Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eset keep giving me a message that URL blocked


  • This topic is locked This topic is locked
53 replies to this topic

#1 Makk

Makk

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 22 June 2012 - 02:51 AM

Hi
I have Eset Smart security installed on my windows 7 64 bit.
It keep giving me a message that it blocked an URL and it gives me an address and IP address.
It usually pops up in every 10-15 minutes with similar url addresses.
It started 2-3 weeks ago and when it was showing this message every 5 minutes I did a windows reinstall but it seems it didn't help because after a few days it started again.
If I do a scan with the smart security it doesn't find anything.
Thank you for your help

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Makk at 9:40:16 on 2012-06-22
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1038.18.4077.2248 [GMT 2:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Dávnlód\_TORRENT FILEOK_\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Xilisoft YouTube HD Video Converter - C:\Program Files (x86)\Xilisoft\YouTube HD Video Converter\upod_link.HTM
IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84D02AB6-6E6A-47A8-9E6D-D297D979AEC3} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Makk\AppData\Roaming\Mozilla\Firefox\Profiles\pasc5fb8.default\
FF - prefs.js: browser.startup.homepage - www.google.hu/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120]
S3 StorSvc;Társzolgáltatás;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 01:44:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A5BA708-BF66-43BB-80E8-A4F1AD27FC2D}\offreg.dll
2012-06-21 21:53:29 1758208 ----a-w- C:\Windows\SysWow64\mprdin.dll
2012-06-21 08:41:12 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-06-21 08:41:12 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-06-21 08:41:05 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-21 08:41:04 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-21 08:40:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-06-21 08:40:56 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-06-21 08:40:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-21 08:40:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-21 08:40:55 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-21 08:40:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-21 08:40:55 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-21 08:40:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-21 08:40:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-21 08:40:54 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-20 18:22:33 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A5BA708-BF66-43BB-80E8-A4F1AD27FC2D}\mpengine.dll
2012-06-20 16:14:32 -------- d-----w- C:\Users\Makk\AppData\Local\Apple Computer
2012-06-20 16:14:23 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-20 16:14:23 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-20 16:14:23 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-20 16:14:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 16:14:10 -------- d-----w- C:\Program Files\iTunes
2012-06-20 16:14:10 -------- d-----w- C:\Program Files\iPod
2012-06-20 16:14:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-20 16:13:50 -------- d-----w- C:\Users\Makk\AppData\Local\Apple
2012-06-20 16:13:36 -------- d-----w- C:\Program Files\Bonjour
2012-06-20 16:13:36 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-20 11:22:11 -------- d-----w- C:\Users\Makk\AppData\Local\Xilisoft
2012-06-20 10:23:30 -------- d-----w- C:\tmpDownload
2012-06-20 10:05:50 -------- d-----w- C:\Users\Makk\AppData\Roaming\Xilisoft
2012-06-20 10:05:32 726016 ----a-w- C:\Windows\SysWow64\7z.dll
2012-06-20 10:05:32 -------- d-----w- C:\ProgramData\Xilisoft
2012-06-20 10:05:22 1760768 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll
2012-06-20 10:05:21 -------- d-----w- C:\Program Files (x86)\Xilisoft
2012-06-18 19:02:25 -------- d-----w- C:\Users\Makk\AppData\Local\Adobe
2012-06-18 11:32:57 -------- d-----w- C:\Windows\PCHEALTH
2012-06-18 11:31:34 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-18 11:31:13 -------- d-----w- C:\Users\Makk\AppData\Local\Microsoft Help
2012-06-18 11:26:47 -------- d-----w- C:\Users\Makk\AppData\Local\Plus500
2012-06-18 11:26:47 -------- d-----w- C:\Program Files (x86)\Plus500
2012-06-18 11:16:21 -------- d-----w- C:\Program Files (x86)\CoreCodec
2012-06-18 11:15:06 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-06-18 11:01:34 -------- d-----w- C:\Users\Makk\AppData\Roaming\BSplayer PRO
2012-06-18 11:01:30 -------- d-----w- C:\Program Files (x86)\Webteh
2012-06-18 10:59:04 -------- d-----w- C:\Users\Makk\AppData\Local\GHISLER
2012-06-18 10:55:46 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-06-18 10:54:08 -------- d-----w- C:\Users\Makk\AppData\Roaming\uTorrent
2012-06-18 10:46:32 -------- d-----w- C:\Users\Makk\AppData\Local\Macromedia
2012-06-18 10:46:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 10:46:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-18 10:45:29 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-18 10:42:23 -------- d-----w- C:\Windows\Panther
2012-06-18 10:39:26 545 ----a-w- C:\Windows\UC.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\RAR.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\PKZIP.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\PKUNZIP.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\NOCLOSE.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\LHA.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\ARJ.PIF
2012-06-18 10:39:26 -------- d-----w- C:\Users\Makk\AppData\Roaming\GHISLER
2012-06-18 10:39:26 -------- d-----w- C:\totalcmd
2012-06-18 10:26:59 -------- d-----w- C:\Users\Makk\AppData\Roaming\ESET
2012-06-18 10:26:59 -------- d-----w- C:\Users\Makk\AppData\Local\ESET
2012-06-18 10:25:49 -------- d-----w- C:\Program Files\ESET
2012-06-18 10:21:53 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-18 10:21:52 -------- d-----w- C:\Windows\System32\Wat
2012-06-18 10:16:15 -------- d-----w- C:\Users\Makk\AppData\Local\ATI
2012-06-18 10:15:14 0 ----a-w- C:\Windows\ativpsrm.bin
2012-06-18 10:10:53 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-18 10:09:21 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-18 10:09:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-18 10:09:21 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-18 10:09:21 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-18 10:09:21 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-18 10:09:21 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-18 10:09:21 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-18 10:07:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-18 10:04:49 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-18 10:04:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-18 10:03:37 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-06-18 10:03:07 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-06-18 10:02:53 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-06-18 10:02:51 -------- d-----w- C:\Program Files\ATI
2012-06-18 10:02:29 -------- d-----w- C:\Program Files\ATI Technologies
2012-06-18 10:01:55 -------- d-----w- C:\AMD
2012-06-18 09:58:41 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-18 09:58:14 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-06-18 09:57:59 -------- d-sh--w- C:\Windows\Installer
2012-06-18 09:57:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-06-18 09:55:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-06-18 09:55:09 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-06-18 09:54:56 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:40:35,45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 23 June 2012 - 07:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 23 June 2012 - 12:32 PM

Hi
Thank you for your quick reply.
I've done as you asked. I am still having the url blocked message from eset.
There are the results from security check:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader X (10.1.0)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 23 June 2012 - 12:41 PM

Hello Makk

let me have the report from combofix when it is reaDY



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 23 June 2012 - 12:43 PM

Hi
I'm sorry.
It is here:

ComboFix 12-06-23.05 - Makk 012.06.23. 19:35:54.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1038.18.4077.2792 [GMT 2:00]
Running from: d:\dßvnlˇd\_TORRENT FILEOK_\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 07:56 . 2012-06-23 07:56 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-21 21:53 . 2012-06-21 21:53 1758208 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-06-21 08:41 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-21 08:41 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-21 08:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-21 08:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-21 08:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-21 08:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-21 08:40 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-21 08:40 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-21 08:40 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-21 08:40 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-21 08:40 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-21 08:40 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-21 08:40 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-21 08:40 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-20 18:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A5BA708-BF66-43BB-80E8-A4F1AD27FC2D}\mpengine.dll
2012-06-20 16:14 . 2012-06-20 16:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\programdata\Apple
2012-06-20 10:23 . 2012-06-20 10:23 -------- d-----w- C:\tmpDownload
2012-06-20 10:05 . 2012-06-20 10:43 -------- d-----w- c:\programdata\Xilisoft
2012-06-20 10:05 . 2012-06-20 10:05 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-06-20 10:05 . 2012-06-20 18:21 -------- d-----w- c:\program files (x86)\Xilisoft
2012-06-18 11:33 . 2012-06-18 11:33 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-18 11:32 . 2012-06-18 11:32 -------- d-----w- c:\windows\PCHEALTH
2012-06-18 11:32 . 2012-06-18 11:32 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-18 11:31 . 2012-06-18 11:31 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-18 11:31 . 2012-06-18 11:34 -------- d-----w- c:\programdata\Microsoft Help
2012-06-18 11:30 . 2012-06-18 11:30 -------- d-----r- C:\MSOCache
2012-06-18 11:26 . 2012-06-18 11:26 -------- d-----w- c:\program files (x86)\Plus500
2012-06-18 11:16 . 2012-06-18 11:16 -------- d-----w- c:\program files (x86)\CoreCodec
2012-06-18 11:15 . 2012-06-18 11:15 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-06-18 11:01 . 2012-06-18 11:01 -------- d-----w- c:\program files (x86)\Webteh
2012-06-18 10:55 . 2012-06-18 10:55 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-18 10:51 . 2012-06-18 10:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-18 10:46 . 2012-06-20 07:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 10:46 . 2012-06-20 07:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-18 10:46 . 2012-06-18 10:46 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-18 10:46 . 2012-06-18 10:46 -------- d-----w- c:\windows\system32\Macromed
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----r- c:\program files (x86)\Skype
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----w- c:\programdata\Skype
2012-06-18 10:42 . 2012-06-18 09:47 -------- d-----w- c:\windows\Panther
2012-06-18 10:41 . 2012-06-18 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-18 10:39 . 2012-06-18 10:39 -------- d-----w- C:\totalcmd
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2012-06-18 10:25 . 2012-06-18 10:25 -------- d-----w- c:\program files\ESET
2012-06-18 10:21 . 2012-06-18 10:21 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-18 10:21 . 2012-06-18 10:21 -------- d-----w- c:\windows\system32\Wat
2012-06-18 10:16 . 2012-06-18 10:16 -------- d-----w- c:\programdata\ATI
2012-06-18 10:15 . 2012-06-18 10:15 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-18 10:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-18 10:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-18 10:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-18 10:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-18 10:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-18 10:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-18 10:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-18 10:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-18 10:04 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-18 10:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-18 10:03 . 2012-06-18 10:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-18 10:03 . 2012-06-18 10:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-18 10:02 . 2012-06-18 10:03 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-18 10:02 . 2012-06-18 10:02 -------- d-----w- c:\program files\ATI
2012-06-18 10:02 . 2012-06-18 10:03 -------- d-----w- c:\program files\ATI Technologies
2012-06-18 10:01 . 2012-06-18 10:01 -------- d-----w- C:\AMD
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\programdata\Hewlett-Packard
2012-06-18 09:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-06-18 09:57 . 2012-06-20 16:14 -------- d-sh--w- c:\windows\Installer
2012-06-18 09:57 . 2011-06-10 04:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-18 09:55 . 2012-06-18 09:55 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-18 09:55 . 2012-06-18 09:55 -------- d-----w- c:\program files (x86)\Intel
2012-06-18 09:55 . 2011-04-15 08:00 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-06-18 09:54 . 2012-06-18 09:54 -------- d-----w- C:\Intel
2012-06-18 09:47 . 2012-06-18 09:48 -------- d-----w- c:\users\Makk
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-----w- C:\Recovery
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\users\Default\Sablonok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\users\Default\Dokumentumok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Sablonok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Dokumentumok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Asztal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Xilisoft YouTube HD Video Converter - c:\program files (x86)\Xilisoft\YouTube HD Video Converter\upod_link.HTM
IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Makk\AppData\Roaming\Mozilla\Firefox\Profiles\pasc5fb8.default\
FF - prefs.js: browser.startup.homepage - www.google.hu/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-23 19:42:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 17:42
.
Pre-Run: 48 043 208 704 bájt szabad
Post-Run: 47 623 323 648 bájt szabad
.
- - End Of File - - 2094F3A505863BF45ABCB4ED2D27BF62

