Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 0AccessRootkit and can not put up firewalls or anti-virus system


  • This topic is locked This topic is locked
18 replies to this topic

#1 JasonRichard

JasonRichard

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 23 June 2012 - 04:31 PM

It started when I noticed a fake anti-virus warning. I had McAfee and used it to scan my computer, but it found nothing. I went to the internet and found that it was the Security Shield virus. I found a forum on how to remove it using Malware Anti-virus (the one on your site). I believe it was removed, but my anti-virus was turned off and would not turn back on. I removed it and tried to download another anti-virus program (AVG), but it to had it's features shut off. I scanned again and found a 0Access rootkit. I removed it, but it just kept coming back. So, I went back to the internet and found this forum. I also cannot turn my windows firewall on either. It just says that "windows cannot change some settings"... Help, please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jason at 14:12:02 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8087.6164 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\.\globalroot\systemroot\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://AlienwareArena.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{144702CC-7085-46D5-B933-B2C0EA005D7C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7EEEEABC-EE54-4384-A29B-26FA43F77F15} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-28 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-6-23 67584]
R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-4 76800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-28 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-1-18 14136]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3hub.sys --> C:\Windows\system32\DRIVERS\rusb3hub.sys [?]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3xhc.sys --> C:\Windows\system32\DRIVERS\rusb3xhc.sys [?]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 257224]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 20:37:49 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-06-23 20:26:34 -------- d-----w- C:\Users\Jason\AppData\Roaming\AVG2012
2012-06-23 20:26:11 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-23 20:26:00 -------- d--h--w- C:\$AVG
2012-06-23 20:26:00 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-23 20:26:00 -------- d-----w- C:\ProgramData\AVG2012
2012-06-23 20:25:52 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-23 20:07:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 19:26:21 14680 ----a-w- C:\Windows\System32\sh4native.exe
2012-06-23 19:26:12 -------- d-----w- C:\sh4ldr
2012-06-23 19:26:12 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-23 19:25:47 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 19:25:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-23 17:04:48 -------- d--h--w- C:\ProgramData\Common Files
2012-06-23 17:02:29 -------- d-----w- C:\ProgramData\MFAData
2012-06-23 02:42:56 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-06-23 02:42:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-22 01:21:10 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-18 21:44:16 -------- d-----w- C:\Windows\pss
2012-06-18 21:22:19 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics
2012-06-15 03:10:13 -------- d-----w- C:\Program Files\iTunes
2012-06-15 03:10:13 -------- d-----w- C:\Program Files\iPod
2012-06-15 03:10:13 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-15 03:04:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-15 03:04:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-09 00:49:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-09 00:49:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-09 00:49:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-09 00:49:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-18 16:34:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 16:34:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 05:30:03 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-28 19:46:58 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-03-28 19:31:45 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-03-28 18:16:21 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-28 18:15:49 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
1601-01-01 00:00:00 0 ----a-w- C:\Windows\System32\drivers\usbhub.sys
.
============= FINISH: 14:12:15.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 23 June 2012 - 09:51 PM

Hi

please do the following:


download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 03:01 AM

Thanks for the speedy response! Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 24-06-2012 00:54:17
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6412904 2011-11-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 [1157224 2011-10-19] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-07-28] (Intel Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12616 2011-12-15] (Alienware)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [14664 2011-12-15] (Alienware)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-05-25] (CobianSoft, Luis Cobian)
2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 MSI_ODD_Service; "C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe" [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

0 8994aeafe3f5856d; C:\Windows\System32\Drivers\8994aeafe3f5856d.sys [74184 2012-06-21] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 NTIOLib_X64; \??\C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
3 rusb3hub; C:\Windows\System32\Drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
3 rusb3xhc; C:\Windows\System32\Drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-23 13:16 - 2012-06-23 13:16 - 00018526 ____A C:\Users\Jason\Desktop\DDS.txt
2012-06-23 13:15 - 2012-06-23 13:15 - 00016825 ____A C:\Users\Jason\Desktop\Attach.txt
2012-06-23 13:11 - 2012-06-23 13:12 - 00607260 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr
2012-06-23 13:10 - 2012-06-23 13:10 - 00000472 ____A C:\Users\Jason\Desktop\defogger_disable.log
2012-06-23 13:10 - 2012-06-23 13:10 - 00000000 ____A C:\Users\Jason\defogger_reenable
2012-06-23 12:37 - 2012-06-23 12:37 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-06-23 12:26 - 2012-06-23 12:39 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-23 12:26 - 2012-06-23 12:27 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-23 12:26 - 2012-06-23 12:26 - 00000218 ____A C:\Windows\Tasks\SidebarExecute.job
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ___HD C:\$AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2012
2012-06-23 12:25 - 2012-06-23 12:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-23 12:07 - 2012-06-23 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 11:27 - 2012-06-23 11:27 - 00000126 ____A C:\sh4_service.log
2012-06-23 11:26 - 2012-06-23 12:14 - 00000000 ____D C:\sh4ldr
2012-06-23 11:26 - 2012-06-23 11:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-23 11:26 - 2010-08-05 17:01 - 00014680 ____A C:\Windows\System32\sh4native.exe
2012-06-23 11:25 - 2012-06-23 12:14 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 09:02 - 2012-06-23 12:26 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-22 18:34 - 2012-06-23 09:11 - 00000361 ____A C:\rkill.log
2012-06-21 17:21 - 2012-06-21 17:21 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 17:16 - 2012-06-21 17:16 - 00074184 ____A C:\Windows\System32\Drivers\8994aeafe3f5856d.sys
2012-06-18 13:44 - 2012-06-18 13:44 - 00000000 ____D C:\Windows\pss
2012-06-14 21:18 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 21:18 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 21:18 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 21:18 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 21:18 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 21:18 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 21:18 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 21:18 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 21:18 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 21:18 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 21:18 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 21:18 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 21:18 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 21:18 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 21:18 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 21:18 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 21:18 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 21:18 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 21:18 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 21:18 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 21:18 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 21:18 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 21:18 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 21:18 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 21:18 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 21:18 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 21:18 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 21:18 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 19:10 - 2012-06-14 19:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iPod
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-14 19:05 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 19:05 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 19:05 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 19:05 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 19:05 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 19:05 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 19:05 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 19:05 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 19:05 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:05 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 19:05 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 19:05 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 19:05 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 19:05 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 19:05 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 19:04 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 19:04 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-09 16:07 - 2012-06-09 16:07 - 00010399 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-08 16:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 16:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files and Folders =============

