 00:31 - 2012-06-02 07:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 06:16 - 2012-06-20 06:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-20 06:16 - 2012-06-20 06:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-20 06:14 - 2012-06-21 01:22 - 00003018 ____A C:\Windows\PFRO.log
2012-06-20 01:26 - 2012-06-21 01:06 - 00000000 ____D C:\Windows\erdnt
2012-06-20 00:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{FB1F40C0-7384-4CDD-A094-2D6E7662B22F}
2012-06-20 00:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{FB1F40C0-7384-4CDD-A094-2D6E7662B22F}
2012-06-20 00:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{FB1F40C0-7384-4CDD-A094-2D6E7662B22F}
2012-06-19 12:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{9214666F-3194-4E14-803E-5F6E146007B7}
2012-06-19 12:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{9214666F-3194-4E14-803E-5F6E146007B7}
2012-06-19 12:36 - 2012-06-20 00:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{9214666F-3194-4E14-803E-5F6E146007B7}
2012-06-19 12:36 - 2012-06-19 12:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{71986CD6-4186-4626-BECC-B21FA2E8F0E2}
2012-06-19 12:36 - 2012-06-19 12:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{71986CD6-4186-4626-BECC-B21FA2E8F0E2}
2012-06-19 12:36 - 2012-06-19 12:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{71986CD6-4186-4626-BECC-B21FA2E8F0E2}
2012-06-19 10:48 - 2012-06-19 10:49 - 12633472 ____A (Microsoft Corporation) C:\Users\Rainer\Downloads\mseinstall.exe
2012-06-19 10:42 - 2012-07-02 00:28 - 00001232 ____A C:\Windows\setupact.log
2012-06-19 10:42 - 2012-06-19 10:42 - 00000000 ____A C:\Windows\setuperr.log
2012-06-19 09:43 - 2012-06-19 09:44 - 00067468 ____A C:\Users\Rainer\My Documents\cc_20120619_174345.reg
2012-06-19 09:43 - 2012-06-19 09:44 - 00067468 ____A C:\Users\Rainer\Documents\cc_20120619_174345.reg
2012-06-19 08:05 - 2012-07-02 00:28 - 00000304 ____A C:\Windows\Tasks\cdmcbmadpr.job
2012-06-19 08:05 - 2012-06-19 08:05 - 00118784 _RASH C:\Windows\SysWOW64\WINSRPCA.dll
2012-06-19 00:35 - 2012-06-19 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{172B5E98-0545-45E6-9009-2A70000C9860}
2012-06-19 00:35 - 2012-06-19 00:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{172B5E98-0545-45E6-9009-2A70000C9860}
2012-06-19 00:35 - 2012-06-19 00:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{172B5E98-0545-45E6-9009-2A70000C9860}
2012-06-19 00:35 - 2012-06-19 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{E3E08ECF-B765-4F79-A323-B361F29090EA}
2012-06-19 00:35 - 2012-06-19 00:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{E3E08ECF-B765-4F79-A323-B361F29090EA}
2012-06-19 00:35 - 2012-06-19 00:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{E3E08ECF-B765-4F79-A323-B361F29090EA}
2012-06-18 00:31 - 2012-06-18 00:31 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{84B4E2B8-0CC8-4F3F-8945-6A039142FA5F}
2012-06-18 00:31 - 2012-06-18 00:31 - 00000000 ____D C:\Users\Rainer\Local Settings\{84B4E2B8-0CC8-4F3F-8945-6A039142FA5F}
2012-06-18 00:31 - 2012-06-18 00:31 - 00000000 ____D C:\Users\Rainer\AppData\Local\{84B4E2B8-0CC8-4F3F-8945-6A039142FA5F}
2012-06-17 07:01 - 2012-06-17 07:01 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{67F91EFA-83B7-4001-8E7B-2617817B921C}
2012-06-17 07:01 - 2012-06-17 07:01 - 00000000 ____D C:\Users\Rainer\Local Settings\{67F91EFA-83B7-4001-8E7B-2617817B921C}
2012-06-17 07:01 - 2012-06-17 07:01 - 00000000 ____D C:\Users\Rainer\AppData\Local\{67F91EFA-83B7-4001-8E7B-2617817B921C}
2012-06-15 08:49 - 2012-06-15 08:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Macromedia
2012-06-15 08:49 - 2012-06-15 08:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\Macromedia
2012-06-15 08:49 - 2012-06-15 08:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\Macromedia
2012-06-15 00:32 - 2012-06-15 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{E55679ED-B483-469C-94F9-189780F849DE}
2012-06-15 00:32 - 2012-06-15 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\{E55679ED-B483-469C-94F9-189780F849DE}
2012-06-15 00:32 - 2012-06-15 00:33 - 00000000 ____D C:\Users\Rainer\AppData\Local\{E55679ED-B483-469C-94F9-189780F849DE}