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 23 June 2012 - 12:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 24 June 2012 - 01:54 PM

Hi
I've done as you asked. What happened is I didn't get the url blocked message since but the eset smart security keep giving me a warning that it found a virus, it offers me to delete it when I click on that it says
it can't delete it.
Object: c:\windows\system32\services.exe
Win64/Patched.B.Gen trojan

It also keep giving me an other warning that it found a trojan but it deleted it. Details about that one:
Object: c:\windows\installer\{1283027f-9a33-4398-e40c-587f273bf513}\U\00000001.@
win64/Sirefef.AI trojan
So these are the changes with the machine, there are the information what you requested:
TDSSKiller:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Makk at 9:40:16 on 2012-06-22
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1038.18.4077.2248 [GMT 2:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Dávnlód\_TORRENT FILEOK_\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Xilisoft YouTube HD Video Converter - C:\Program Files (x86)\Xilisoft\YouTube HD Video Converter\upod_link.HTM
IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84D02AB6-6E6A-47A8-9E6D-D297D979AEC3} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Makk\AppData\Roaming\Mozilla\Firefox\Profiles\pasc5fb8.default\
FF - prefs.js: browser.startup.homepage - www.google.hu/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120]
S3 StorSvc;Társzolgáltatás;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 01:44:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A5BA708-BF66-43BB-80E8-A4F1AD27FC2D}\offreg.dll
2012-06-21 21:53:29 1758208 ----a-w- C:\Windows\SysWow64\mprdin.dll
2012-06-21 08:41:12 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-06-21 08:41:12 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-06-21 08:41:05 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-21 08:41:04 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-21 08:40:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-06-21 08:40:56 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-06-21 08:40:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-21 08:40:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-06-21 08:40:55 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-06-21 08:40:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-06-21 08:40:55 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-06-21 08:40:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-06-21 08:40:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-06-21 08:40:54 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-20 18:22:33 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A5BA708-BF66-43BB-80E8-A4F1AD27FC2D}\mpengine.dll
2012-06-20 16:14:32 -------- d-----w- C:\Users\Makk\AppData\Local\Apple Computer
2012-06-20 16:14:23 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-20 16:14:23 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-20 16:14:23 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-20 16:14:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 16:14:10 -------- d-----w- C:\Program Files\iTunes
2012-06-20 16:14:10 -------- d-----w- C:\Program Files\iPod
2012-06-20 16:14:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-20 16:13:50 -------- d-----w- C:\Users\Makk\AppData\Local\Apple
2012-06-20 16:13:36 -------- d-----w- C:\Program Files\Bonjour
2012-06-20 16:13:36 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-20 11:22:11 -------- d-----w- C:\Users\Makk\AppData\Local\Xilisoft
2012-06-20 10:23:30 -------- d-----w- C:\tmpDownload
2012-06-20 10:05:50 -------- d-----w- C:\Users\Makk\AppData\Roaming\Xilisoft
2012-06-20 10:05:32 726016 ----a-w- C:\Windows\SysWow64\7z.dll
2012-06-20 10:05:32 -------- d-----w- C:\ProgramData\Xilisoft
2012-06-20 10:05:22 1760768 ----a-w- C:\Windows\SysWow64\Mcx2Svc.dll
2012-06-20 10:05:21 -------- d-----w- C:\Program Files (x86)\Xilisoft
2012-06-18 19:02:25 -------- d-----w- C:\Users\Makk\AppData\Local\Adobe
2012-06-18 11:32:57 -------- d-----w- C:\Windows\PCHEALTH
2012-06-18 11:31:34 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-18 11:31:13 -------- d-----w- C:\Users\Makk\AppData\Local\Microsoft Help
2012-06-18 11:26:47 -------- d-----w- C:\Users\Makk\AppData\Local\Plus500
2012-06-18 11:26:47 -------- d-----w- C:\Program Files (x86)\Plus500
2012-06-18 11:16:21 -------- d-----w- C:\Program Files (x86)\CoreCodec
2012-06-18 11:15:06 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-06-18 11:01:34 -------- d-----w- C:\Users\Makk\AppData\Roaming\BSplayer PRO
2012-06-18 11:01:30 -------- d-----w- C:\Program Files (x86)\Webteh
2012-06-18 10:59:04 -------- d-----w- C:\Users\Makk\AppData\Local\GHISLER
2012-06-18 10:55:46 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-06-18 10:54:08 -------- d-----w- C:\Users\Makk\AppData\Roaming\uTorrent
2012-06-18 10:46:32 -------- d-----w- C:\Users\Makk\AppData\Local\Macromedia
2012-06-18 10:46:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 10:46:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-18 10:45:29 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-18 10:42:23 -------- d-----w- C:\Windows\Panther
2012-06-18 10:39:26 545 ----a-w- C:\Windows\UC.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\RAR.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\PKZIP.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\PKUNZIP.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\NOCLOSE.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\LHA.PIF
2012-06-18 10:39:26 545 ----a-w- C:\Windows\ARJ.PIF
2012-06-18 10:39:26 -------- d-----w- C:\Users\Makk\AppData\Roaming\GHISLER
2012-06-18 10:39:26 -------- d-----w- C:\totalcmd
2012-06-18 10:26:59 -------- d-----w- C:\Users\Makk\AppData\Roaming\ESET
2012-06-18 10:26:59 -------- d-----w- C:\Users\Makk\AppData\Local\ESET
2012-06-18 10:25:49 -------- d-----w- C:\Program Files\ESET
2012-06-18 10:21:53 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-18 10:21:52 -------- d-----w- C:\Windows\System32\Wat
2012-06-18 10:16:15 -------- d-----w- C:\Users\Makk\AppData\Local\ATI
2012-06-18 10:15:14 0 ----a-w- C:\Windows\ativpsrm.bin
2012-06-18 10:10:53 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-18 10:09:21 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-18 10:09:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-18 10:09:21 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-18 10:09:21 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-18 10:09:21 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-18 10:09:21 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-18 10:09:21 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-18 10:07:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-18 10:04:49 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-18 10:04:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-18 10:03:37 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-06-18 10:03:07 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-06-18 10:02:53 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-06-18 10:02:51 -------- d-----w- C:\Program Files\ATI
2012-06-18 10:02:29 -------- d-----w- C:\Program Files\ATI Technologies
2012-06-18 10:01:55 -------- d-----w- C:\AMD
2012-06-18 09:58:41 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-18 09:58:14 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-06-18 09:57:59 -------- d-sh--w- C:\Windows\Installer
2012-06-18 09:57:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-06-18 09:55:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-06-18 09:55:09 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-06-18 09:54:56 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:40:35,45 ===============