2012-06-24 00:54 - 2012-06-24 00:53 - 00000000 ____D C:\FRST
2012-06-23 15:48 - 2009-07-13 20:51 - 00056313 ____A C:\Windows\setupact.log
2012-06-23 15:30 - 2012-04-30 17:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-23 13:16 - 2012-06-23 13:16 - 00018526 ____A C:\Users\Jason\Desktop\DDS.txt
2012-06-23 13:15 - 2012-06-23 13:15 - 00016825 ____A C:\Users\Jason\Desktop\Attach.txt
2012-06-23 13:13 - 2012-04-29 11:03 - 00000478 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-23 13:12 - 2012-06-23 13:11 - 00607260 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr
2012-06-23 13:10 - 2012-06-23 13:10 - 00000472 ____A C:\Users\Jason\Desktop\defogger_disable.log
2012-06-23 13:10 - 2012-06-23 13:10 - 00000000 ____A C:\Users\Jason\defogger_reenable
2012-06-23 13:10 - 2012-04-20 17:01 - 00000000 ____D C:\users\Jason
2012-06-23 12:58 - 2012-04-29 11:00 - 00000000 ____D C:\Users\All Users\PCDr
2012-06-23 12:42 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 12:39 - 2012-06-23 12:26 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-23 12:37 - 2012-06-23 12:37 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-06-23 12:36 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-23 12:36 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-23 12:28 - 2012-03-28 11:52 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-23 12:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 12:27 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-23 12:26 - 2012-06-23 12:26 - 00000218 ____A C:\Windows\Tasks\SidebarExecute.job
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ___HD C:\$AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2012
2012-06-23 12:26 - 2012-06-23 09:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-23 12:25 - 2012-06-23 12:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-23 12:20 - 2010-11-20 19:47 - 00060444 ____A C:\Windows\PFRO.log
2012-06-23 12:14 - 2012-06-23 11:26 - 00000000 ____D C:\sh4ldr
2012-06-23 12:14 - 2012-06-23 11:25 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 12:07 - 2012-06-23 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 11:27 - 2012-06-23 11:27 - 00000126 ____A C:\sh4_service.log
2012-06-23 11:26 - 2012-06-23 11:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-23 10:08 - 2012-03-28 10:34 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-23 09:11 - 2012-06-22 18:34 - 00000361 ____A C:\rkill.log
2012-06-23 08:57 - 2012-03-28 10:29 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-21 20:12 - 2012-05-11 14:37 - 00000000 ____D C:\Users\Jason\AppData\Roaming\uTorrent
2012-06-21 17:21 - 2012-06-21 17:21 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 17:16 - 2012-06-21 17:16 - 00074184 ____A C:\Windows\System32\Drivers\8994aeafe3f5856d.sys
2012-06-21 17:16 - 2012-03-28 11:54 - 01365372 ____A C:\Windows\WindowsUpdate.log
2012-06-18 13:44 - 2012-06-18 13:44 - 00000000 ____D C:\Windows\pss
2012-06-18 13:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-18 08:34 - 2012-04-30 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-18 08:34 - 2012-03-28 10:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-17 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-16 00:34 - 2009-07-13 20:45 - 00396656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 21:23 - 2012-04-22 15:03 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 21:21 - 2012-05-04 13:40 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 19:10 - 2012-06-14 19:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iPod
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-09 16:08 - 2012-05-15 16:42 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-09 16:07 - 2012-06-09 16:07 - 00010399 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-07 21:08 - 2012-04-29 11:03 - 00000536 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-02 14:19 - 2012-06-08 16:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 16:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-20 15:24 - 2012-05-20 15:24 - 00015172 ____A C:\Users\Jason\Downloads\[isoHunt] Underworld_Awakening[2012]R5_Full_Line_XviD-ETRG.7034073.TPB.torrent
2012-05-18 14:33 - 2012-04-22 15:03 - 00000000 ____D C:\Users\Jason\AppData\Local\Microsoft Help
2012-05-17 18:47 - 2012-06-14 21:18 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 21:18 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 21:18 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 21:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 21:18 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 21:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 21:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 21:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 21:18 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 21:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 21:18 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 21:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 21:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 21:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 21:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 21:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 21:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 21:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 21:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 21:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 21:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 21:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 21:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 21:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 21:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 21:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 21:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 21:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 16:42 - 2012-05-15 16:42 - 00001191 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 17:32 - 2012-06-14 19:05 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 14:39 - 2012-05-11 14:39 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-11 14:02 - 2012-04-22 15:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Apple Computer
2012-05-09 21:59 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-06 09:41 - 2012-05-06 09:41 - 00000000 ____D C:\Users\Jason\AppData\Roaming\GRETECH
2012-05-06 09:40 - 2012-05-06 09:40 - 00001187 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-05-06 09:40 - 2012-05-06 09:40 - 00000000 ____D C:\Program Files (x86)\GRETECH
2012-05-04 21:30 - 2012-05-04 21:30 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 19:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 19:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 19:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 18:03 - 2012-05-03 18:03 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-02 20:24 - 2012-05-02 20:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Roxio Burn
2012-05-02 20:24 - 2012-05-02 20:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Macrovision
2012-04-30 21:40 - 2012-06-14 19:05 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 22:02 - 2012-04-29 22:02 - 00000000 ____D C:\Users\Jason\AppData\Local\Adobe
2012-04-29 22:02 - 2012-04-20 17:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Adobe
2012-04-29 22:02 - 2012-03-28 10:26 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-29 15:24 - 2012-04-29 15:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-29 11:03 - 2012-04-29 11:03 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dell
2012-04-29 11:03 - 2012-04-29 11:03 - 00000000 ____D C:\Program Files\AlienAutopsy
2012-04-29 11:02 - 2012-04-29 11:00 - 00000000 ____D C:\Users\Jason\AppData\Roaming\PCDr
2012-04-27 19:55 - 2012-06-14 19:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 19:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 19:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 19:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-14 19:05 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 19:05 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 19:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 19:05 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 19:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 19:04 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 17:37 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-22 17:34 - 2012-04-22 17:34 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-22 17:34 - 2012-04-22 17:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-22 15:18 - 2012-04-20 17:01 - 00102544 ____A C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\Jason\AppData\Local\Apple Computer