2012-06-14 08:00 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 08:00 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 08:00 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 08:00 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 08:00 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 08:00 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 08:00 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 08:00 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 08:00 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 08:00 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 08:00 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 08:00 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 08:00 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 08:00 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 08:00 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 08:00 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 08:00 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 08:00 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 08:00 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 08:00 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 08:00 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 08:00 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 08:00 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 08:00 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 08:00 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 08:00 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 08:00 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 08:00 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 02:37 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{276D2D4B-75A0-4DC6-AE93-B5F5C4F41804}
2012-06-14 02:37 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\Local Settings\{276D2D4B-75A0-4DC6-AE93-B5F5C4F41804}
2012-06-14 02:37 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\AppData\Local\{276D2D4B-75A0-4DC6-AE93-B5F5C4F41804}
2012-06-14 02:36 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{234066CF-3225-448E-A47C-681D4E88EEE2}
2012-06-14 02:36 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\Local Settings\{234066CF-3225-448E-A47C-681D4E88EEE2}
2012-06-14 02:36 - 2012-06-14 02:37 - 00000000 ____D C:\Users\Rainer\AppData\Local\{234066CF-3225-448E-A47C-681D4E88EEE2}
2012-06-14 00:33 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 00:33 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 00:33 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 00:33 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 00:33 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 00:33 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 00:33 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:33 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 00:33 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:33 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 00:33 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 00:33 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 00:33 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 00:33 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 00:33 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 00:33 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 00:33 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{9D55243C-CF13-4EFF-87FD-4F0B6688E97F}
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{3AC191A5-BB22-46FF-9817-572191336BB4}
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{9D55243C-CF13-4EFF-87FD-4F0B6688E97F}
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\Local Settings\{3AC191A5-BB22-46FF-9817-572191336BB4}
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{9D55243C-CF13-4EFF-87FD-4F0B6688E97F}
2012-06-13 14:36 - 2012-06-13 14:36 - 00000000 ____D C:\Users\Rainer\AppData\Local\{3AC191A5-BB22-46FF-9817-572191336BB4}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{4746EADA-A007-426E-A188-4F95FE5EC69B}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{2DCE803B-CD84-4872-9E34-A0697CBE1CA1}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{4746EADA-A007-426E-A188-4F95FE5EC69B}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\Local Settings\{2DCE803B-CD84-4872-9E34-A0697CBE1CA1}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{4746EADA-A007-426E-A188-4F95FE5EC69B}