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 10:04:00
-----------------------------
10:04:00.292 OS Version: Windows x64 6.1.7601 Service Pack 1
10:04:00.292 Number of processors: 4 586 0x2A07
10:04:00.293 ComputerName: MAKK-PC UserName: Makk
10:04:00.545 Initialize success
10:04:22.014 AVAST engine defs: 12062301
10:04:30.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:04:30.886 Disk 0 Vendor: SAMSUNG_HD403LJ CT100-10 Size: 381553MB BusType: 3
10:04:30.955 Disk 0 MBR read successfully
10:04:30.958 Disk 0 MBR scan
10:04:30.963 Disk 0 Windows 7 default MBR code
10:04:30.969 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:04:30.978 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70308 MB offset 206848
10:04:30.991 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 311141 MB offset 144199440
10:04:31.022 Disk 0 scanning C:\Windows\system32\drivers
10:04:38.306 Service scanning
10:04:56.495 Modules scanning
10:04:56.503 Disk 0 trace - called modules:
10:04:56.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:04:56.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d3f060]
10:04:56.849 3 CLASSPNP.SYS[fffff88001b8643f] -> nt!IofCallDriver -> [0xfffffa8004ac3580]
10:04:56.853 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004780060]
10:04:57.084 AVAST engine scan C:\Windows
10:04:59.712 AVAST engine scan C:\Windows\system32
10:06:30.270 AVAST engine scan C:\Windows\system32\drivers
10:06:36.297 AVAST engine scan C:\Users\Makk
10:07:50.711 AVAST engine scan C:\ProgramData
10:08:00.863 Scan finished successfully
10:08:58.808 Disk 0 MBR has been saved successfully to "C:\Users\Makk\Documents\MBR.dat"
10:08:58.811 The log file has been saved successfully to "C:\Users\Makk\Documents\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 24 June 2012 - 08:32 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 June 2012 - 08:24 AM

Hi
I've done it.
I did the scan but I didn't clicked on fix it because you didn't tell me to do so.
There are no changes with the computer since my last post. It still giving me the two warning messages.
There are the results about the scan:


Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 25-06-2012 14:47:42
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: 040E
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [4891944 2009-06-23] (Nero AG)
HKU\Makk\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Makk\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [4891944 2009-06-23] (Nero AG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 NeroMediaHomeService.4; "C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe" [259368 2009-06-23] (Nero AG)
2 RemoteAccess; C:\Windows\SysWOW64\mprdin.dll [1758208 2012-06-21] ()
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-21] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [x]