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Users\Jason\AppData\Local\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Users\All Users\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files\Bonjour
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-22 15:08 - 2012-03-28 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-22 15:07 - 2012-04-22 15:07 - 00000000 ____D C:\Users\Jason\Documents\Diablo III
2012-04-22 15:07 - 2012-04-22 15:07 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-22 15:06 - 2012-04-22 15:06 - 00000000 ____D C:\Windows\PCHEALTH
2012-04-22 15:04 - 2012-04-22 15:04 - 00000000 ____D C:\Program Files\Microsoft Office
2012-04-22 15:03 - 2012-04-22 15:03 - 00000000 __RHD C:\MSOCache
2012-04-22 15:03 - 2012-04-22 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-22 15:03 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2012-04-22 14:36 - 2012-04-22 14:35 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-22 14:30 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-22 13:35 - 2012-04-22 13:35 - 00297244 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-04-22 13:34 - 2012-04-22 13:34 - 00296074 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-04-22 13:34 - 2012-04-22 13:34 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-22 13:33 - 2011-02-10 08:10 - 00764302 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-20 17:18 - 2012-04-20 17:18 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-20 17:18 - 2012-04-20 17:17 - 00014715 ____A C:\Users\Jason\Documents\Install STAR WARS The Old Republic.log
2012-04-20 17:09 - 2012-04-20 17:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Macromedia
2012-04-20 17:07 - 2012-04-20 17:07 - 00000000 ____D C:\Users\Jason\Documents\AlienFX
2012-04-20 17:06 - 2012-04-20 17:06 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Roxio
2012-04-20 17:06 - 2012-04-20 17:06 - 00000000 ____D C:\Users\Jason\AppData\Local\VirtualStore
2012-04-20 17:01 - 2012-04-20 17:01 - 00000020 ___SH C:\Users\Jason\ntuser.ini
2012-04-20 17:01 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-20 16:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-04-20 16:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-04-20 16:42 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-07 04:31 - 2012-06-14 19:05 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 19:05 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-03-30 03:35 - 2012-05-09 19:12 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 11:55 - 2011-02-10 08:03 - 00003652 ____A C:\Windows\TSSysprep.log
2012-03-28 11:53 - 2012-03-28 11:53 - 00000000 ____D C:\Windows\System32\SRSLabs
2012-03-28 11:53 - 2012-03-28 11:53 - 00000000 ____D C:\Program Files\Realtek
2012-03-28 11:53 - 2012-03-28 11:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-28 11:52 - 2012-03-28 11:52 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-03-28 11:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Program Files (x86)\Intel
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Intel
2012-03-28 11:49 - 2012-03-28 11:49 - 00028948 __RAH C:\mfg.sdr
2012-03-28 11:49 - 2012-03-28 11:49 - 00000012 ____A C:\Windows\csup.txt
2012-03-28 11:47 - 2012-03-28 11:47 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00296320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-03-28 11:47 - 2012-03-28 11:47 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-03-28 11:46 - 2012-03-28 11:46 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-03-28 11:46 - 2012-03-28 11:46 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-03-28 11:46 - 2012-03-28 11:46 - 00419744 ____A C:\Windows\System32\locale.nls
2012-03-28 11:46 - 2012-03-28 11:46 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-03-28 11:46 - 2012-03-28 11:46 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-03-28 11:32 - 2012-03-28 11:32 - 00003350 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_ALI_ANDROMEDA_R5.mrk
2012-03-28 11:32 - 2012-03-28 11:32 - 00003350 ____A C:\Windows\System32\Drivers\1028_Dell_ALI_ANDROMEDA_R5.mrk
2012-03-28 11:31 - 2012-03-28 11:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-28 11:31 - 2012-03-28 11:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-28 11:31 - 2012-03-28 11:31 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-28 11:31 - 2012-03-28 11:31 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-28 11:31 - 2012-03-28 11:31 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-28 11:31 - 2012-03-28 11:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-28 11:31 - 2012-03-28 11:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-28 11:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-03-28 11:29 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-28 11:29 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-28 11:29 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-03-28 11:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-03-28 10:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-03-28 10:44 - 2012-03-28 10:28 - 00000000 ____D C:\Users\All Users\Roxio
2012-03-28 10:44 - 2009-07-13 20:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-03-28 10:37 - 2012-03-28 10:37 - 00002056 ____A C:\Users\Public\Desktop\My PC Information.lnk
2012-03-28 10:37 - 2012-03-28 10:37 - 00000026 ____A C:\AF_BENCHMARKS.XML
2012-03-28 10:37 - 2012-03-28 10:37 - 00000000 ____D C:\Users\Public\Documents\Alienware
2012-03-28 10:36 - 2009-07-13 18:34 - 00000435 ____A C:\Windows\win.ini
2012-03-28 10:32 - 2012-03-28 10:32 - 00000000 ____D C:\Users\All Users\Uninstall
2012-03-28 10:30 - 2012-03-28 10:30 - 00002164 ____A C:\Users\Public\Desktop\Roxio Creator Starter.lnk
2012-03-28 10:30 - 2012-03-28 10:30 - 00000000 ____D C:\Users\All Users\PhotoShow Shared Assets
2012-03-28 10:30 - 2012-03-28 10:30 - 00000000 ____D C:\Program Files\Roxio
2012-03-28 10:30 - 2012-03-28 10:28 - 00000000 ____D C:\Program Files (x86)\Roxio
2012-03-28 10:28 - 2012-03-28 10:28 - 00000000 ____D C:\Users\All Users\Macrovision
2012-03-28 10:27 - 2012-03-28 10:26 - 00198776 ____A C:\Windows\DirectX.log
2012-03-28 10:26 - 2012-03-28 10:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-03-28 10:24 - 2012-03-28 10:24 - 00000000 ____D C:\Program Files (x86)\msi
2012-03-28 10:24 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-28 10:21 - 2012-03-28 10:21 - 00001843 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk
2012-03-28 10:20 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files\Alienware
2012-03-28 10:16 - 2012-03-28 10:16 - 00627600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-28 10:16 - 2012-03-28 10:16 - 00252296 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00000000 ____D C:\Users\All Users\Sun
2012-03-28 10:16 - 2012-03-28 10:16 - 00000000 ____D C:\Program Files\Java
2012-03-28 10:15 - 2012-03-28 10:15 - 00544656 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-03-28 10:15 - 2012-03-28 10:15 - 00214408 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00000000 ____D C:\Program Files (x86)\Java
2012-03-28 10:02 - 2012-03-28 10:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-28 10:02 - 2012-03-28 10:02 - 00000000 ____D C:\Windows\System32\Macromed
2012-03-28 10:00 - 2012-03-28 09:56 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-03-28 10:00 - 2012-03-28 09:56 - 00000000 ____D C:\Windows\System32\NV
2012-03-28 10:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-03-28 09:58 - 2012-03-28 11:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-28 09:58 - 2012-03-28 09:58 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-28 09:57 - 2012-03-28 11:53 - 00164480 ____A C:\Windows\System32\Drivers\RTWAVES40.dat
2012-03-28 09:57 - 2012-03-28 11:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

