Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something really nasty on my computer, need help. . . . .


  • This topic is locked This topic is locked
2 replies to this topic

#1 mcwaffle

mcwaffle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 08 December 2012 - 06:01 AM

There is something nasty on my comp. . . . . . i think its a backdoor and related to update among other things. . . . please help

I have been at it about 10 hours , I will be on for another 12 to be able to follow instructions in a timely should someone recognize problem and be able to help

RogueKiller V8.3.2 [Dec 7 2012] by Tigzymail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : p [Admin rights]
Mode : Remove -- Date : 12/08/2012 06:52:57

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] HelpPane.exe -- C:\Windows\HelpPane.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 0bbfbf18118e9a1d21d4ddaa723f21c1
[BSP] ee836e08b222815dbc6d54affd48dcc1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464023 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 953393152 | Size: 11416 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[12]_D_12082012_02d0652.txt >>
RKreport[10]_S_12082012_02d0428.txt ; RKreport[11]_S_12082012_02d0652.txt ; RKreport[12]_D_12082012_02d0652.txt ; RKreport[1]_S_12082012_02d0314.txt ; RKreport[2]_D_12082012_02d0315.txt ;
RKreport[3]_D_12082012_02d0315.txt ; RKreport[4]_S_12082012_02d0404.txt ; RKreport[5]_D_12082012_02d0405.txt ; RKreport[6]_H_12082012_02d0405.txt ; RKreport[7]_PR_12082012_02d0405.txt ;
RKreport[8]_DN_12082012_02d0405.txt ; RKreport[9]_SC_12082012_02d0405.txt