========================== Drivers (Whitelisted) =============

1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-25 14:47 - 2012-06-25 14:47 - 00000000 ____D C:\FRST
2012-06-25 13:38 - 2012-06-25 13:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-24 18:10 - 2012-06-24 18:10 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2012-06-24 18:06 - 2012-06-24 18:09 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2012-06-24 18:06 - 2012-06-24 18:06 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Sablonok
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Dokumentumok
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Zene
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Videók
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Képek
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Nero
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\Users\Makk\AppData\Local\Nero
2012-06-24 18:05 - 2012-06-24 18:05 - 00002511 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2012-06-24 18:04 - 2012-06-24 18:06 - 00000000 ____D C:\Users\All Users\Nero
2012-06-24 18:04 - 2012-06-24 18:05 - 00000000 ____D C:\Program Files (x86)\Nero
2012-06-24 15:11 - 2012-06-24 15:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files\iTunes
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files\iPod
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-24 09:08 - 2012-06-24 09:08 - 00002044 ____A C:\Users\Makk\Documents\aswMBR.txt
2012-06-24 09:08 - 2012-06-24 09:08 - 00000512 ____A C:\Users\Makk\Documents\MBR.dat
2012-06-24 08:29 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 08:29 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 08:29 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 08:29 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 08:29 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 08:29 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 08:29 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 08:29 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 08:29 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-23 18:42 - 2012-06-23 18:42 - 00016760 ____A C:\ComboFix.txt
2012-06-23 18:35 - 2012-06-23 18:42 - 00000000 ____D C:\Qoobox
2012-06-23 18:35 - 2012-06-23 18:41 - 00000000 ____D C:\Windows\erdnt
2012-06-23 18:35 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-23 18:35 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-23 18:35 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-23 18:35 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-23 18:35 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-23 18:35 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-23 18:35 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-23 18:35 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-23 18:34 - 2012-06-23 18:34 - 00001249 ____A C:\Users\Makk\Documents\com.txt
2012-06-23 08:56 - 2012-06-23 09:30 - 00000000 ____D C:\Users\Makk\AppData\Roaming\vlc
2012-06-23 08:56 - 2012-06-23 08:56 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-23 08:56 - 2012-06-23 08:56 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-22 08:42 - 2012-06-22 08:42 - 00016839 ____A C:\Users\Makk\Documents\DDS.txt
2012-06-22 08:42 - 2012-06-22 08:42 - 00003057 ____A C:\Users\Makk\Documents\Attach.txt
2012-06-21 22:53 - 2012-06-21 22:53 - 01758208 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-21 22:53 - 2012-06-21 22:53 - 00000400 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-21 09:42 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-21 09:42 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-21 09:42 - 2012-05-01 06:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-21 09:42 - 2012-04-24 06:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-21 09:42 - 2012-04-24 06:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-21 09:42 - 2012-04-24 06:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-21 09:42 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-21 09:42 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-21 09:42 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-21 09:42 - 2012-01-04 11:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-21 09:42 - 2012-01-04 11:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-06-21 09:42 - 2012-01-04 09:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-21 09:42 - 2012-01-04 09:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-06-21 09:42 - 2011-12-30 07:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-06-21 09:42 - 2011-12-30 06:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-06-21 09:42 - 2011-06-16 06:49 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-06-21 09:42 - 2011-06-16 05:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-06-21 09:42 - 2011-05-04 06:25 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-06-21 09:42 - 2011-05-04 06:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-06-21 09:42 - 2011-05-04 06:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-06-21 09:42 - 2011-05-04 06:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-06-21 09:42 - 2011-05-04 06:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-06-21 09:42 - 2011-05-04 06:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-06-21 09:42 - 2011-05-04 06:19 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-06-21 09:42 - 2011-05-04 06:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-06-21 09:42 - 2011-05-04 06:19 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-06-21 09:42 - 2011-05-04 05:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-06-21 09:42 - 2011-05-04 05:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-06-21 09:42 - 2011-05-04 05:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-06-21 09:42 - 2011-05-04 05:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-06-21 09:42 - 2011-05-04 05:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-06-21 09:42 - 2011-05-04 05:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-06-21 09:42 - 2011-05-04 05:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-06-21 09:42 - 2011-05-04 05:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-06-21 09:42 - 2011-05-04 05:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-06-21 09:42 - 2011-03-12 13:08 - 01465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-06-21 09:42 - 2011-03-12 12:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-06-21 09:42 - 2011-03-11 07:41 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-06-21 09:42 - 2011-03-11 07:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-06-21 09:42 - 2011-03-11 07:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-06-21 09:42 - 2011-03-11 07:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-06-21 09:42 - 2011-03-11 06:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-06-21 09:42 - 2011-03-11 06:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-06-21 09:42 - 2011-03-11 05:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-06-21 09:42 - 2011-02-25 07:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-06-21 09:42 - 2011-02-25 06:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-06-21 09:42 - 2011-02-24 07:15 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-06-21 09:42 - 2011-02-24 06:38 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-06-21 09:42 - 2011-02-19 13:05 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-06-21 09:42 - 2011-02-19 13:04 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-21 09:42 - 2011-02-19 07:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-06-21 09:41 - 2012-04-07 13:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-21 09:41 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-21 09:41 - 2011-01-17 12:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-21 09:41 - 2011-01-17 06:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-06-21 09:40 - 2011-04-22 23:15 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-06-21 09:40 - 2011-03-25 04:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-06-21 09:40 - 2011-03-25 04:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-06-21 09:40 - 2011-02-18 11:51 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-06-21 09:40 - 2011-02-18 06:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-06-20 18:15 - 2012-06-20 18:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-20 17:56 - 2012-06-20 17:56 - 473283944 ____A C:\Windows\MEMORY.DMP
2012-06-20 17:56 - 2012-06-20 17:56 - 00642408 ____A C:\Windows\Minidump\062012-31231-01.dmp
2012-06-20 17:56 - 2012-06-20 17:56 - 00000000 ____D C:\Windows\Minidump
2012-06-20 17:14 - 2012-06-20 18:16 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Apple Computer
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\Makk\AppData\Local\Apple Computer
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 17:14 - 2009-05-18 12:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-06-20 17:14 - 2008-04-17 11:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-06-20 17:14 - 2008-04-17 11:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Users\Makk\AppData\Local\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Users\All Users\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files\Bonjour
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-20 12:22 - 2012-06-20 12:22 - 00000000 ____D C:\Users\Makk\Documents\Xilisoft
2012-06-20 12:22 - 2012-06-20 12:22 - 00000000 ____D C:\Users\Makk\AppData\Local\Xilisoft
2012-06-20 11:43 - 2012-06-20 11:43 - 00002245 ____A C:\Users\Public\Desktop\Xilisoft YouTube HD Video Converter.lnk
2012-06-20 11:23 - 2012-06-20 11:23 - 00000000 ____D C:\tmpDownload
2012-06-20 11:05 - 2012-06-20 19:21 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-06-20 11:05 - 2012-06-20 12:22 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Xilisoft
2012-06-20 11:05 - 2012-06-20 11:43 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-06-20 11:05 - 2012-06-20 11:05 - 00726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-06-20 10:49 - 2007-12-12 15:12 - 00000006 ____A C:\Windows\youtubed.ocx
2012-06-18 20:02 - 2012-06-18 20:02 - 00000000 ____D C:\Users\Makk\AppData\Local\Adobe
2012-06-18 12:33 - 2012-06-18 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-06-18 12:33 - 2012-06-18 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-06-18 12:32 - 2012-06-18 12:32 - 00000000 ____D C:\Windows\PCHEALTH
2012-06-18 12:31 - 2012-06-18 12:34 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-18 12:31 - 2012-06-18 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Users\Makk\AppData\Local\Microsoft Help
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-18 12:30 - 2012-06-18 12:30 - 00000000 ___RD C:\MSOCache
2012-06-18 12:26 - 2012-06-18 12:26 - 00000929 ____A C:\Users\Makk\Desktop\Plus500.lnk
2012-06-18 12:26 - 2012-06-18 12:26 - 00000000 ____D C:\Users\Makk\AppData\Local\Plus500
2012-06-18 12:26 - 2012-06-18 12:26 - 00000000 ____D C:\Program Files (x86)\Plus500
2012-06-18 12:16 - 2012-06-18 12:16 - 00000000 ____D C:\Program Files (x86)\CoreCodec
2012-06-18 12:15 - 2012-06-18 12:15 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-06-18 12:01 - 2012-06-20 18:21 - 00000000 ____D C:\Users\Makk\AppData\Roaming\BSplayer PRO
2012-06-18 12:01 - 2012-06-18 12:01 - 00001143 ____A C:\Users\Public\Desktop\BS.Player PRO.lnk
2012-06-18 12:01 - 2012-06-18 12:01 - 00000000 ____D C:\Program Files (x86)\Webteh
2012-06-18 11:59 - 2012-06-18 11:59 - 00000000 ____D C:\Users\Makk\AppData\Local\GHISLER
2012-06-18 11:55 - 2012-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-18 11:54 - 2012-06-25 13:42 - 00000000 ____D C:\Users\Makk\AppData\Roaming\uTorrent
2012-06-18 11:51 - 2012-06-18 11:51 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-18 11:51 - 2012-06-18 11:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-18 11:50 - 2012-06-18 20:03 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-18 11:46 - 2012-06-20 08:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-18 11:46 - 2012-06-20 08:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-18 11:46 - 2012-06-18 20:02 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Adobe
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Macromedia
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Users\Makk\AppData\Local\Macromedia
2012-06-18 11:45 - 2012-06-25 13:32 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Skype
2012-06-18 11:45 - 2012-06-18 11:45 - 00002533 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-18 11:45 - 2012-06-18 11:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-18 11:45 - 2012-06-18 11:45 - 00000000 ____D C:\Users\All Users\Skype
2012-06-18 11:44 - 2012-06-18 11:44 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Makk\Downloads\SkypeSetup.exe
2012-06-18 11:42 - 2012-06-18 10:47 - 00000000 ____D C:\Windows\Panther
2012-06-18 11:41 - 2012-06-18 11:41 - 00001049 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\Makk\AppData\Local\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-18 11:39 - 2012-06-18 11:39 - 00000000 ____D C:\Users\Makk\AppData\Roaming\GHISLER
2012-06-18 11:39 - 2012-06-18 11:39 - 00000000 ____D C:\totalcmd
2012-06-18 11:39 - 2010-07-07 06:55 - 00000545 ____A C:\Windows\UC.PIF
2012-06-18 11:39 - 2010-07-07 06:55 - 00000545 ____A C:\Windows\RAR.PIF
2012-06-18 11:39 - 2010-07-07 06:55 - 00000545 ____A C:\Windows\NOCLOSE.PIF
2012-06-18 11:39 - 2010-07-07 06:55 - 00000545 ____A C:\Windows\LHA.PIF
2012-06-18 11:39 - 2010-07-07 06:55 - 00000545 ____A C:\Windows\ARJ.PIF
2012-06-18 11:26 - 2012-06-18 11:26 - 00000000 ____D C:\Users\Makk\AppData\Roaming\ESET
2012-06-18 11:26 - 2012-06-18 11:26 - 00000000 ____D C:\Users\Makk\AppData\Local\ESET
2012-06-18 11:25 - 2012-06-18 11:25 - 00000000 ____D C:\Users\All Users\ESET
2012-06-18 11:25 - 2012-06-18 11:25 - 00000000 ____D C:\Program Files\ESET
2012-06-18 11:23 - 2012-06-18 11:23 - 00000000 ____D C:\Users\Makk\AppData\Roaming\WinRAR
2012-06-18 11:23 - 2012-06-18 11:23 - 00000000 ____D C:\Program Files\WinRAR
2012-06-18 11:22 - 2012-06-18 11:23 - 00003987 ____A C:\Windows\IE9_main.log
2012-06-18 11:22 - 2012-06-18 11:22 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-06-18 11:22 - 2012-06-18 11:22 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-18 11:22 - 2012-06-18 11:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-18 11:22 - 2012-06-18 11:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-18 11:22 - 2012-06-18 11:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-18 11:22 - 2012-06-18 11:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-18 11:22 - 2012-06-18 11:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-18 11:22 - 2012-06-18 11:22 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-18 11:22 - 2012-06-18 11:22 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-18 11:22 - 2012-06-18 11:22 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-06-18 11:22 - 2012-06-18 11:22 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-18 11:16 - 2012-06-18 16:22 - 00108840 ____A C:\Users\Makk\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\Makk\AppData\Roaming\ATI
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\Makk\AppData\Local\ATI
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\All Users\ATI