ZeroAccess:
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\@
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\L
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\U
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\U\00000001.@
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\U\80000000.@
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-28 11:47] - [2012-03-28 11:47] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8086.8 MB
Available physical RAM: 7267.68 MB
Total Pagefile: 8085 MB
Available Pagefile: 7254.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:930.32 GB) (Free:882 GB) NTFS
3 Drive f: (New_Volume) (Fixed) (Total:931.51 GB) (Free:757.02 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:7.21 GB) (Free:5.26 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.53 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 4096 KB *
Disk 1 Online 931 GB 0 B
Disk 2 Online 7389 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 300 MB 1024 KB
Partition 2 Primary 40 MB 304 MB
Partition 3 Reserved 128 MB 344 MB
Partition 4 Primary 752 MB 472 MB
Partition 5 Primary 930 GB 1224 MB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 ESP FAT32 Partition 300 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : Yes
Required: No
Attrib : 0XC000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 DELLUTILITY FAT32 Partition 40 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 3
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 752 MB Healthy

======================================================================================================

Disk: 0
Partition 5
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 930 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F New_Volume NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7385 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G USB DISK FAT32 Removable 7385 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 09:54

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 07:58 AM

Hi,

Please run the following:

in normal mode:

Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.


now back to the Recovery Environment:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
HKLM\...\Run: [] [x]
HKLM-x32\...\Run: [] [x]
0 8994aeafe3f5856d; C:\Windows\System32\Drivers\8994aeafe3f5856d.sys [74184 2012-06-21] ()
C:\Windows\System32\Drivers\8994aeafe3f5856d.sys 
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please rename this to Fixlog1.txt as we have to search for a file (the search results log will over write this one) then please post it to your reply.


NEXT


While you are still booted into System Recovery Options run FRST.
Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click Search button and post the log it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 11:50 AM

Good morning,
Here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-06-2012
Ran by SYSTEM at 2012-06-24 09:38:24 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
8994aeafe3f5856d service deleted successfully.
C:\Windows\System32\Drivers\8994aeafe3f5856d.sys moved successfully.
C:\Windows\Installer\{3719db6d-f96a-db48-c0c7-e4b764658731} moved successfully.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
Ran by SYSTEM at 24-06-2012 09:41:16
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6412904 2011-11-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 [1157224 2011-10-19] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-07-28] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12616 2011-12-15] (Alienware)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [14664 2011-12-15] (Alienware)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-05-25] (CobianSoft, Luis Cobian)
2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 MSI_ODD_Service; "C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe" [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 NTIOLib_X64; \??\C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
3 rusb3hub; C:\Windows\System32\Drivers\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
3 rusb3xhc; C:\Windows\System32\Drivers\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 08:27 - 2012-06-24 08:27 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Jason\Desktop\unhide.exe
2012-06-24 00:53 - 2012-06-24 09:41 - 00000000 ____D C:\FRST
2012-06-23 13:16 - 2012-06-23 13:16 - 00018526 ____A C:\Users\Jason\Desktop\DDS.txt
2012-06-23 13:15 - 2012-06-23 13:15 - 00016825 ____A C:\Users\Jason\Desktop\Attach.txt
2012-06-23 13:11 - 2012-06-23 13:12 - 00607260 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr
2012-06-23 13:10 - 2012-06-23 13:10 - 00000472 ____A C:\Users\Jason\Desktop\defogger_disable.log
2012-06-23 13:10 - 2012-06-23 13:10 - 00000000 ____A C:\Users\Jason\defogger_reenable
2012-06-23 12:37 - 2012-06-23 12:37 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-06-23 12:26 - 2012-06-23 12:39 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-23 12:26 - 2012-06-23 12:27 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-23 12:26 - 2012-06-23 12:26 - 00000218 ____A C:\Windows\Tasks\SidebarExecute.job
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2012
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\$AVG
2012-06-23 12:25 - 2012-06-23 12:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-23 12:07 - 2012-06-23 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 11:27 - 2012-06-23 11:27 - 00000126 ____A C:\sh4_service.log
2012-06-23 11:26 - 2012-06-23 12:14 - 00000000 ____D C:\sh4ldr
2012-06-23 11:26 - 2012-06-23 11:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-23 11:26 - 2010-08-05 17:01 - 00014680 ____A C:\Windows\System32\sh4native.exe
2012-06-23 11:25 - 2012-06-23 12:14 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 09:02 - 2012-06-24 00:00 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-22 18:34 - 2012-06-23 09:11 - 00000361 ____A C:\rkill.log
2012-06-21 17:21 - 2012-06-21 17:21 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-18 13:44 - 2012-06-18 13:44 - 00000000 ____D C:\Windows\pss
2012-06-14 21:18 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 21:18 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 21:18 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 21:18 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 21:18 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 21:18 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 21:18 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 21:18 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 21:18 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 21:18 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 21:18 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 21:18 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 21:18 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 21:18 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 21:18 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 21:18 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 21:18 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 21:18 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 21:18 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 21:18 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 21:18 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 21:18 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 21:18 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 21:18 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 21:18 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 21:18 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 21:18 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 21:18 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 19:10 - 2012-06-14 19:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iPod
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-14 19:05 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 19:05 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 19:05 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 19:05 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 19:05 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 19:05 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 19:05 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 19:05 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 19:05 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:05 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 19:05 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 19:05 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 19:05 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 19:05 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 19:05 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 19:04 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 19:04 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-09 16:07 - 2012-06-09 16:07 - 00010399 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-08 16:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 16:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 16:49 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 16:49 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files and Folders =============