_____________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16800
Run by p at 6:33:05 on 2012-12-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2335 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\windows\helppane.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{8C01244C-7977-4DC2-93E7-823944CDAA10} : DHCPNameServer = 208.59.247.45 208.59.247.46
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-12-7 482384]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-8 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-8 676936]
R2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-7-29 297344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-7 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2009-12-23 71168]
R3 bpmp;bpmp;C:\windows\System32\drivers\bpmp.sys [2009-12-23 174592]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2009-12-23 81920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-12-7 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-8 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-12-7 331880]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-12-7 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-8 1255736]
.
=============== Created Last 30 ================
.
2012-12-08 14:09:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-08 11:05:18 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36959741-A850-44C6-99A8-508FA380405D}\offreg.dll
2012-12-08 11:02:17 -------- d-s---w- C:\ComboFix
2012-12-08 10:25:21 -------- d-----w- C:\Users\p\AppData\Roaming\Malwarebytes
2012-12-08 10:25:18 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-12-08 10:25:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-08 10:19:03 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-12-08 10:00:51 -------- d-----w- C:\Users\p\AppData\Local\temp
2012-12-08 09:39:09 -------- d-----w- C:\Program Files\CCleaner
2012-12-08 09:11:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-08 08:58:02 99328 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2012-12-08 08:58:02 7936 ----a-w- C:\windows\System32\drivers\usbd.sys
2012-12-08 08:58:02 52224 ----a-w- C:\windows\System32\drivers\usbehci.sys
2012-12-08 08:58:02 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2012-12-08 08:58:02 324608 ----a-w- C:\windows\System32\drivers\usbport.sys
2012-12-08 08:58:02 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2012-12-08 08:58:02 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2012-12-08 08:57:59 2566144 ----a-w- C:\windows\System32\esent.dll
2012-12-08 08:57:58 96768 ----a-w- C:\windows\System32\fsutil.exe
2012-12-08 08:57:58 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2012-12-08 08:57:58 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2012-12-08 08:57:58 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2012-12-08 08:57:58 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2012-12-08 08:57:58 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2012-12-08 08:57:58 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2012-12-08 08:57:58 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2012-12-08 08:57:58 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2012-12-08 08:52:03 -------- d-----w- C:\Program Files (x86)\trend micro
2012-12-08 08:46:29 -------- d-----w- C:\windows\SysWow64\Wat
2012-12-08 08:46:29 -------- d-----w- C:\windows\System32\Wat
2012-12-08 08:38:50 916456 ----a-w- C:\windows\System32\deployJava1.dll
2012-12-08 08:38:50 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-12-08 08:38:37 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2012-12-08 08:31:41 -------- d-----w- C:\Users\p\AppData\Roaming\QuickScan
2012-12-08 08:26:06 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2012-12-08 08:26:06 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2012-12-08 08:23:39 -------- d-----w- C:\FRST
2012-12-08 08:16:18 -------- d-----w- C:\windows\ERUNT
2012-12-08 08:15:43 -------- d-----w- C:\JRT
2012-12-08 08:12:54 1461029 ----a-w- C:\FRST64.exe
2012-12-08 08:11:42 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-12-08 08:11:42 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-12-08 08:11:42 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-12-08 08:11:42 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-08 08:07:21 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2012-12-08 08:07:21 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2012-12-08 08:07:21 48960 ----a-w- C:\windows\System32\netfxperf.dll
2012-12-08 08:07:21 444752 ----a-w- C:\windows\System32\mscoree.dll
2012-12-08 08:07:21 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2012-12-08 08:07:21 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2012-12-08 08:07:21 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2012-12-08 08:07:21 1942856 ----a-w- C:\windows\System32\dfshim.dll
2012-12-08 08:07:21 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2012-12-08 08:07:21 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2012-12-08 08:04:25 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-12-08 08:04:25 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-12-08 08:04:25 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-12-08 08:04:25 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-12-08 08:04:25 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-12-08 08:04:25 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-12-08 08:04:24 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-12-08 08:02:34 80896 ----a-w- C:\windows\System32\imagehlp.dll