2012-06-13 01:35 - 2012-06-13 01:35 - 00000000 ____D C:\Users\Rainer\AppData\Local\{2DCE803B-CD84-4872-9E34-A0697CBE1CA1}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{5CCD45FE-BA14-4DE2-A811-7973534B0868}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{12EB63E7-8BE6-4925-8A2B-94B85B5D36A0}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\Local Settings\{5CCD45FE-BA14-4DE2-A811-7973534B0868}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\Local Settings\{12EB63E7-8BE6-4925-8A2B-94B85B5D36A0}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\AppData\Local\{5CCD45FE-BA14-4DE2-A811-7973534B0868}
2012-06-12 13:34 - 2012-06-12 13:34 - 00000000 ____D C:\Users\Rainer\AppData\Local\{12EB63E7-8BE6-4925-8A2B-94B85B5D36A0}
2012-06-12 01:19 - 2012-06-12 01:20 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{3B7508DA-6369-4613-B727-7506F4AE7ABE}
2012-06-12 01:19 - 2012-06-12 01:20 - 00000000 ____D C:\Users\Rainer\Local Settings\{3B7508DA-6369-4613-B727-7506F4AE7ABE}
2012-06-12 01:19 - 2012-06-12 01:20 - 00000000 ____D C:\Users\Rainer\AppData\Local\{3B7508DA-6369-4613-B727-7506F4AE7ABE}
2012-06-12 01:19 - 2012-06-12 01:19 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{45A864A2-30FC-4F70-A0CE-BEF796B222E8}
2012-06-12 01:19 - 2012-06-12 01:19 - 00000000 ____D C:\Users\Rainer\Local Settings\{45A864A2-30FC-4F70-A0CE-BEF796B222E8}
2012-06-12 01:19 - 2012-06-12 01:19 - 00000000 ____D C:\Users\Rainer\AppData\Local\{45A864A2-30FC-4F70-A0CE-BEF796B222E8}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{FF1DFAB3-96A3-4899-B59A-6636A3D36183}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{0ECE3864-B8FF-46E7-B0BD-1334C1D7DAEE}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\Local Settings\{FF1DFAB3-96A3-4899-B59A-6636A3D36183}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\Local Settings\{0ECE3864-B8FF-46E7-B0BD-1334C1D7DAEE}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\AppData\Local\{FF1DFAB3-96A3-4899-B59A-6636A3D36183}
2012-06-11 13:19 - 2012-06-11 13:19 - 00000000 ____D C:\Users\Rainer\AppData\Local\{0ECE3864-B8FF-46E7-B0BD-1334C1D7DAEE}
2012-06-11 04:42 - 2012-06-11 04:42 - 00741335 ____A C:\Users\Rainer\Desktop\EKCERÍLINE_TEED_JA_PLATSID_1_KAI_10 05 2012 (4)
2012-06-11 00:33 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{C0CAC256-C7CC-47FB-BA98-0E4C4030B910}
2012-06-11 00:33 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\{C0CAC256-C7CC-47FB-BA98-0E4C4030B910}
2012-06-11 00:33 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\AppData\Local\{C0CAC256-C7CC-47FB-BA98-0E4C4030B910}
2012-06-10 07:20 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{244CD4F0-566A-45AB-9CC0-FF93FB960A95}
2012-06-10 07:20 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\Local Settings\{244CD4F0-566A-45AB-9CC0-FF93FB960A95}
2012-06-10 07:20 - 2012-06-11 00:33 - 00000000 ____D C:\Users\Rainer\AppData\Local\{244CD4F0-566A-45AB-9CC0-FF93FB960A95}
2012-06-10 07:20 - 2012-06-10 07:20 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{F5CD93D2-4068-4F38-BCD8-EC488451A16E}
2012-06-10 07:20 - 2012-06-10 07:20 - 00000000 ____D C:\Users\Rainer\Local Settings\{F5CD93D2-4068-4F38-BCD8-EC488451A16E}
2012-06-10 07:20 - 2012-06-10 07:20 - 00000000 ____D C:\Users\Rainer\AppData\Local\{F5CD93D2-4068-4F38-BCD8-EC488451A16E}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{F7E9CFAF-8E05-4AA6-8A75-E8EB8B317F6D}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{D83B7BC8-3490-4D0A-9B91-7397783C3C28}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{F7E9CFAF-8E05-4AA6-8A75-E8EB8B317F6D}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{D83B7BC8-3490-4D0A-9B91-7397783C3C28}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{F7E9CFAF-8E05-4AA6-8A75-E8EB8B317F6D}
2012-06-08 13:17 - 2012-06-08 13:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{D83B7BC8-3490-4D0A-9B91-7397783C3C28}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{5BEE2F69-3DAE-40DF-A1F6-468EC5052372}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{4EFF162C-16F4-4D9D-A99F-A391E564294D}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{5BEE2F69-3DAE-40DF-A1F6-468EC5052372}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{4EFF162C-16F4-4D9D-A99F-A391E564294D}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{5BEE2F69-3DAE-40DF-A1F6-468EC5052372}