2012-06-24 09:41 - 2012-06-24 00:53 - 00000000 ____D C:\FRST
2012-06-24 08:35 - 2012-03-28 11:52 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-24 08:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 08:35 - 2009-07-13 20:51 - 00056593 ____A C:\Windows\setupact.log
2012-06-24 08:32 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 08:32 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 08:32 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 08:30 - 2012-06-24 08:27 - 00003254 ____A C:\Users\Jason\Desktop\unhide.txt
2012-06-24 08:30 - 2012-04-30 17:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-24 08:27 - 2012-06-24 08:27 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Jason\Desktop\unhide.exe
2012-06-24 00:00 - 2012-06-23 09:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-23 23:56 - 2012-04-29 11:03 - 00000478 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-23 13:16 - 2012-06-23 13:16 - 00018526 ____A C:\Users\Jason\Desktop\DDS.txt
2012-06-23 13:15 - 2012-06-23 13:15 - 00016825 ____A C:\Users\Jason\Desktop\Attach.txt
2012-06-23 13:12 - 2012-06-23 13:11 - 00607260 ____R (Swearware) C:\Users\Jason\Desktop\dds.scr
2012-06-23 13:10 - 2012-06-23 13:10 - 00000472 ____A C:\Users\Jason\Desktop\defogger_disable.log
2012-06-23 13:10 - 2012-06-23 13:10 - 00000000 ____A C:\Users\Jason\defogger_reenable
2012-06-23 13:10 - 2012-04-20 17:01 - 00000000 ____D C:\users\Jason
2012-06-23 12:58 - 2012-04-29 11:00 - 00000000 ____D C:\Users\All Users\PCDr
2012-06-23 12:39 - 2012-06-23 12:26 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-23 12:37 - 2012-06-23 12:37 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-06-23 12:27 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-06-23 12:26 - 2012-06-23 12:26 - 00000218 ____A C:\Windows\Tasks\SidebarExecute.job
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2012
2012-06-23 12:26 - 2012-06-23 12:26 - 00000000 ____D C:\$AVG
2012-06-23 12:25 - 2012-06-23 12:25 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-23 12:20 - 2010-11-20 19:47 - 00060444 ____A C:\Windows\PFRO.log
2012-06-23 12:14 - 2012-06-23 11:26 - 00000000 ____D C:\sh4ldr
2012-06-23 12:14 - 2012-06-23 11:25 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 12:07 - 2012-06-23 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 11:27 - 2012-06-23 11:27 - 00000126 ____A C:\sh4_service.log
2012-06-23 11:26 - 2012-06-23 11:26 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-23 10:08 - 2012-03-28 10:34 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-23 09:11 - 2012-06-22 18:34 - 00000361 ____A C:\rkill.log
2012-06-23 08:57 - 2012-03-28 10:29 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-06-22 18:42 - 2012-06-22 18:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-21 20:12 - 2012-05-11 14:37 - 00000000 ____D C:\Users\Jason\AppData\Roaming\uTorrent
2012-06-21 17:21 - 2012-06-21 17:21 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 17:16 - 2012-03-28 11:54 - 01365372 ____A C:\Windows\WindowsUpdate.log
2012-06-18 13:44 - 2012-06-18 13:44 - 00000000 ____D C:\Windows\pss
2012-06-18 13:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-18 08:34 - 2012-04-30 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-18 08:34 - 2012-03-28 10:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-17 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-16 00:34 - 2009-07-13 20:45 - 00396656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 21:23 - 2012-04-22 15:03 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 21:21 - 2012-05-04 13:40 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 19:10 - 2012-06-14 19:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files\iPod
2012-06-14 19:10 - 2012-06-14 19:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-09 16:08 - 2012-05-15 16:42 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-09 16:07 - 2012-06-09 16:07 - 00010399 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-07 21:08 - 2012-04-29 11:03 - 00000536 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-02 14:19 - 2012-06-08 16:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 16:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 16:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-08 16:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-20 15:24 - 2012-05-20 15:24 - 00015172 ____A C:\Users\Jason\Downloads\[isoHunt] Underworld_Awakening[2012]R5_Full_Line_XviD-ETRG.7034073.TPB.torrent
2012-05-18 14:33 - 2012-04-22 15:03 - 00000000 ____D C:\Users\Jason\AppData\Local\Microsoft Help
2012-05-17 18:47 - 2012-06-14 21:18 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 21:18 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 21:18 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 21:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 21:18 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 21:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 21:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 21:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 21:18 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 21:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 21:18 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 21:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 21:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 21:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 21:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 21:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 21:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 21:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 21:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 21:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 21:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 21:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 21:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 21:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 21:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 21:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 21:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 21:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 16:42 - 2012-05-15 16:42 - 00001191 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 17:32 - 2012-06-14 19:05 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 14:39 - 2012-05-11 14:39 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-11 14:02 - 2012-04-22 15:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Apple Computer
2012-05-09 21:59 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-06 09:41 - 2012-05-06 09:41 - 00000000 ____D C:\Users\Jason\AppData\Roaming\GRETECH
2012-05-06 09:40 - 2012-05-06 09:40 - 00001187 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-05-06 09:40 - 2012-05-06 09:40 - 00000000 ____D C:\Program Files (x86)\GRETECH
2012-05-04 21:30 - 2012-05-04 21:30 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 19:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 19:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 19:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 18:03 - 2012-05-03 18:03 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-02 20:24 - 2012-05-02 20:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Roxio Burn
2012-05-02 20:24 - 2012-05-02 20:24 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Macrovision
2012-04-30 21:40 - 2012-06-14 19:05 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 22:02 - 2012-04-29 22:02 - 00000000 ____D C:\Users\Jason\AppData\Local\Adobe
2012-04-29 22:02 - 2012-04-20 17:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Adobe
2012-04-29 22:02 - 2012-03-28 10:26 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-29 15:24 - 2012-04-29 15:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-29 11:03 - 2012-04-29 11:03 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Dell
2012-04-29 11:03 - 2012-04-29 11:03 - 00000000 ____D C:\Program Files\AlienAutopsy
2012-04-29 11:02 - 2012-04-29 11:00 - 00000000 ____D C:\Users\Jason\AppData\Roaming\PCDr
2012-04-27 19:55 - 2012-06-14 19:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 19:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 19:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 19:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-14 19:05 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 19:05 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 19:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 19:05 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 19:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 19:04 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 17:37 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-22 17:34 - 2012-04-22 17:34 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-22 17:34 - 2012-04-22 17:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-22 15:18 - 2012-04-20 17:01 - 00102544 ____A C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\Jason\AppData\Local\Apple Computer
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-04-22 15:17 - 2012-04-22 15:17 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Users\Jason\AppData\Local\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Users\All Users\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files\Bonjour