2012-12-08 08:02:34 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-12-08 08:02:34 5120 ----a-w- C:\windows\System32\wmi.dll
2012-12-08 08:02:34 22896 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-12-08 08:02:34 158720 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-12-08 08:00:55 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2012-12-08 08:00:55 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2012-12-08 07:37:57 98816 ----a-w- C:\windows\sed.exe
2012-12-08 07:37:57 256000 ----a-w- C:\windows\PEV.exe
2012-12-08 07:37:57 208896 ----a-w- C:\windows\MBR.exe
2012-12-08 07:36:00 -------- d-----w- C:\Users\p\AppData\Local\Google
2012-12-08 06:24:59 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-12-08 06:14:29 826368 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-12-08 06:14:29 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-12-08 06:14:29 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-12-08 06:11:48 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-12-08 06:11:44 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-12-08 06:11:36 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-12-08 06:11:36 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-12-08 05:58:07 -------- d-----w- C:\Users\p\AppData\Local\TOSHIBA_Corporation
2012-12-08 05:28:11 -------- d-----w- C:\Users\p\AppData\Local\Diagnostics
2012-12-08 04:06:14 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36959741-A850-44C6-99A8-508FA380405D}\mpengine.dll
2012-12-08 04:06:13 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-12-08 03:46:24 -------- d-----w- C:\Users\p\AppData\Local\Apps
2012-12-08 03:46:23 -------- d-----w- C:\Users\p\AppData\Local\Deployment
2012-12-08 03:46:20 -------- d-----w- C:\Users\p\AppData\Roaming\Intel
2012-12-08 03:45:36 -------- d-----w- C:\Users\p\AppData\Local\VirtualStore
2012-12-08 03:45:12 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2012-12-08 00:32:54 -------- dc----w- C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-12-08 00:32:17 -------- d--h--w- C:\windows\msdownld.tmp
2012-12-08 00:31:39 -------- d-----w- C:\ProgramData\Blio
2012-12-08 00:29:40 -------- d-----w- C:\ProgramData\Norton
2012-12-08 00:29:21 -------- d-----w- C:\ProgramData\NortonInstaller
2012-12-08 00:28:19 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2012-12-08 00:28:16 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2012-12-08 00:28:16 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2012-12-08 00:27:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-12-08 00:27:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-12-08 00:24:39 -------- d-----w- C:\Program Files\Common Files\Intel
2012-12-08 00:24:38 -------- d-----w- C:\Program Files (x86)\Cisco
2012-12-08 00:22:37 8192 ----a-w- C:\windows\System32\TSBWLS.dll
2012-12-08 00:22:37 49664 ----a-w- C:\windows\System32\HWS_Ctrl.dll
2012-12-08 00:20:09 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-12-08 00:20:09 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-12-08 00:18:02 -------- d-----w- C:\windows\SysWow64\Microsoft.VC80.MFC
2012-12-08 00:18:02 -------- d-----w- C:\windows\System32\Microsoft.VC80.MFC
2012-12-08 00:18:01 -------- d-----w- C:\ProgramData\xp
2012-12-08 00:18:01 -------- d-----w- C:\ProgramData\win7_64
2012-12-08 00:18:01 -------- d-----w- C:\ProgramData\win7_32
2012-12-08 00:18:01 -------- d-----w- C:\ProgramData\vista64
2012-12-08 00:18:01 -------- d-----w- C:\ProgramData\vista32
2012-12-08 00:16:09 -------- d-----w- C:\Program Files\Synaptics
2012-12-08 00:14:14 74272 ----a-w- C:\windows\System32\RtNicProp64.dll
2012-12-08 00:14:14 331880 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2012-12-08 00:14:14 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2012-12-08 00:13:43 -------- d-----w- C:\Program Files (x86)\JMicron
2012-12-08 00:13:37 -------- d-----w- C:\windows\SysWow64\SDA
2012-12-08 00:11:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-12-08 00:11:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-08 00:11:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-08 00:09:59 538136 ----a-w- C:\windows\System32\drivers\iaStor.sys
2012-12-08 00:07:03 -------- d-----w- C:\Intel
2012-12-08 00:06:34 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-12-08 00:06:29 56344 ----a-w- C:\windows\System32\drivers\HECIx64.sys
.
==================== Find3M ====================
.
2012-10-18 18:18:22 3147264 ----a-w- C:\windows\System32\win32k.sys
2012-10-16 21:20:49 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20:46 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34:37 559104 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-09-25 22:39:14 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-25 21:55:17 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-14 19:23:40 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 6:33:24.54 ===============