2012-06-18 11:15 - 2012-06-18 11:15 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-06-18 11:11 - 2012-06-03 22:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 11:09 - 2012-03-01 07:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-18 11:09 - 2012-03-01 07:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-18 11:09 - 2012-03-01 07:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-18 11:09 - 2012-03-01 07:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-18 11:09 - 2012-03-01 06:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-18 11:09 - 2012-03-01 06:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-18 11:09 - 2012-03-01 06:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-18 11:08 - 2012-05-15 02:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-18 11:08 - 2012-03-03 07:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-18 11:08 - 2012-03-03 06:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-18 11:08 - 2011-11-17 07:49 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-18 11:08 - 2011-11-17 07:49 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-18 11:08 - 2011-11-17 07:44 - 00459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-18 11:08 - 2011-11-17 07:35 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-06-18 11:08 - 2011-11-17 07:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-06-18 11:08 - 2011-11-17 07:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-18 11:08 - 2011-11-17 07:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-06-18 11:08 - 2011-11-17 07:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-06-18 11:08 - 2011-11-17 07:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-06-18 11:08 - 2011-11-17 07:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-06-18 11:08 - 2011-11-17 06:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-06-18 11:08 - 2011-11-17 06:34 - 00224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-18 11:08 - 2011-11-17 06:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-18 11:08 - 2011-11-17 06:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-18 11:08 - 2011-10-26 06:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-06-18 11:08 - 2011-07-16 06:41 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-06-18 11:08 - 2011-07-16 06:41 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-06-18 11:08 - 2011-07-16 06:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-06-18 11:08 - 2011-07-16 06:39 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-06-18 11:08 - 2011-07-16 06:37 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-06-18 11:08 - 2011-07-16 06:37 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 06:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-06-18 11:08 - 2011-07-16 05:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-06-18 11:08 - 2011-07-16 05:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-06-18 11:08 - 2011-07-16 05:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-06-18 11:08 - 2011-07-16 05:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 05:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 03:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-06-18 11:08 - 2011-07-16 03:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-06-18 11:08 - 2011-07-16 03:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 03:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 03:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-06-18 11:08 - 2011-07-16 03:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-06-18 11:08 - 2011-06-24 06:34 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-06-18 11:08 - 2011-06-24 06:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-06-18 11:08 - 2011-06-15 11:02 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-06-18 11:08 - 2011-06-15 11:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-06-18 11:08 - 2011-06-15 11:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-06-18 11:08 - 2011-06-15 11:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-06-18 11:08 - 2011-06-15 09:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-06-18 11:08 - 2011-06-15 09:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-06-18 11:08 - 2011-06-15 09:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-06-18 11:08 - 2011-06-15 09:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-06-18 11:08 - 2011-06-15 09:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-06-18 11:08 - 2011-04-09 07:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-06-18 11:08 - 2011-04-09 06:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-06-18 11:08 - 2010-12-23 11:42 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-06-18 11:08 - 2010-12-23 11:42 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-06-18 11:08 - 2010-12-23 11:36 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-06-18 11:08 - 2010-12-23 06:54 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-06-18 11:08 - 2010-12-23 06:54 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-06-18 11:08 - 2010-12-23 06:50 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-06-18 11:08 - 2010-12-17 12:40 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-06-18 11:08 - 2010-12-17 08:07 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-06-18 11:07 - 2012-05-04 12:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-18 11:07 - 2012-05-04 11:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-18 11:07 - 2012-05-04 11:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-18 11:07 - 2012-04-28 04:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-18 11:07 - 2012-04-26 06:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-18 11:07 - 2012-04-26 06:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-18 11:07 - 2012-04-26 06:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-18 11:07 - 2012-03-30 12:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-18 11:07 - 2012-03-17 08:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-18 11:07 - 2012-02-17 07:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-18 11:07 - 2012-02-17 06:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-06-18 11:07 - 2012-02-17 05:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-18 11:07 - 2011-12-28 04:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-06-18 11:07 - 2011-12-16 09:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-18 11:07 - 2011-12-16 08:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-06-18 11:07 - 2011-11-17 07:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-06-18 11:07 - 2011-11-17 07:41 - 00000000 __SHD C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}
2012-06-18 11:07 - 2011-11-17 06:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-06-18 11:07 - 2011-11-05 06:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-06-18 11:07 - 2011-11-05 05:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-06-18 11:07 - 2011-10-26 06:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-06-18 11:07 - 2011-10-26 05:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-06-18 11:07 - 2011-10-15 07:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-06-18 11:07 - 2011-10-15 06:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-06-18 11:07 - 2011-08-27 06:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-06-18 11:07 - 2011-08-27 06:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-06-18 11:07 - 2011-08-27 05:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-06-18 11:07 - 2011-08-27 05:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-06-18 11:07 - 2011-08-17 06:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-06-18 11:07 - 2011-08-17 06:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-06-18 11:07 - 2011-08-17 05:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-06-18 11:07 - 2011-08-17 05:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-06-18 11:07 - 2011-07-09 03:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-06-18 11:07 - 2011-05-24 12:42 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-06-18 11:07 - 2011-05-24 11:40 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-06-18 11:07 - 2011-05-24 11:40 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-06-18 11:07 - 2011-05-24 11:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-06-18 11:07 - 2011-05-24 11:37 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-06-18 11:07 - 2011-05-03 06:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-06-18 11:07 - 2011-05-03 05:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-06-18 11:07 - 2011-04-29 04:06 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-06-18 11:07 - 2011-04-29 04:05 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-06-18 11:07 - 2011-04-29 04:05 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-06-18 11:07 - 2011-04-27 03:40 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-06-18 11:07 - 2011-04-27 03:39 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-06-18 11:07 - 2011-03-11 07:34 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-06-18 11:07 - 2011-03-11 07:34 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-06-18 11:07 - 2011-03-11 06:33 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-06-18 11:07 - 2011-03-11 06:33 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-06-18 11:07 - 2011-03-03 07:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-06-18 11:07 - 2011-03-03 07:24 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-06-18 11:07 - 2011-03-03 07:21 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-06-18 11:07 - 2011-03-03 06:38 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-06-18 11:07 - 2011-03-03 06:36 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-06-18 11:07 - 2011-02-23 05:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-06-18 11:07 - 2011-02-19 13:03 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-06-18 11:07 - 2011-02-19 10:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-06-18 11:07 - 2011-02-19 07:30 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-06-18 11:07 - 2011-02-19 05:34 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-06-18 11:07 - 2011-02-12 12:34 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-06-18 11:07 - 2011-02-05 18:10 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-06-18 11:07 - 2011-02-05 18:10 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-06-18 11:07 - 2011-02-05 18:10 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-06-18 11:07 - 2011-02-05 18:10 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-06-18 11:07 - 2011-02-05 18:06 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-06-18 11:07 - 2011-02-05 18:06 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-06-18 11:07 - 2011-02-05 18:06 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-06-18 11:07 - 2010-09-30 11:41 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-06-18 11:07 - 2010-09-30 07:47 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-06-18 11:04 - 2011-11-19 15:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-18 11:04 - 2011-11-19 15:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-06-18 11:03 - 2012-06-18 11:03 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-18 11:02 - 2012-06-18 11:03 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-18 11:02 - 2012-06-18 11:03 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-18 11:02 - 2012-06-18 11:02 - 00000000 ____D C:\Program Files\ATI
2012-06-18 11:01 - 2012-06-18 11:01 - 00000000 ____D C:\AMD
2012-06-18 10:58 - 2012-06-18 10:58 - 00007688 ____A C:\Windows\DPINST.LOG
2012-06-18 10:58 - 2012-06-18 10:58 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-06-18 10:58 - 2012-06-18 10:58 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2012-06-18 10:57 - 2011-06-10 05:34 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-06-18 10:56 - 2012-06-18 10:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ____D C:\Program Files\Realtek
2012-06-18 10:56 - 2010-11-23 11:44 - 01247848 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-06-18 10:56 - 2010-11-23 11:16 - 02565736 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-06-18 10:56 - 2010-11-22 04:39 - 00626792 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-06-18 10:56 - 2010-11-18 08:01 - 02813544 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-06-18 10:56 - 2010-11-18 08:01 - 02186344 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-06-18 10:56 - 2010-11-18 04:49 - 00121744 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2012-06-18 10:56 - 2010-11-15 15:56 - 02580824 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-06-18 10:56 - 2010-11-15 15:56 - 01870680 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2012-06-18 10:56 - 2010-11-11 06:27 - 00083048 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInst64.dll
2012-06-18 10:56 - 2010-11-08 11:36 - 00544768 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2012-06-18 10:56 - 2010-11-08 00:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-06-18 10:56 - 2010-11-08 00:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-06-18 10:56 - 2010-11-08 00:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-06-18 10:56 - 2010-11-08 00:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-06-18 10:56 - 2010-11-08 00:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-06-18 10:56 - 2010-11-08 00:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-06-18 10:56 - 2010-11-03 11:31 - 01146984 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-06-18 10:56 - 2010-11-03 11:31 - 00332392 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-06-18 10:56 - 2010-11-03 11:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 01327208 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 01179752 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 01111656 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00504936 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00491112 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00475752 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00317032 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00269928 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00266856 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00126056 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00125544 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2012-06-18 10:56 - 2010-11-03 11:29 - 00125032 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2012-06-18 10:56 - 2010-11-02 02:35 - 01718616 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2012-06-18 10:56 - 2010-11-02 02:35 - 00127832 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2012-06-18 10:56 - 2010-11-02 02:34 - 00421720 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2012-06-18 10:56 - 2010-11-02 02:34 - 00108888 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2012-06-18 10:56 - 2010-11-02 02:34 - 00074584 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2012-06-18 10:56 - 2010-10-29 03:29 - 01937312 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-06-18 10:56 - 2010-10-28 03:46 - 01251944 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-06-18 10:56 - 2010-10-03 06:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2012-06-18 10:56 - 2010-09-27 02:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-06-18 10:56 - 2010-07-22 09:48 - 00220496 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\System32\SFNHK64.dll
2012-06-18 10:56 - 2010-07-22 09:48 - 00081232 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\System32\SFCOM64.dll
2012-06-18 10:56 - 2010-07-22 09:48 - 00078160 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\System32\SFAPO64.dll
2012-06-18 10:56 - 2010-07-22 09:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2012-06-18 10:56 - 2010-07-22 09:37 - 00200800 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-06-18 10:56 - 2010-05-06 10:34 - 00334680 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2012-06-18 10:56 - 2009-11-24 02:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-06-18 10:56 - 2009-11-24 02:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-06-18 10:56 - 2009-11-24 02:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-06-18 10:56 - 2009-11-24 02:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-06-18 10:56 - 2009-11-18 11:42 - 02197264 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-06-18 10:56 - 2009-11-17 11:12 - 00108960 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-06-18 10:55 - 2012-06-18 10:55 - 00000000 ____D C:\Program Files (x86)\Intel
2012-06-18 10:55 - 2011-04-15 09:00 - 00053248 ___RA (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2012-06-18 10:54 - 2012-06-18 10:57 - 00001769 ____A C:\Windows\Language_trs.ini
2012-06-18 10:54 - 2012-06-18 10:54 - 00028259 ____A C:\Windows\Ascd_tmp.ini
2012-06-18 10:54 - 2012-06-18 10:54 - 00000000 ____D C:\Intel
2012-06-18 10:47 - 2012-06-18 10:48 - 00000000 ____D C:\users\Makk
2012-06-18 10:47 - 2012-06-18 10:47 - 00000020 ___SH C:\Users\Makk\ntuser.ini
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Asztal
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 ____D C:\Users\Makk\AppData\Local\VirtualStore
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 ____D C:\Recovery
2012-06-18 10:45 - 2012-06-25 13:42 - 01578379 ____A C:\Windows\WindowsUpdate.log
2012-06-18 10:45 - 2012-06-18 10:45 - 00001355 ____A C:\Windows\TSSysprep.log