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-04-22 15:16 - 2012-04-22 15:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-22 15:08 - 2012-03-28 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-22 15:07 - 2012-04-22 15:07 - 00000000 ____D C:\Users\Jason\Documents\Diablo III
2012-04-22 15:07 - 2012-04-22 15:07 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-22 15:06 - 2012-04-22 15:06 - 00000000 ____D C:\Windows\PCHEALTH
2012-04-22 15:04 - 2012-04-22 15:04 - 00000000 ____D C:\Program Files\Microsoft Office
2012-04-22 15:03 - 2012-04-22 15:03 - 00000000 ___RD C:\MSOCache
2012-04-22 15:03 - 2012-04-22 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-22 15:03 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2012-04-22 14:36 - 2012-04-22 14:35 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-22 14:30 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-22 13:35 - 2012-04-22 13:35 - 00297244 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-04-22 13:34 - 2012-04-22 13:34 - 00296074 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-04-22 13:34 - 2012-04-22 13:34 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-22 13:33 - 2011-02-10 08:10 - 00764302 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-20 17:18 - 2012-04-20 17:18 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-20 17:18 - 2012-04-20 17:17 - 00014715 ____A C:\Users\Jason\Documents\Install STAR WARS The Old Republic.log
2012-04-20 17:09 - 2012-04-20 17:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Macromedia
2012-04-20 17:07 - 2012-04-20 17:07 - 00000000 ____D C:\Users\Jason\Documents\AlienFX
2012-04-20 17:06 - 2012-04-20 17:06 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Roxio
2012-04-20 17:06 - 2012-04-20 17:06 - 00000000 ____D C:\Users\Jason\AppData\Local\VirtualStore
2012-04-20 17:01 - 2012-04-20 17:01 - 00000020 ___SH C:\Users\Jason\ntuser.ini
2012-04-20 17:01 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries
2012-04-20 16:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-04-20 16:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-04-20 16:42 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-07 04:31 - 2012-06-14 19:05 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 19:05 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-03-30 03:35 - 2012-05-09 19:12 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 11:55 - 2011-02-10 08:03 - 00003652 ____A C:\Windows\TSSysprep.log
2012-03-28 11:53 - 2012-03-28 11:53 - 00000000 ____D C:\Windows\System32\SRSLabs
2012-03-28 11:53 - 2012-03-28 11:53 - 00000000 ____D C:\Program Files\Realtek
2012-03-28 11:53 - 2012-03-28 11:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-28 11:52 - 2012-03-28 11:52 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-03-28 11:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Program Files (x86)\Intel
2012-03-28 11:51 - 2012-03-28 11:51 - 00000000 ____D C:\Intel
2012-03-28 11:49 - 2012-03-28 11:49 - 00028948 ___RA C:\mfg.sdr
2012-03-28 11:49 - 2012-03-28 11:49 - 00000012 ____A C:\Windows\csup.txt
2012-03-28 11:47 - 2012-03-28 11:47 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00296320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-03-28 11:47 - 2012-03-28 11:47 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-03-28 11:47 - 2012-03-28 11:47 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-03-28 11:47 - 2012-03-28 11:47 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-03-28 11:46 - 2012-03-28 11:46 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-03-28 11:46 - 2012-03-28 11:46 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-03-28 11:46 - 2012-03-28 11:46 - 00419744 ____A C:\Windows\System32\locale.nls
2012-03-28 11:46 - 2012-03-28 11:46 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-03-28 11:46 - 2012-03-28 11:46 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-03-28 11:46 - 2012-03-28 11:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-03-28 11:46 - 2012-03-28 11:46 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-03-28 11:46 - 2012-03-28 11:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-03-28 11:32 - 2012-03-28 11:32 - 00003350 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_ALI_ANDROMEDA_R5.mrk
2012-03-28 11:32 - 2012-03-28 11:32 - 00003350 ____A C:\Windows\System32\Drivers\1028_Dell_ALI_ANDROMEDA_R5.mrk
2012-03-28 11:31 - 2012-03-28 11:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-28 11:31 - 2012-03-28 11:31 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-28 11:31 - 2012-03-28 11:31 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-28 11:31 - 2012-03-28 11:31 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-28 11:31 - 2012-03-28 11:31 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-28 11:31 - 2012-03-28 11:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-28 11:31 - 2012-03-28 11:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-28 11:31 - 2012-03-28 11:31 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-28 11:31 - 2012-03-28 11:31 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-28 11:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-03-28 11:29 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-28 11:29 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-28 11:29 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-03-28 11:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-03-28 10:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-03-28 10:44 - 2012-03-28 10:28 - 00000000 ____D C:\Users\All Users\Roxio
2012-03-28 10:44 - 2009-07-13 20:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-03-28 10:37 - 2012-03-28 10:37 - 00002056 ____A C:\Users\Public\Desktop\My PC Information.lnk
2012-03-28 10:37 - 2012-03-28 10:37 - 00000026 ____A C:\AF_BENCHMARKS.XML
2012-03-28 10:37 - 2012-03-28 10:37 - 00000000 ____D C:\Users\Public\Documents\Alienware
2012-03-28 10:36 - 2009-07-13 18:34 - 00000435 ____A C:\Windows\win.ini
2012-03-28 10:32 - 2012-03-28 10:32 - 00000000 ____D C:\Users\All Users\Uninstall
2012-03-28 10:30 - 2012-03-28 10:30 - 00002164 ____A C:\Users\Public\Desktop\Roxio Creator Starter.lnk
2012-03-28 10:30 - 2012-03-28 10:30 - 00000000 ____D C:\Users\All Users\PhotoShow Shared Assets
2012-03-28 10:30 - 2012-03-28 10:30 - 00000000 ____D C:\Program Files\Roxio
2012-03-28 10:30 - 2012-03-28 10:28 - 00000000 ____D C:\Program Files (x86)\Roxio
2012-03-28 10:28 - 2012-03-28 10:28 - 00000000 ____D C:\Users\All Users\Macrovision
2012-03-28 10:27 - 2012-03-28 10:26 - 00198776 ____A C:\Windows\DirectX.log
2012-03-28 10:26 - 2012-03-28 10:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-03-28 10:24 - 2012-03-28 10:24 - 00000000 ____D C:\Program Files (x86)\msi
2012-03-28 10:24 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-28 10:21 - 2012-03-28 10:21 - 00001843 ____A C:\Users\Public\Desktop\Alienware Command Center.lnk
2012-03-28 10:20 - 2012-03-28 10:20 - 00000000 ____D C:\Program Files\Alienware
2012-03-28 10:16 - 2012-03-28 10:16 - 00627600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-28 10:16 - 2012-03-28 10:16 - 00252296 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-28 10:16 - 2012-03-28 10:16 - 00000000 ____D C:\Users\All Users\Sun
2012-03-28 10:16 - 2012-03-28 10:16 - 00000000 ____D C:\Program Files\Java
2012-03-28 10:15 - 2012-03-28 10:15 - 00544656 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-03-28 10:15 - 2012-03-28 10:15 - 00214408 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-03-28 10:15 - 2012-03-28 10:15 - 00000000 ____D C:\Program Files (x86)\Java
2012-03-28 10:02 - 2012-03-28 10:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-28 10:02 - 2012-03-28 10:02 - 00000000 ____D C:\Windows\System32\Macromed
2012-03-28 10:00 - 2012-03-28 09:56 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-03-28 10:00 - 2012-03-28 09:56 - 00000000 ____D C:\Windows\System32\NV
2012-03-28 10:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-03-28 09:58 - 2012-03-28 11:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-28 09:58 - 2012-03-28 09:58 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-28 09:57 - 2012-03-28 11:53 - 00164480 ____A C:\Windows\System32\Drivers\RTWAVES40.dat
2012-03-28 09:57 - 2012-03-28 11:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-03-28 11:47] - [2012-03-28 11:47] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8086.8 MB
Available physical RAM: 7269.29 MB
Total Pagefile: 8085 MB
Available Pagefile: 7259.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:930.32 GB) (Free:881.64 GB) NTFS
3 Drive f: (New_Volume) (Fixed) (Total:931.51 GB) (Free:757.02 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:7.21 GB) (Free:5.26 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.53 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 4096 KB *
Disk 1 Online 931 GB 0 B
Disk 2 Online 7389 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 300 MB 1024 KB
Partition 2 Primary 40 MB 304 MB
Partition 3 Reserved 128 MB 344 MB
Partition 4 Primary 752 MB 472 MB
Partition 5 Primary 930 GB 1224 MB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 ESP FAT32 Partition 300 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : Yes
Required: No
Attrib : 0XC000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 DELLUTILITY FAT32 Partition 40 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 3
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 752 MB Healthy