_____________________


ComboFix 12-12-07.01 - p 12/08/2012 6:46.8.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2317 [GMT -5:00]
Running from: \\localhost\C$\@GMT-2012.12.08-07.13.05\Users\p\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 11:50 . 2012-12-08 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 11:05 . 2012-12-08 11:05 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36959741-A850-44C6-99A8-508FA380405D}\offreg.dll
2012-12-08 10:31 . 2012-10-30 02:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-12-08 10:25 . 2012-12-08 10:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-08 10:25 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 10:19 . 2012-12-08 10:19 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-12-08 09:39 . 2012-12-08 09:39 -------- d-----w- c:\program files\CCleaner
2012-12-08 09:11 . 2012-12-08 09:11 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 08:58 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-12-08 08:58 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-08 08:58 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-12-08 08:58 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-12-08 08:58 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-12-08 08:58 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-12-08 08:58 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-12-08 08:57 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2012-12-08 08:57 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-12-08 08:57 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-12-08 08:57 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-12-08 08:57 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-12-08 08:57 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-12-08 08:57 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-12-08 08:57 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2012-12-08 08:57 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-12-08 08:57 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-12-08 08:52 . 2012-12-08 09:24 -------- d-----w- c:\program files (x86)\trend micro
2012-12-08 08:52 . 2012-12-08 08:52 -------- d-----w- C:\rsit
2012-12-08 08:46 . 2012-12-08 08:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-12-08 08:46 . 2012-12-08 08:46 -------- d-----w- c:\windows\system32\Wat
2012-12-08 08:38 . 2012-12-08 08:38 289768 ----a-w- c:\windows\system32\javaws.exe
2012-12-08 08:38 . 2012-12-08 08:38 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-08 08:38 . 2012-12-08 08:38 189416 ----a-w- c:\windows\system32\javaw.exe
2012-12-08 08:38 . 2012-12-08 08:38 188904 ----a-w- c:\windows\system32\java.exe
2012-12-08 08:38 . 2012-12-08 08:38 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-08 08:38 . 2012-12-08 08:38 -------- d-----w- c:\program files\Java
2012-12-08 08:26 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-12-08 08:26 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-12-08 08:23 . 2012-12-08 08:23 -------- d-----w- C:\FRST
2012-12-08 08:16 . 2012-12-08 08:16 -------- d-----w- c:\windows\ERUNT
2012-12-08 08:15 . 2012-12-08 09:29 -------- d-----w- C:\JRT
2012-12-08 08:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-08 08:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-08 08:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-08 08:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-08 08:07 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-12-08 08:07 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-12-08 08:07 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-12-08 08:07 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-12-08 08:07 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-12-08 08:07 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-12-08 08:07 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-12-08 08:07 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-12-08 08:07 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-12-08 08:07 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-12-08 08:04 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-08 08:04 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-08 08:04 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-08 08:04 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-08 08:04 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-08 08:04 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-08 08:04 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-08 08:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-08 08:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-08 08:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-08 08:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-08 08:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-08 08:00 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-12-08 08:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-12-08 07:12 . 2012-12-08 07:12 -------- d-----w- c:\programdata\McAfee
2012-12-08 06:24 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-12-08 06:23 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-12-08 06:22 . 2012-06-16 05:25 609792 ----a-w- c:\windows\system32\vbscript.dll
2012-12-08 06:14 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-12-08 06:14 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-12-08 06:14 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-12-08 06:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-12-08 06:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-12-08 06:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-12-08 06:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-12-08 06:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-12-08 06:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-12-08 06:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-12-08 06:11 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-08 06:11 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-12-08 04:06 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36959741-A850-44C6-99A8-508FA380405D}\mpengine.dll
2012-12-08 04:06 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-12-08 03:45 . 2012-12-08 03:45 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-12-08 03:44 . 2012-12-08 08:00 -------- d-----w- c:\users\p
2012-12-08 00:32 . 2012-12-08 00:32 -------- dc----w- c:\programdata\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-12-08 00:32 . 2012-12-08 00:32 -------- d--h--w- c:\windows\msdownld.tmp
2012-12-08 00:31 . 2012-12-08 00:31 -------- d-----w- c:\users\Public\Book Place
2012-12-08 00:31 . 2012-12-08 00:31 -------- d-----w- c:\programdata\Blio
2012-12-08 00:29 . 2012-12-08 05:56 -------- d-----w- c:\programdata\Norton
2012-12-08 00:28 . 2012-12-08 00:28 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-12-08 00:28 . 2010-05-09 02:38 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-12-08 00:28 . 2009-03-09 23:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-08 00:27 . 2012-12-08 00:27 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-12-08 00:27 . 2012-12-08 00:27 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-12-08 00:24 . 2012-12-08 10:19 -------- d-----w- c:\program files\Common Files\Intel
2012-12-08 00:24 . 2012-12-08 00:27 -------- d-----w- c:\program files\Intel
2012-12-08 00:24 . 2012-12-08 00:24 -------- d-----w- c:\program files (x86)\Cisco
2012-12-08 00:24 . 2012-12-08 00:24 -------- d-----w- c:\programdata\Intel
2012-12-08 00:22 . 2010-03-05 00:44 8192 ----a-w- c:\windows\system32\TSBWLS.dll
2012-12-08 00:22 . 2010-03-05 00:44 49664 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2012-12-08 00:20 . 1999-10-13 02:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-12-08 00:20 . 1999-10-13 02:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-12-08 00:19 . 2012-12-08 00:19 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-08 00:19 . 2012-12-08 00:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-08 00:18 . 2012-12-08 00:18 -------- d-----w- c:\windows\SysWow64\Microsoft.VC80.MFC
2012-12-08 00:18 . 2012-12-08 00:18 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC
2012-12-08 00:18 . 2012-12-08 00:21 -------- d-----w- c:\programdata\win7_64
2012-12-08 00:18 . 2012-12-08 00:21 -------- d-----w- c:\programdata\win7_32
2012-12-08 00:18 . 2012-12-08 00:18 -------- d-----w- c:\programdata\vista64
2012-12-08 00:18 . 2012-12-08 00:18 -------- d-----w- c:\programdata\vista32
2012-12-08 00:18 . 2012-12-08 00:18 -------- d-----w- c:\programdata\xp
2012-12-08 00:16 . 2012-12-08 00:16 -------- d-----w- c:\program files\Synaptics
2012-12-08 00:14 . 2010-05-03 22:44 331880 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-12-08 00:14 . 2010-01-06 08:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-12-08 00:14 . 2009-12-04 01:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-12-08 00:13 . 2012-12-08 00:13 -------- d-----w- c:\program files\DIFX
2012-12-08 00:13 . 2012-12-08 00:13 -------- d-----w- c:\program files (x86)\JMicron
2012-12-08 00:13 . 2012-12-08 00:13 -------- d-----w- c:\windows\SysWow64\SDA
2012-12-08 00:11 . 2012-12-08 00:11 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-08 00:11 . 2012-12-08 00:11 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-08 00:11 . 2006-02-07 23:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 21:20 . 2012-12-08 06:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-12-08 06:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-12-08 06:22 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-19 164464]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-08 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-09 482384]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-23 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-12-23 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-12-23 81920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
.
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-08 06:51:39
ComboFix-quarantined-files.txt 2012-12-08 11:51
ComboFix2.txt 2012-12-08 10:02
ComboFix3.txt 2012-12-08 08:07
ComboFix4.txt 2012-12-08 07:43
.
Pre-Run: 456,229,249,024 bytes free
Post-Run: 456,215,719,936 bytes free
.
- - End Of File - - 91C06879F70380B3EE5E683712C760CB
_________________________________






Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012Ran by p at 08-12-2012 06:57:18
Running from C:\
(X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-12-08 06:52 - 2012-12-08 06:52 - 00001799 ____A C:\Users\p\Desktop\RKreport[11]_S_12082012_02d0652.txt
2012-12-08 06:52 - 2012-12-08 06:52 - 00001766 ____A C:\Users\p\Desktop\RKreport[12]_D_12082012_02d0652.txt
2012-12-08 06:51 - 2012-12-08 06:51 - 00019886 ____A C:\ComboFix.txt
2012-12-08 06:33 - 2012-12-08 06:33 - 00016545 ____A C:\Users\p\Desktop\dds.txt
2012-12-08 06:33 - 2012-12-08 06:33 - 00010728 ____A C:\Users\p\Desktop\attach.txt
2012-12-08 06:32 - 2012-12-08 06:32 - 00688992 ____R (Swearware) C:\Users\p\Desktop\dds.scr
2012-12-08 06:01 - 2012-12-08 06:01 - 00058016 ____A C:\Users\p\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-08 05:31 - 2012-10-29 21:04 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-08 05:28 - 2012-12-08 05:28 - 00000684 ____A C:\Users\p\Desktop\GooredFix.txt
2012-12-08 05:28 - 2012-12-08 05:28 - 00000000 ____D C:\Users\p\Desktop\GooredFix Backups
2012-12-08 05:26 - 2012-12-08 05:26 - 00071398 ____A (jpshortstuff) C:\Users\p\Downloads\GooredFix.exe
2012-12-08 05:26 - 2012-12-08 05:26 - 00071398 ____A (jpshortstuff) C:\Users\p\Desktop\GooredFix (1).exe
2012-12-08 05:25 - 2012-12-08 05:25 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-08 05:25 - 2012-12-08 05:25 - 00000000 ____D C:\Users\p\AppData\Roaming\Malwarebytes
2012-12-08 05:25 - 2012-12-08 05:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-08 05:25 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-08 05:24 - 2012-12-08 05:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\p\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-08 05:24 - 2012-12-08 05:24 - 00302592 ____A C:\Users\p\Downloads\elmovf6k.exe
2012-12-08 05:13 - 2012-12-08 05:16 - 87412106 ____A (Intel Corporation) C:\Users\p\Downloads\Win7Vista_64_152257.exe
2012-12-08 05:11 - 2012-12-08 05:11 - 00895464 ____A (Oracle Corporation) C:\Users\p\Downloads\chromeinstall-7u9.exe
2012-12-08 05:07 - 2012-12-08 05:07 - 06181783 ____A (Intel Corporation) C:\Users\p\Downloads\win2k_xp14103.exe
2012-12-08 04:52 - 2012-12-08 06:23 - 00002720 ____A C:\Windows\PFRO.log
2012-12-08 04:52 - 2012-12-08 04:52 - 00267240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-08 04:47 - 2012-12-08 06:25 - 00000598 ____A C:\Windows\setupact.log
2012-12-08 04:47 - 2012-12-08 04:47 - 00003452 ____A C:\Windows\DPINST.LOG
2012-12-08 04:47 - 2012-12-08 04:47 - 00000000 ____A C:\Windows\setuperr.log
2012-12-08 04:41 - 2012-12-08 04:41 - 00065038 ____A C:\Users\p\Documents\cc_20121208_044115.reg
2012-12-08 04:39 - 2012-12-08 04:39 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-08 04:39 - 2012-12-08 04:39 - 00000000 ____D C:\Program Files\CCleaner
2012-12-08 04:38 - 2012-12-08 04:38 - 04167720 ____A (Piriform Ltd) C:\Users\p\Downloads\ccsetup325.exe
2012-12-08 04:38 - 2012-12-08 04:38 - 04167720 ____A (Piriform Ltd) C:\Users\p\Desktop\ccsetup325 (1).exe
2012-12-08 04:35 - 2012-12-08 04:35 - 00000667 ____A C:\Users\p\Desktop\JRT.txt
2012-12-08 04:28 - 2012-12-08 04:28 - 00001547 ____A C:\Users\p\Desktop\RKreport[10]_S_12082012_02d0428.txt
2012-12-08 04:14 - 2012-12-08 04:14 - 00002147 ____A C:\Users\p\Desktop\aswMBR.txt
2012-12-08 04:14 - 2012-12-08 04:14 - 00000512 ____A C:\Users\p\Desktop\MBR.dat