2012-06-08 01:17 - 2012-06-08 01:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{4EFF162C-16F4-4D9D-A99F-A391E564294D}
2012-06-07 13:17 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{D7236727-9EA4-4502-8BB1-3A3FCDBD2537}
2012-06-07 13:17 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{D7236727-9EA4-4502-8BB1-3A3FCDBD2537}
2012-06-07 13:17 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{D7236727-9EA4-4502-8BB1-3A3FCDBD2537}
2012-06-07 13:16 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{40D52E37-302E-4E07-9383-428BE8B58C3D}
2012-06-07 13:16 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\Local Settings\{40D52E37-302E-4E07-9383-428BE8B58C3D}
2012-06-07 13:16 - 2012-06-07 13:17 - 00000000 ____D C:\Users\Rainer\AppData\Local\{40D52E37-302E-4E07-9383-428BE8B58C3D}
2012-06-07 01:12 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{C5EB3F2A-41D3-42E1-AF35-332C0BBF8487}
2012-06-07 01:12 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\Local Settings\{C5EB3F2A-41D3-42E1-AF35-332C0BBF8487}
2012-06-07 01:12 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\AppData\Local\{C5EB3F2A-41D3-42E1-AF35-332C0BBF8487}
2012-06-07 01:11 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{2F236299-1B4F-46CC-B146-29CC30F47C9B}
2012-06-07 01:11 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\Local Settings\{2F236299-1B4F-46CC-B146-29CC30F47C9B}
2012-06-07 01:11 - 2012-06-07 01:12 - 00000000 ____D C:\Users\Rainer\AppData\Local\{2F236299-1B4F-46CC-B146-29CC30F47C9B}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{C6DC891D-CC70-4263-A2D3-0E5E169DA8EF}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{A86E6E45-7572-4396-8E6F-4845D4491F9A}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\Local Settings\{C6DC891D-CC70-4263-A2D3-0E5E169DA8EF}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\Local Settings\{A86E6E45-7572-4396-8E6F-4845D4491F9A}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\AppData\Local\{C6DC891D-CC70-4263-A2D3-0E5E169DA8EF}
2012-06-06 13:11 - 2012-06-06 13:11 - 00000000 ____D C:\Users\Rainer\AppData\Local\{A86E6E45-7572-4396-8E6F-4845D4491F9A}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{1E06666A-CFB9-4A17-BD0C-2A6FC28E056D}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{061F47EA-C8DA-43AC-85AC-FD6B0FB43538}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\Local Settings\{1E06666A-CFB9-4A17-BD0C-2A6FC28E056D}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\Local Settings\{061F47EA-C8DA-43AC-85AC-FD6B0FB43538}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\AppData\Local\{1E06666A-CFB9-4A17-BD0C-2A6FC28E056D}
2012-06-06 00:41 - 2012-06-06 00:41 - 00000000 ____D C:\Users\Rainer\AppData\Local\{061F47EA-C8DA-43AC-85AC-FD6B0FB43538}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{B327F0DD-50DA-4CCB-8C5B-96CACBD601F9}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{000E210D-663C-4611-9546-BE122A866D26}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\Local Settings\{B327F0DD-50DA-4CCB-8C5B-96CACBD601F9}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\Local Settings\{000E210D-663C-4611-9546-BE122A866D26}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\AppData\Local\{B327F0DD-50DA-4CCB-8C5B-96CACBD601F9}
2012-06-05 01:39 - 2012-06-05 01:39 - 00000000 ____D C:\Users\Rainer\AppData\Local\{000E210D-663C-4611-9546-BE122A866D26}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{8E13746F-2269-4BDB-AB37-CBBE7644DA9E}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{06377333-5A0C-4495-B6DD-BC43C55992B1}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\Local Settings\{8E13746F-2269-4BDB-AB37-CBBE7644DA9E}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\Local Settings\{06377333-5A0C-4495-B6DD-BC43C55992B1}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\AppData\Local\{8E13746F-2269-4BDB-AB37-CBBE7644DA9E}