============ 3 Months Modified Files and Folders =============

2012-06-25 14:47 - 2012-06-25 14:47 - 00000000 ____D C:\FRST
2012-06-25 13:42 - 2012-06-18 11:54 - 00000000 ____D C:\Users\Makk\AppData\Roaming\uTorrent
2012-06-25 13:42 - 2012-06-18 10:45 - 01578379 ____A C:\Windows\WindowsUpdate.log
2012-06-25 13:39 - 2011-04-12 11:42 - 00631198 ____A C:\Windows\System32\perfh00E.dat
2012-06-25 13:39 - 2011-04-12 11:42 - 00144234 ____A C:\Windows\System32\perfc00E.dat
2012-06-25 13:39 - 2009-07-14 06:13 - 01480040 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 13:38 - 2012-06-25 13:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-25 13:38 - 2009-07-14 05:51 - 00026612 ____A C:\Windows\setupact.log
2012-06-25 13:32 - 2012-06-18 11:45 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Skype
2012-06-25 06:50 - 2009-07-14 05:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 06:50 - 2009-07-14 05:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 06:41 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 18:10 - 2012-06-24 18:10 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2012-06-24 18:09 - 2012-06-24 18:06 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2012-06-24 18:06 - 2012-06-24 18:06 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Sablonok
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Dokumentumok
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Zene
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Videók
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Képek
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Nero
2012-06-24 18:06 - 2012-06-24 18:06 - 00000000 ____D C:\Users\Makk\AppData\Local\Nero
2012-06-24 18:06 - 2012-06-24 18:04 - 00000000 ____D C:\Users\All Users\Nero
2012-06-24 18:05 - 2012-06-24 18:05 - 00002511 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2012-06-24 18:05 - 2012-06-24 18:04 - 00000000 ____D C:\Program Files (x86)\Nero
2012-06-24 17:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-06-24 15:11 - 2012-06-24 15:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files\iTunes
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files\iPod
2012-06-24 15:11 - 2012-06-24 15:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-24 09:08 - 2012-06-24 09:08 - 00002044 ____A C:\Users\Makk\Documents\aswMBR.txt
2012-06-24 09:08 - 2012-06-24 09:08 - 00000512 ____A C:\Users\Makk\Documents\MBR.dat
2012-06-23 18:42 - 2012-06-23 18:42 - 00016760 ____A C:\ComboFix.txt
2012-06-23 18:42 - 2012-06-23 18:35 - 00000000 ____D C:\Qoobox
2012-06-23 18:42 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2012-06-23 18:41 - 2012-06-23 18:35 - 00000000 ____D C:\Windows\erdnt
2012-06-23 18:39 - 2010-11-21 04:47 - 00005444 ____A C:\Windows\PFRO.log
2012-06-23 18:39 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-06-23 18:34 - 2012-06-23 18:34 - 00001249 ____A C:\Users\Makk\Documents\com.txt
2012-06-23 09:30 - 2012-06-23 08:56 - 00000000 ____D C:\Users\Makk\AppData\Roaming\vlc
2012-06-23 08:56 - 2012-06-23 08:56 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-23 08:56 - 2012-06-23 08:56 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-06-22 08:42 - 2012-06-22 08:42 - 00016839 ____A C:\Users\Makk\Documents\DDS.txt
2012-06-22 08:42 - 2012-06-22 08:42 - 00003057 ____A C:\Users\Makk\Documents\Attach.txt
2012-06-21 22:53 - 2012-06-21 22:53 - 01758208 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-21 22:53 - 2012-06-21 22:53 - 00000400 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-21 09:52 - 2009-07-14 05:45 - 00416424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-20 19:21 - 2012-06-20 11:05 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-06-20 18:21 - 2012-06-18 12:01 - 00000000 ____D C:\Users\Makk\AppData\Roaming\BSplayer PRO
2012-06-20 18:16 - 2012-06-20 17:14 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Apple Computer
2012-06-20 18:15 - 2012-06-20 18:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-20 17:56 - 2012-06-20 17:56 - 473283944 ____A C:\Windows\MEMORY.DMP
2012-06-20 17:56 - 2012-06-20 17:56 - 00642408 ____A C:\Windows\Minidump\062012-31231-01.dmp
2012-06-20 17:56 - 2012-06-20 17:56 - 00000000 ____D C:\Windows\Minidump
2012-06-20 17:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\Makk\AppData\Local\Apple Computer
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-20 17:14 - 2012-06-20 17:14 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Users\Makk\AppData\Local\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Users\All Users\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files\Bonjour
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-20 12:22 - 2012-06-20 12:22 - 00000000 ____D C:\Users\Makk\Documents\Xilisoft
2012-06-20 12:22 - 2012-06-20 12:22 - 00000000 ____D C:\Users\Makk\AppData\Local\Xilisoft
2012-06-20 12:22 - 2012-06-20 11:05 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Xilisoft
2012-06-20 11:43 - 2012-06-20 11:43 - 00002245 ____A C:\Users\Public\Desktop\Xilisoft YouTube HD Video Converter.lnk
2012-06-20 11:43 - 2012-06-20 11:05 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-06-20 11:23 - 2012-06-20 11:23 - 00000000 ____D C:\tmpDownload
2012-06-20 11:05 - 2012-06-20 11:05 - 00726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-06-20 08:43 - 2012-06-18 11:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-20 08:43 - 2012-06-18 11:46 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-18 20:03 - 2012-06-18 11:50 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-18 20:02 - 2012-06-18 20:02 - 00000000 ____D C:\Users\Makk\AppData\Local\Adobe
2012-06-18 20:02 - 2012-06-18 11:46 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Adobe
2012-06-18 16:22 - 2012-06-18 11:16 - 00108840 ____A C:\Users\Makk\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 12:34 - 2012-06-18 12:31 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-18 12:33 - 2012-06-18 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-06-18 12:33 - 2012-06-18 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-06-18 12:33 - 2012-06-18 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-18 12:33 - 2011-04-12 11:53 - 00000000 ____D C:\Windows\ShellNew
2012-06-18 12:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-06-18 12:32 - 2012-06-18 12:32 - 00000000 ____D C:\Windows\PCHEALTH
2012-06-18 12:32 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Users\Makk\AppData\Local\Microsoft Help
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-18 12:31 - 2012-06-18 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-18 12:31 - 2009-07-14 03:34 - 00000478 ____A C:\Windows\win.ini
2012-06-18 12:30 - 2012-06-18 12:30 - 00000000 ___RD C:\MSOCache
2012-06-18 12:26 - 2012-06-18 12:26 - 00000929 ____A C:\Users\Makk\Desktop\Plus500.lnk
2012-06-18 12:26 - 2012-06-18 12:26 - 00000000 ____D C:\Users\Makk\AppData\Local\Plus500
2012-06-18 12:26 - 2012-06-18 12:26 - 00000000 ____D C:\Program Files (x86)\Plus500
2012-06-18 12:16 - 2012-06-18 12:16 - 00000000 ____D C:\Program Files (x86)\CoreCodec
2012-06-18 12:15 - 2012-06-18 12:15 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-06-18 12:01 - 2012-06-18 12:01 - 00001143 ____A C:\Users\Public\Desktop\BS.Player PRO.lnk
2012-06-18 12:01 - 2012-06-18 12:01 - 00000000 ____D C:\Program Files (x86)\Webteh
2012-06-18 11:59 - 2012-06-18 11:59 - 00000000 ____D C:\Users\Makk\AppData\Local\GHISLER
2012-06-18 11:55 - 2012-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-06-18 11:51 - 2012-06-18 11:51 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-18 11:51 - 2012-06-18 11:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Macromedia
2012-06-18 11:46 - 2012-06-18 11:46 - 00000000 ____D C:\Users\Makk\AppData\Local\Macromedia
2012-06-18 11:45 - 2012-06-18 11:45 - 00002533 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-18 11:45 - 2012-06-18 11:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-18 11:45 - 2012-06-18 11:45 - 00000000 ____D C:\Users\All Users\Skype
2012-06-18 11:44 - 2012-06-18 11:44 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Makk\Downloads\SkypeSetup.exe
2012-06-18 11:42 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-06-18 11:42 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-06-18 11:41 - 2012-06-18 11:41 - 00001049 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\Makk\AppData\Roaming\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\Makk\AppData\Local\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 11:41 - 2012-06-18 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-18 11:39 - 2012-06-18 11:39 - 00000000 ____D C:\Users\Makk\AppData\Roaming\GHISLER
2012-06-18 11:39 - 2012-06-18 11:39 - 00000000 ____D C:\totalcmd
2012-06-18 11:38 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-06-18 11:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-18 11:26 - 2012-06-18 11:26 - 00000000 ____D C:\Users\Makk\AppData\Roaming\ESET
2012-06-18 11:26 - 2012-06-18 11:26 - 00000000 ____D C:\Users\Makk\AppData\Local\ESET
2012-06-18 11:25 - 2012-06-18 11:25 - 00000000 ____D C:\Users\All Users\ESET
2012-06-18 11:25 - 2012-06-18 11:25 - 00000000 ____D C:\Program Files\ESET
2012-06-18 11:23 - 2012-06-18 11:23 - 00000000 ____D C:\Users\Makk\AppData\Roaming\WinRAR
2012-06-18 11:23 - 2012-06-18 11:23 - 00000000 ____D C:\Program Files\WinRAR
2012-06-18 11:23 - 2012-06-18 11:22 - 00003987 ____A C:\Windows\IE9_main.log
2012-06-18 11:22 - 2012-06-18 11:22 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-06-18 11:22 - 2012-06-18 11:22 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-18 11:22 - 2012-06-18 11:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-18 11:22 - 2012-06-18 11:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-18 11:22 - 2012-06-18 11:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-18 11:22 - 2012-06-18 11:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-18 11:22 - 2012-06-18 11:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-18 11:22 - 2012-06-18 11:22 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-18 11:22 - 2012-06-18 11:22 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-18 11:22 - 2012-06-18 11:22 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-06-18 11:22 - 2012-06-18 11:22 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-18 11:22 - 2012-06-18 11:22 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-18 11:22 - 2012-06-18 11:22 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\Makk\AppData\Roaming\ATI
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\Makk\AppData\Local\ATI
2012-06-18 11:16 - 2012-06-18 11:16 - 00000000 ____D C:\Users\All Users\ATI
2012-06-18 11:15 - 2012-06-18 11:15 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-06-18 11:14 - 2011-04-12 11:53 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-18 11:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-18 11:03 - 2012-06-18 11:03 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-18 11:03 - 2012-06-18 11:02 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-18 11:03 - 2012-06-18 11:02 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2012-06-18 11:02 - 2012-06-18 11:02 - 00000000 ____D C:\Program Files\ATI
2012-06-18 11:01 - 2012-06-18 11:01 - 00000000 ____D C:\AMD
2012-06-18 10:58 - 2012-06-18 10:58 - 00007688 ____A C:\Windows\DPINST.LOG
2012-06-18 10:58 - 2012-06-18 10:58 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-06-18 10:58 - 2012-06-18 10:58 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2012-06-18 10:57 - 2012-06-18 10:56 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-06-18 10:57 - 2012-06-18 10:54 - 00001769 ____A C:\Windows\Language_trs.ini
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-06-18 10:56 - 2012-06-18 10:56 - 00000000 ____D C:\Program Files\Realtek
2012-06-18 10:56 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore
2012-06-18 10:55 - 2012-06-18 10:55 - 00000000 ____D C:\Program Files (x86)\Intel
2012-06-18 10:54 - 2012-06-18 10:54 - 00028259 ____A C:\Windows\Ascd_tmp.ini
2012-06-18 10:54 - 2012-06-18 10:54 - 00000000 ____D C:\Intel
2012-06-18 10:48 - 2012-06-18 10:47 - 00000000 ____D C:\users\Makk
2012-06-18 10:47 - 2012-06-18 11:42 - 00000000 ____D C:\Windows\Panther
2012-06-18 10:47 - 2012-06-18 10:47 - 00000020 ___SH C:\Users\Makk\ntuser.ini
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Public\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Makk\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Zene
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Videók
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\Default User\Documents\Képek
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Sablonok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Dokumentumok
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 __SHD C:\Users\All Users\Asztal
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 ____D C:\Users\Makk\AppData\Local\VirtualStore
2012-06-18 10:47 - 2012-06-18 10:47 - 00000000 ____D C:\Recovery
2012-06-18 10:47 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-18 10:45 - 2012-06-18 10:45 - 00001355 ____A C:\Windows\TSSysprep.log
2012-06-18 10:45 - 2009-07-14 06:01 - 00226474 ____A C:\Windows\SysWOW64\license.rtf
2012-06-18 10:45 - 2009-07-14 06:01 - 00226474 ____A C:\Windows\System32\license.rtf
2012-06-18 10:45 - 2009-07-14 05:46 - 00002790 ____A C:\Windows\DtcInstall.log
2012-06-18 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-06-18 10:43 - 2011-04-12 11:53 - 00000000 ____D C:\Windows\CSC
2012-06-03 22:28 - 2012-06-18 11:11 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 23:19 - 2012-06-24 08:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-24 08:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-24 08:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-24 08:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-24 08:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-24 08:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-24 08:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-24 08:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-24 08:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-15 02:32 - 2012-06-18 11:08 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 12:06 - 2012-06-18 11:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 12:00 - 2012-06-21 09:42 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 11:03 - 2012-06-18 11:07 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-18 11:07 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 10:59 - 2012-06-21 09:42 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 06:40 - 2012-06-21 09:42 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 04:55 - 2012-06-18 11:07 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 06:41 - 2012-06-18 11:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:41 - 2012-06-18 11:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:34 - 2012-06-18 11:07 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 06:37 - 2012-06-21 09:42 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:37 - 2012-06-21 09:42 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:37 - 2012-06-21 09:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 05:36 - 2012-06-21 09:42 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 05:36 - 2012-06-21 09:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 05:36 - 2012-06-21 09:42 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-07 13:31 - 2012-06-21 09:41 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 12:26 - 2012-06-21 09:41 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-03-30 12:35 - 2012-06-18 11:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}\@
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}\L
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}\U
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}\U\00000001.@
C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}\U\800000cb.@