======================================================================================================

Disk: 0
Partition 5
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 930 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F New_Volume NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7385 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G USB DISK FAT32 Removable 7385 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 09:54

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 12:13 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 04:44 PM

Hey, here is the combofix log:

ComboFix 12-06-24.03 - Jason 24/06/2012 14:28:20.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8087.6443 [GMT -7:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jason\AppData\Local\Temp\{EB1E3A58-1487-46A9-BA92-E61DE3DF813F}\fpb.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 08:53 . 2012-06-24 17:41 -------- d-----w- C:\FRST
2012-06-23 20:37 . 2012-06-23 20:37 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-06-23 20:26 . 2012-06-23 20:26 -------- d-----w- c:\users\Jason\AppData\Roaming\AVG2012
2012-06-23 20:26 . 2012-06-23 20:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-23 20:26 . 2012-06-24 16:44 -------- d-----w- c:\programdata\AVG2012
2012-06-23 20:26 . 2012-06-23 20:27 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-23 20:26 . 2012-06-23 20:26 -------- d-----w- C:\$AVG
2012-06-23 20:25 . 2012-06-23 20:25 -------- d-----w- c:\program files (x86)\AVG
2012-06-23 20:07 . 2012-06-23 20:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 19:26 . 2010-08-06 01:01 14680 ----a-w- c:\windows\system32\sh4native.exe
2012-06-23 19:26 . 2012-06-23 20:14 -------- d-----w- C:\sh4ldr
2012-06-23 19:26 . 2012-06-23 19:26 -------- d-----w- c:\program files\Enigma Software Group
2012-06-23 19:25 . 2012-06-23 20:14 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-23 19:25 . 2012-06-23 19:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-23 17:04 . 2012-06-23 17:04 -------- d-----w- c:\programdata\Common Files
2012-06-23 17:02 . 2012-06-24 08:00 -------- d-----w- c:\programdata\MFAData
2012-06-23 02:42 . 2012-06-23 02:42 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2012-06-23 02:42 . 2012-06-23 02:42 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 01:21 . 2012-06-22 01:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-18 21:22 . 2012-06-18 21:22 -------- d-----w- c:\users\Jason\AppData\Local\Diagnostics
2012-06-15 03:10 . 2012-06-15 03:10 -------- d-----w- c:\program files\iTunes
2012-06-15 03:10 . 2012-06-15 03:10 -------- d-----w- c:\program files (x86)\iTunes
2012-06-15 03:10 . 2012-06-15 03:10 -------- d-----w- c:\program files\iPod
2012-06-15 03:04 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 03:04 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-09 00:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 00:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 00:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 00:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 00:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-09 00:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 00:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 00:49 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 00:49 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 16:34 . 2012-05-01 01:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-18 16:34 . 2012-03-28 18:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:30 . 2012-05-05 05:30 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-30 11:35 . 2012-05-10 03:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 19:47 . 2012-03-28 19:47 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-03-28 19:47 . 2012-03-28 19:47 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-03-28 19:47 . 2012-03-28 19:47 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-03-28 19:47 . 2012-03-28 19:47 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-03-28 19:47 . 2012-03-28 19:47 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-03-28 19:47 . 2012-03-28 19:47 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-03-28 19:47 . 2012-03-28 19:47 491520 ----a-w- c:\windows\system32\mssph.dll
2012-03-28 19:47 . 2012-03-28 19:47 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-28 19:47 . 2012-03-28 19:47 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-03-28 19:47 . 2012-03-28 19:47 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-03-28 19:47 . 2012-03-28 19:47 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-28 19:47 . 2012-03-28 19:47 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-28 19:47 . 2012-03-28 19:47 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-03-28 19:47 . 2012-03-28 19:47 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-28 19:47 . 2012-03-28 19:47 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-03-28 19:47 . 2012-03-28 19:47 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-03-28 19:47 . 2012-03-28 19:47 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-03-28 19:47 . 2012-03-28 19:47 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-03-28 19:47 . 2012-03-28 19:47 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-03-28 19:47 . 2012-03-28 19:47 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-03-28 19:47 . 2012-03-28 19:47 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-03-28 19:47 . 2012-03-28 19:47 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-03-28 19:47 . 2012-03-28 19:47 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-03-28 19:46 . 2012-03-28 19:46 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-28 19:46 . 2012-03-28 19:46 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-28 19:46 . 2012-03-28 19:46 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-28 19:46 . 2012-03-28 19:46 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-03-28 19:46 . 2012-03-28 19:46 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-03-28 19:46 . 2012-03-28 19:46 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-28 19:46 . 2012-03-28 19:46 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-28 19:46 . 2012-03-28 19:46 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-03-28 19:46 . 2012-03-28 19:46 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-03-28 19:46 . 2012-03-28 19:46 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-28 19:46 . 2012-03-28 19:46 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-03-28 19:46 . 2012-03-28 19:46 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-03-28 19:46 . 