2012-06-04 13:39 - 2012-06-04 13:39 - 00000000 ____D C:\Users\Rainer\AppData\Local\{06377333-5A0C-4495-B6DD-BC43C55992B1}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{9E8D75D6-A8CC-40E9-AF49-072A47FCE48D}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{413A37B2-3842-4D3B-81EA-97AB344B506E}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\{9E8D75D6-A8CC-40E9-AF49-072A47FCE48D}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\Local Settings\{413A37B2-3842-4D3B-81EA-97AB344B506E}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\AppData\Local\{9E8D75D6-A8CC-40E9-AF49-072A47FCE48D}
2012-06-04 00:29 - 2012-06-04 00:29 - 00000000 ____D C:\Users\Rainer\AppData\Local\{413A37B2-3842-4D3B-81EA-97AB344B506E}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{86E8B5D8-0862-4F47-957C-2744C4F7DCAA}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{6ED5A8DA-5074-4488-A013-A8C6FBE757C2}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\Local Settings\{86E8B5D8-0862-4F47-957C-2744C4F7DCAA}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\Local Settings\{6ED5A8DA-5074-4488-A013-A8C6FBE757C2}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\AppData\Local\{86E8B5D8-0862-4F47-957C-2744C4F7DCAA}
2012-06-03 03:53 - 2012-06-03 03:53 - 00000000 ____D C:\Users\Rainer\AppData\Local\{6ED5A8DA-5074-4488-A013-A8C6FBE757C2}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{C509E0E3-7FA8-441F-A6F7-57CFAD3A54B2}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{3621EBFA-8CF0-4D3E-A54A-1A1924314111}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\Local Settings\{C509E0E3-7FA8-441F-A6F7-57CFAD3A54B2}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\Local Settings\{3621EBFA-8CF0-4D3E-A54A-1A1924314111}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\{C509E0E3-7FA8-441F-A6F7-57CFAD3A54B2}
2012-06-02 14:49 - 2012-06-02 14:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\{3621EBFA-8CF0-4D3E-A54A-1A1924314111}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{FD25D9DD-474C-4F71-A3BE-65982CF8DF67}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\Local Settings\Application Data\{0318AF85-41BA-4EB5-8FA0-F111D085F786}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\Local Settings\{FD25D9DD-474C-4F71-A3BE-65982CF8DF67}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\Local Settings\{0318AF85-41BA-4EB5-8FA0-F111D085F786}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\{FD25D9DD-474C-4F71-A3BE-65982CF8DF67}
2012-06-02 02:49 - 2012-06-02 02:49 - 00000000 ____D C:\Users\Rainer\AppData\Local\{0318AF85-41BA-4EB5-8FA0-F111D085F786}

============ 3 Months Modified Files ========================

2012-07-02 05:42 - 2011-10-19 13:15 - 00259358 ____A C:\Windows\WindowsUpdate.log
2012-07-02 05:41 - 2009-07-14 00:13 - 00791362 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 05:39 - 2012-07-02 05:39 - 01430427 ____A C:\Users\Rainer\Downloads\FRST64.exe
2012-07-02 05:36 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 05:36 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 04:00 - 2012-04-18 06:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-02 00:28 - 2012-06-19 10:42 - 00001232 ____A C:\Windows\setupact.log
2012-07-02 00:28 - 2012-06-19 08:05 - 00000304 ____A C:\Windows\Tasks\cdmcbmadpr.job
2012-07-02 00:28 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-30 02:00 - 2011-10-19 10:58 - 00101752 ____A C:\Users\Rainer\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-30 02:00 - 2011-10-19 10:58 - 00101752 ____A C:\Users\Rainer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-30 02:00 - 2011-10-19 10:58 - 00101752 ____A C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-30 02:00 - 2009-07-13 23:45 - 00394288 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-30 01:59 - 2012-06-30 01:56 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-06-30 01:59 - 2012-06-30 01:56 - 00000042 ____A C:\repairs_running.dat
2012-06-30 01:52 - 2012-06-30 01:52 - 00002293 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-06-30 01:52 - 2012-06-30 01:52 - 00002293 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-06-30 01:49 - 2012-06-30 01:49 - 04623766 ____A C:\Users\Rainer\Downloads\tweaking.com_windows_repair_aio_setup.exe
2012-06-29 01:36 - 2012-06-28 00:51 - 00002453 ____A C:\Users\Rainer\Downloads\FSS.txt