ZeroAccess:
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}\@
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}\L
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4077.24 MB
Available physical RAM: 3468.41 MB
Total Pagefile: 4075.44 MB
Available Pagefile: 3454.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:68.66 GB) (Free:43.03 GB) NTFS
2 Drive e: (Cuccer) (Fixed) (Total:303.85 GB) (Free:171.02 GB) NTFS
3 Drive f: (LG BD HTS) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS
4 Drive g: (14719) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
5 Drive h: (XFF) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

A Lemez ### µllapot M‚ret Szabad Din Gpt
--------- -------------- -------- --------- --- ---
Lemez 0 Online 372 GB 0 B
Lemez 1 Online 7633 MB 0 B

Kil‚p‚s a DiskPart programb˘l...


==========================================================

Last Boot: 2012-06-18 14:21

======================= End Of Log ==========================
thank you

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 25 June 2012 - 12:06 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 June 2012 - 04:01 AM

Hi
There are the results from the search:

Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 2012-06-26 10:55:41
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\erdnt\cache64\services.exe
[2012-06-23 18:41] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
thank you

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 26 June 2012 - 07:26 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513}
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513}
Replace: C:\Windows\erdnt\cache64\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 June 2012 - 02:02 PM

Hi
I've done it in the afternoon and I didn't get the warning messages since so the computer seems to be ok.
There are the results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-26 14:34:45 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{1283027f-9a33-4398-e40c-587f273bf513} moved successfully.
C:\Users\Makk\AppData\Local\{1283027f-9a33-4398-e40c-587f273bf513} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Is that it? Are we done or I need to do something else?
If that's it can you help me with preventing this to happen I mean which program, firewall should I use.
Thank you very much I couldn't clean my computer without your help so you can expect my donation.
Makk

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:40 PM

Posted 26 June 2012 - 09:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Makk

Makk
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 June 2012 - 01:03 PM

Hi
I've done it.
First I forgot to switch the eset off, but it warned me so I did. It said it was still running but it wasn't so I continued.
It finished without any problems. After that it feels like I just installed windows, I mean the firewall asks me if I allow skype to connect to the internet and stuff like that.
No virus warning messages.