2012-03-28 19:46 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-03-28 19:46 . 2012-03-28 19:46 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-28 19:46 . 2012-03-28 19:46 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-03-28 19:46 . 2012-03-28 19:46 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-28 19:46 . 2012-03-28 19:46 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-28 19:46 . 2012-03-28 19:46 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-03-28 19:46 . 2012-03-28 19:46 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-03-28 19:46 . 2012-03-28 19:46 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-03-28 19:46 . 2012-03-28 19:46 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-03-28 19:46 . 2012-03-28 19:46 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-03-28 19:46 . 2012-03-28 19:46 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-28 19:46 . 2012-03-28 19:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-03-28 19:46 . 2012-03-28 19:46 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-28 19:46 . 2012-03-28 19:46 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-28 19:46 . 2012-03-28 19:46 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-28 19:46 . 2012-03-28 19:46 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-03-28 19:46 . 2012-03-28 19:46 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-03-28 19:46 . 2012-03-28 19:46 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-28 19:46 . 2012-03-28 19:46 2871808 ----a-w- c:\windows\explorer.exe
2012-03-28 19:46 . 2012-03-28 19:46 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-03-28 19:46 . 2012-03-28 19:46 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-28 19:46 . 2012-03-28 19:46 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-28 19:46 . 2012-03-28 19:46 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-03-28 19:46 . 2012-03-28 19:46 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-03-28 19:46 . 2012-03-28 19:46 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-03-28 19:46 . 2012-03-28 19:46 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-03-28 19:46 . 2012-03-28 19:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-03-28 19:46 . 2012-03-28 19:46 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-28 19:46 . 2012-03-28 19:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-20 2253120]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-05-25 67584]
S2 MSI_ODD_Service;MSI_ODD_Service;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-05 76800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NTIOLib_X64;NTIOLib_X64;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-01-18 14136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 16:34]
.
2012-06-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57]
.
2012-06-23 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
2012-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-03 6412904]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-20 1157224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-12-15 12616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-24 14:34:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 21:34
.
Pre-Run: 946,495,975,424 bytes free
Post-Run: 946,474,115,072 bytes free
.
- - End Of File - - 0F92228ED2AD1A79EA42D1F66CA52972

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 04:50 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 07:33 PM

Hey, here are the next logs (MBAM did not detect anything):

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jason :: SPARKBOX [administrator]

24/06/2012 4:07:19 PM
mbam-log-2012-06-24 (16-07-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227974
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\FRST\Quarantine\{3719db6d-f96a-db48-c0c7-e4b764658731}\U\00000001.@ Win64/Sirefef.AI trojan
C:\FRST\Quarantine\{3719db6d-f96a-db48-c0c7-e4b764658731}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\487ce36e-6fee3c87 Java/Exploit.CVE-2012-0507.BR trojan
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\22ac4bc8-6fab3fc8 Java/Exploit.CVE-2012-0507.BR trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 07:47 PM

we can delete those detections by clearing the Java cache (the other detections are already in quarantine)

Click Start > Control Panel.
Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

There are three options on this window to clear the cache.

  • Delete Files
  • View Applications
  • View Applets


Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.


while you have the Java console open, choose the "update" tab and update to the latest Java


how is the computer running now?

are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 08:18 PM

Hey.
When I was in the Java console, there was no "update" tab, just "general", "java", "security", and "advanced". In the bottom right corner of my desktop screen it says "test mode". Does that somehow have something to do with it?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 08:30 PM

Hi,

make sure windows is properly activated (malware can cause some strange effects)

Click on the Start Menu > right click on Computer > click Properties

In the window that pops up > scroll down to the bottom > it should say if it's activated, or how many days you have to activate.

let me know what it says


NEXT


Open an elevated command window

Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.


Now copy/paste this command at the command prompt > press enter:

Bcdedit.exe -set TESTSIGNING OFF

Reboot the PC and the test mode should go away

let me know if it does.

Edited by CatByte, 24 June 2012 - 08:30 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 08:42 PM

Hey,
For the first part, it said that windows was activated.
For the second part, the "test" message is gone, but there is still not a update tab for Java when I go in through the control panel--not sure if that is a big deal or not though. Everything else on my computer seems to running perfectly!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:42 PM

Posted 24 June 2012 - 09:05 PM

download the most up to date Java manually, it may add the tab:

http://java.com/en/download/index.jsp


let me know how that went and if there are any other issues


if not then we can clean up our tools (there is a special cleanup routine we need to do)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 JasonRichard

JasonRichard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 June 2012 - 10:30 PM

Hey,

Java is now updated and I don't think there are anymore issues! Thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users