2012-06-29 01:27 - 2012-06-29 01:27 - 00000314 ____A C:\Users\Rainer\Desktop\helped.txt
2012-06-28 00:46 - 2012-06-28 00:46 - 00340645 ____A C:\Users\Rainer\Downloads\FSS.exe
2012-06-27 00:38 - 2012-06-27 00:38 - 00001805 ____A C:\Users\Rainer\Desktop\aswMBR.txt
2012-06-27 00:38 - 2012-06-27 00:38 - 00000512 ____A C:\Users\Rainer\Desktop\MBR.dat.dat
2012-06-27 00:36 - 2012-06-27 00:36 - 04731392 ____A (AVAST Software) C:\Users\Rainer\Downloads\aswMBR.exe
2012-06-26 00:31 - 2012-04-18 06:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-21 01:22 - 2012-06-20 06:14 - 00003018 ____A C:\Windows\PFRO.log
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-21 01:16 - 2012-06-21 01:16 - 00101752 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-21 01:13 - 2012-06-21 03:07 - 00016896 ____A C:\Users\Rainer\Desktop\combofix.txt
2012-06-21 01:13 - 2012-06-21 01:13 - 00016896 ____A C:\Users\Administrator\Desktop\combofix.txt
2012-06-21 01:12 - 2012-06-21 01:12 - 00016896 ____A C:\ComboFix.txt
2012-06-21 01:11 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-06-21 01:01 - 2012-06-21 01:00 - 04563474 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-06-21 00:50 - 2012-06-21 00:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2012-06-21 00:34 - 2012-06-21 00:34 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-21 00:34 - 2012-06-21 00:34 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-21 00:34 - 2012-06-21 00:34 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-21 00:34 - 2012-06-21 00:34 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-21 00:34 - 2011-07-17 07:58 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-20 08:46 - 2011-10-19 11:54 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-20 06:16 - 2011-02-10 11:10 - 00797208 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-19 10:49 - 2012-06-19 10:48 - 12633472 ____A (Microsoft Corporation) C:\Users\Rainer\Downloads\mseinstall.exe
2012-06-19 10:42 - 2012-06-19 10:42 - 00000000 ____A C:\Windows\setuperr.log
2012-06-19 09:44 - 2012-06-19 09:43 - 00067468 ____A C:\Users\Rainer\My Documents\cc_20120619_174345.reg
2012-06-19 09:44 - 2012-06-19 09:43 - 00067468 ____A C:\Users\Rainer\Documents\cc_20120619_174345.reg
2012-06-19 08:05 - 2012-06-19 08:05 - 00118784 _RASH C:\Windows\SysWOW64\WINSRPCA.dll
2012-06-15 08:49 - 2012-03-29 00:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-15 08:49 - 2011-10-20 14:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-14 08:04 - 2011-10-19 11:41 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 04:42 - 2012-06-11 04:42 - 00741335 ____A C:\Users\Rainer\Desktop\EKCERÍLINE_TEED_JA_PLATSID_1_KAI_10 05 2012 (4)
2012-06-08 07:12 - 2012-04-16 05:37 - 00010749 ____A C:\Users\Rainer\Desktop\Puhkused2012.xlsx
2012-06-06 06:03 - 2011-10-24 01:24 - 00187190 ____A C:\Users\Rainer\Desktop\KT liikide kaupa 2012.xlsx
2012-06-06 01:25 - 2012-03-19 05:08 - 00011492 ____A C:\Users\Rainer\Desktop\Hoiustamise kliendid2012.xlsx
2012-06-05 07:57 - 2012-02-06 04:10 - 00688640 ____A C:\Users\Rainer\Desktop\Sildumine ES2012.xls
2012-06-04 03:26 - 2011-10-24 01:24 - 00030399 ____A C:\Users\Rainer\Desktop\Sildumiste arvutus.xlsx
2012-06-02 17:19 - 2012-06-21 00:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 00:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 00:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 00:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 00:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 00:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 00:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 07:19 - 2012-06-21 00:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 07:15 - 2012-06-21 00:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-18 14:13 - 2012-05-14 14:36 - 09505636 ____A C:\Users\Rainer\Downloads\fastcar.mp3