Combofix results:
ComboFix 12-06-23.05 - Makk 012.06.27. 19:07:54.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1038.18.4077.2745 [GMT 2:00]
Running from: d:\dßvnlˇd\_TORRENT FILEOK_\ComboFix.exe
Command switches used :: d:\dßvnlˇd\_TORRENT FILEOK_\CFScript.txt
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 17:10 . 2012-06-27 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 13:44 . 2012-06-26 13:44 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-26 13:27 . 2012-06-26 13:28 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-26 13:27 . 2012-06-26 13:27 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-26 13:25 . 2012-06-26 13:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-25 13:47 . 2012-06-25 13:48 -------- d-----w- C:\FRST
2012-06-24 17:06 . 2012-06-24 17:06 -------- d-----w- c:\users\NeroMediaHomeUser.4
2012-06-24 17:04 . 2012-06-24 17:05 -------- d-----w- c:\program files (x86)\Nero
2012-06-24 17:04 . 2012-06-24 17:06 -------- d-----w- c:\programdata\Nero
2012-06-24 17:04 . 2012-06-24 17:05 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-24 14:28 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{846C856D-F0C8-403E-9565-5AF48DA06918}\mpengine.dll
2012-06-24 14:11 . 2012-06-24 14:11 -------- d-----w- c:\program files\iTunes
2012-06-24 14:11 . 2012-06-24 14:11 -------- d-----w- c:\program files (x86)\iTunes
2012-06-24 14:11 . 2012-06-24 14:11 -------- d-----w- c:\program files\iPod
2012-06-24 07:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 07:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 07:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 07:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 07:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 07:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 07:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 07:29 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 07:29 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 07:56 . 2012-06-23 07:56 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-21 21:53 . 2012-06-21 21:53 1758208 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-06-21 08:41 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-21 08:41 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-21 08:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-21 08:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-21 08:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-21 08:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-21 08:40 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-21 08:40 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-21 08:40 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-21 08:40 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-21 08:40 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-21 08:40 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-21 08:40 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-21 08:40 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-20 16:14 . 2012-06-20 16:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-20 16:14 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-20 16:14 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-06-20 16:14 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-06-20 16:14 . 2012-06-20 16:14 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 16:14 . 2012-06-20 16:14 -------- d-----w- c:\programdata\Apple Computer
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\program files\Common Files\Apple
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\program files\Bonjour
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-20 16:13 . 2012-06-24 14:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-20 16:13 . 2012-06-20 16:13 -------- d-----w- c:\programdata\Apple
2012-06-20 10:23 . 2012-06-20 10:23 -------- d-----w- C:\tmpDownload
2012-06-20 10:05 . 2012-06-20 10:43 -------- d-----w- c:\programdata\Xilisoft
2012-06-20 10:05 . 2012-06-20 10:05 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-06-20 10:05 . 2012-06-20 18:21 -------- d-----w- c:\program files (x86)\Xilisoft
2012-06-18 11:33 . 2012-06-18 11:33 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-18 11:32 . 2012-06-18 11:32 -------- d-----w- c:\windows\PCHEALTH
2012-06-18 11:32 . 2012-06-18 11:32 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-18 11:31 . 2012-06-18 11:31 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-18 11:31 . 2012-06-18 11:34 -------- d-----w- c:\programdata\Microsoft Help
2012-06-18 11:30 . 2012-06-18 11:30 -------- d-----r- C:\MSOCache
2012-06-18 11:26 . 2012-06-18 11:26 -------- d-----w- c:\program files (x86)\Plus500
2012-06-18 11:16 . 2012-06-18 11:16 -------- d-----w- c:\program files (x86)\CoreCodec
2012-06-18 11:15 . 2012-06-18 11:15 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-06-18 11:01 . 2012-06-18 11:01 -------- d-----w- c:\program files (x86)\Webteh
2012-06-18 10:55 . 2012-06-18 10:55 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-18 10:51 . 2012-06-26 13:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-18 10:46 . 2012-06-20 07:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 10:46 . 2012-06-20 07:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-18 10:46 . 2012-06-18 10:46 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-18 10:46 . 2012-06-18 10:46 -------- d-----w- c:\windows\system32\Macromed
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----r- c:\program files (x86)\Skype
2012-06-18 10:45 . 2012-06-18 10:45 -------- d-----w- c:\programdata\Skype
2012-06-18 10:42 . 2012-06-18 09:47 -------- d-----w- c:\windows\Panther
2012-06-18 10:41 . 2012-06-18 10:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-18 10:39 . 2012-06-18 10:39 -------- d-----w- C:\totalcmd
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2012-06-18 10:39 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2012-06-18 10:25 . 2012-06-18 10:25 -------- d-----w- c:\program files\ESET
2012-06-18 10:21 . 2012-06-18 10:21 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-18 10:21 . 2012-06-18 10:21 -------- d-----w- c:\windows\system32\Wat
2012-06-18 10:16 . 2012-06-18 10:16 -------- d-----w- c:\programdata\ATI
2012-06-18 10:15 . 2012-06-18 10:15 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-18 10:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-18 10:09 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-18 10:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-18 10:09 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-18 10:09 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-18 10:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-18 10:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-18 10:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-18 10:04 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-18 10:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-18 10:03 . 2012-06-18 10:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-18 10:03 . 2012-06-18 10:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-18 10:02 . 2012-06-18 10:03 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-18 10:02 . 2012-06-18 10:02 -------- d-----w- c:\program files\ATI
2012-06-18 10:02 . 2012-06-18 10:03 -------- d-----w- c:\program files\ATI Technologies
2012-06-18 10:01 . 2012-06-18 10:01 -------- d-----w- C:\AMD
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\programdata\Hewlett-Packard
2012-06-18 09:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-18 09:58 . 2012-06-18 09:58 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-06-18 09:57 . 2012-06-26 13:27 -------- d-sh--w- c:\windows\Installer
2012-06-18 09:57 . 2011-06-10 04:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-18 09:55 . 2012-06-18 09:55 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-18 09:55 . 2012-06-18 09:55 -------- d-----w- c:\program files (x86)\Intel
2012-06-18 09:55 . 2011-04-15 08:00 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-06-18 09:54 . 2012-06-18 09:54 -------- d-----w- C:\Intel
2012-06-18 09:47 . 2012-06-18 09:48 -------- d-----w- c:\users\Makk
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-----w- C:\Recovery
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\users\Default\Sablonok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\users\Default\Dokumentumok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Sablonok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Dokumentumok
2012-06-18 09:47 . 2012-06-18 09:47 -------- d-sh--we c:\programdata\Asztal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_17.39.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-27 17:13 23794 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 17:13 30412 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-06-25 12:38 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-06-21 08:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 09:01 . 2012-02-15 09:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys
+ 2011-08-02 14:38 . 2011-08-02 14:38 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys
- 2012-06-18 09:46 . 2012-06-21 08:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-18 09:46 . 2012-06-26 10:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-18 09:46 . 2012-06-26 10:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-18 09:46 . 2012-06-21 08:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 08:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 10:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-31 01:36 . 2011-01-31 01:36 46592 c:\windows\Installer\8d20a7.msi
+ 2012-06-26 13:27 . 2012-06-26 13:27 22528 c:\windows\Installer\2d1640.msi
+ 2012-06-26 13:25 . 2012-06-26 13:25 23040 c:\windows\Installer\2d1616.msi
+ 2012-06-26 13:25 . 2012-06-26 13:25 31232 c:\windows\Installer\2d1610.msi
+ 2012-06-26 13:24 . 2012-06-26 13:24 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2012-06-26 13:24 . 2012-06-26 13:24 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2012-06-26 13:26 . 2012-06-26 13:26 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
+ 2012-06-26 13:27 . 2012-06-26 13:27 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
+ 2012-06-26 13:24 . 2012-06-26 13:24 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-06-26 13:25 . 2012-06-26 13:25 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
+ 2012-06-26 13:26 . 2012-06-26 13:26 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
+ 2012-06-26 13:27 . 2012-06-26 13:27 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
+ 2012-06-26 13:25 . 2012-06-26 13:25 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2012-06-26 13:26 . 2012-06-26 13:26 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
+ 2012-06-26 13:26 . 2012-06-26 13:26 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
+ 2012-06-26 13:24 . 2012-06-26 13:24 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2012-06-26 13:25 . 2012-06-26 13:25 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2012-06-18 09:54 . 2012-06-27 17:13 6578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2332647644-1227281620-26820879-1000_UserData.bin
+ 2012-06-27 17:11 . 2012-06-27 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 17:11 . 2012-06-27 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 17:39 . 2012-06-23 17:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-05 08:13 . 2010-03-05 08:13 947472 c:\windows\SysWOW64\msjava.dll
- 2011-04-12 10:42 . 2012-06-23 16:37 631198 c:\windows\system32\perfh00E.dat
+ 2011-04-12 10:42 . 2012-06-27 06:45 631198 c:\windows\system32\perfh00E.dat
+ 2009-07-14 02:36 . 2012-06-27 06:45 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-23 16:37 606992 c:\windows\system32\perfh009.dat
- 2011-04-12 10:42 . 2012-06-23 16:37 144234 c:\windows\system32\perfc00E.dat
+ 2011-04-12 10:42 . 2012-06-27 06:45 144234 c:\windows\system32\perfc00E.dat
- 2009-07-14 02:36 . 2012-06-23 16:37 103370 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-27 06:45 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-06-21 08:51 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-25 12:38 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-21 08:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-24 14:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 04:46 . 2012-06-27 06:44 106240 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-27 17:10 473460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-22 12:24 . 2012-02-22 12:24 532992 c:\windows\Installer\2d1634.msi
+ 2012-02-22 12:21 . 2012-02-22 12:21 620032 c:\windows\Installer\2d1628.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 510976 c:\windows\Installer\2d161c.msi
+ 2012-02-22 12:24 . 2012-02-22 12:24 606208 c:\windows\Installer\2d15fe.msi
+ 2012-02-22 12:21 . 2012-02-22 12:21 725504 c:\windows\Installer\2d15f2.msi
+ 2012-06-24 14:11 . 2012-06-24 14:11 380928 c:\windows\Installer\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}\iTunesIco.exe
+ 2009-07-14 04:45 . 2012-06-27 06:41 4971976 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-15 09:01 . 2012-02-15 09:01 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaaplrc.dll
+ 2011-08-02 14:38 . 2011-08-02 14:38 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\wdfcoinstaller01009.dll
- 2009-07-14 04:45 . 2012-06-21 08:53 7432515 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-27 06:43 7432515 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-18 19:30 . 2012-06-24 17:35 3696184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2332647644-1227281620-26820879-1000-12288.dat
+ 2011-01-31 01:36 . 2011-01-31 01:36 3813888 c:\windows\Installer\8d20cb.msi
+ 2011-01-31 01:35 . 2011-01-31 01:35 3431424 c:\windows\Installer\8d20c5.msi
+ 2011-01-31 01:35 . 2011-01-31 01:35 3431936 c:\windows\Installer\8d20bf.msi
+ 2011-01-31 01:36 . 2011-01-31 01:36 3427328 c:\windows\Installer\8d20b9.msi
+ 2011-01-31 01:36 . 2011-01-31 01:36 3427840 c:\windows\Installer\8d20b3.msi
+ 2011-01-31 01:36 . 2011-01-31 01:36 3479552 c:\windows\Installer\8d20ad.msi
+ 2011-01-31 01:35 . 2011-01-31 01:35 2818048 c:\windows\Installer\8d20a1.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 2258944 c:\windows\Installer\2d1646.msi
+ 2012-02-22 12:28 . 2012-02-22 12:28 9998336 c:\windows\Installer\2d163a.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 3123200 c:\windows\Installer\2d162e.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 1911808 c:\windows\Installer\2d1622.msi
+ 2012-02-22 12:24 . 2012-02-22 12:24 1528320 c:\windows\Installer\2d160a.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 3670016 c:\windows\Installer\2d15f8.msi
+ 2012-02-22 12:24 . 2012-02-22 12:24 1997312 c:\windows\Installer\2d15ec.msi
+ 2012-02-22 12:29 . 2012-02-22 12:29 2211328 c:\windows\Installer\2d15e6.msi
- 2009-07-14 02:34 . 2012-06-21 08:51 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-24 07:41 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-18 19:30 . 2012-06-27 17:10 15824532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2332647644-1227281620-26820879-1000-8192.dat
+ 2012-02-22 12:25 . 2012-02-22 12:25 12719104 c:\windows\Installer\2d1604.msi
+ 2012-06-24 14:09 . 2012-06-24 14:09 52033024 c:\windows\Installer\170f61c.msi
+ 2012-06-24 14:09 . 2012-06-24 14:09 11071488 c:\windows\Installer\170ea51.msi
+ 2012-06-24 14:08 . 2012-06-24 14:08 20403200 c:\windows\Installer\170ea21.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Xilisoft YouTube HD Video Converter - c:\program files (x86)\Xilisoft\YouTube HD Video Converter\upod_link.HTM
IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Makk\AppData\Roaming\Mozilla\Firefox\Profiles\pasc5fb8.default\
FF - prefs.js: browser.startup.homepage - www.google.hu/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2012-06-27 19:16:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 17:16
ComboFix2.txt 2012-06-23 17:42
.
Pre-Run: 45 051 416 576 bájt szabad
Post-Run: 45 073 285 120 bájt szabad
.
- - End Of File - - CA9FF5A7CDFE0ED7E4174BB14DA825ED
thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users