2012-05-17 21:47 - 2012-06-14 08:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-14 08:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-14 08:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-14 08:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-14 08:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-14 08:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-14 08:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-14 08:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-14 08:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-14 08:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-14 08:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-14 08:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-14 08:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-14 08:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-14 08:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-14 08:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-14 08:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-14 08:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-14 08:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-14 08:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-14 08:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-14 08:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-14 08:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-14 08:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-14 08:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-14 08:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-14 08:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-14 08:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 20:32 - 2012-06-14 00:33 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 14:20 - 2012-05-14 14:19 - 04439494 ____A C:\Users\Rainer\Downloads\The Clash - Bankrobber.mp3
2012-05-14 01:14 - 2012-03-29 10:53 - 01814617 ____A C:\Users\Rainer\Downloads\arvutihullu.mp3
2012-05-14 01:13 - 2012-05-14 01:13 - 02450482 ____A C:\Users\Rainer\Downloads\lousy robot - a not quite perfect film.mp3
2012-05-05 07:13 - 2012-03-29 01:11 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 06:06 - 2012-06-14 00:33 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-14 00:33 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-14 00:33 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-14 00:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 22:55 - 2012-06-14 00:33 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-14 00:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-14 00:33 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-14 00:33 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 09:42 - 2009-07-14 00:08 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-24 00:37 - 2012-06-14 00:33 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-14 00:33 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-14 00:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-14 00:33 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-14 00:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-14 00:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-16 05:49 - 2012-04-16 05:49 - 00056320 ____A C:\Users\Rainer\Desktop\Copy of Puhkuse ajakava ES (3).xls
2012-04-13 00:42 - 2012-01-11 01:40 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-13 00:42 - 2012-01-11 01:40 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-04-10 12:44 - 2012-04-10 12:44 - 00002099 ____A C:\Users\Rainer\Downloads\EST-all_speedcams_iGO_txt.zip
2012-04-10 08:14 - 2012-04-10 08:14 - 12389392 ____A C:\Users\Rainer\Downloads\Estonia83Regio_2011.03_110428.fbl
2012-04-07 07:31 - 2012-06-14 00:33 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-14 00:33 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8086.17 MB
Available physical RAM: 7321.61 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7323.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:580 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.96 GB) NTFS
4 Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:2.63 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB
Disk 1 Online 3823 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 679 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 19 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 679 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3822 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F STORE N GO FAT32 Removable 3822 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-01 13:38

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users