2012-12-08 04:11 - 2012-12-08 04:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-08 04:10 - 2012-12-08 04:17 - 00000000 ____D C:\Users\p\Desktop\mbar
2012-12-08 04:09 - 2012-12-08 04:09 - 13485902 ____A C:\Users\p\Desktop\mbar-1.01.0.1011.zip
2012-12-08 04:08 - 2012-12-08 04:09 - 13485902 ____A C:\Users\p\Downloads\mbar-1.01.0.1011.zip
2012-12-08 04:05 - 2012-12-08 04:05 - 00001481 ____A C:\Users\p\Desktop\RKreport[5]_D_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00001399 ____A C:\Users\p\Desktop\RKreport[9]_SC_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000903 ____A C:\Users\p\Desktop\RKreport[6]_H_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000870 ____A C:\Users\p\Desktop\RKreport[8]_DN_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000834 ____A C:\Users\p\Desktop\RKreport[7]_PR_12082012_02d0405.txt
2012-12-08 04:04 - 2012-12-08 04:04 - 00001438 ____A C:\Users\p\Desktop\RKreport[4]_S_12082012_02d0404.txt
2012-12-08 03:58 - 2011-03-28 22:32 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00324608 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-12-08 03:58 - 2011-03-28 22:32 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-12-08 03:57 - 2011-03-11 01:23 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-12-08 03:57 - 2011-03-11 01:23 - 00187264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-12-08 03:57 - 2011-03-11 01:23 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-12-08 03:57 - 2011-03-11 01:23 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-12-08 03:57 - 2011-03-11 01:22 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-12-08 03:57 - 2011-03-11 01:22 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-12-08 03:57 - 2011-03-11 01:18 - 02566144 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-12-08 03:57 - 2011-03-11 01:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-12-08 03:57 - 2011-03-11 00:39 - 01686016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-12-08 03:57 - 2011-03-11 00:37 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-12-08 03:57 - 2011-03-10 23:31 - 00091136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-12-08 03:52 - 2012-12-08 04:24 - 00000000 ____D C:\Program Files (x86)\trend micro
2012-12-08 03:52 - 2012-12-08 03:52 - 00000000 ____D C:\rsit
2012-12-08 03:42 - 2012-12-08 03:42 - 00781383 ____A C:\Users\p\Desktop\RSIT.exe
2012-12-08 03:42 - 2012-12-08 03:42 - 00021699 ____A C:\Users\p\Desktop\stinger.aspx
2012-12-08 03:38 - 2012-12-08 03:38 - 32690664 ____A (Oracle Corporation) C:\Users\p\Downloads\jre-7u6-windows-x64.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00000000 ____D C:\Program Files\Java
2012-12-08 03:37 - 2012-12-08 03:37 - 00856731 ____A C:\Users\p\Downloads\SecurityCheck.exe
2012-12-08 03:31 - 2012-12-08 03:31 - 00000000 ____D C:\Users\p\AppData\Roaming\QuickScan
2012-12-08 03:30 - 2012-12-08 03:30 - 00791393 ____A (Lars Hederer ) C:\Users\p\Downloads\erunt-setup.exe
2012-12-08 03:26 - 2010-09-14 01:45 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-12-08 03:26 - 2010-09-14 01:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2012-12-08 03:25 - 2012-12-08 04:03 - 00002272 ____A C:\Users\p\Desktop\FSS.txt
2012-12-08 03:23 - 2012-12-08 03:24 - 00034247 ____A C:\Users\p\Desktop\FRST.txt
2012-12-08 03:23 - 2012-12-08 03:23 - 00000000 ____D C:\FRST
2012-12-08 03:16 - 2012-12-08 03:16 - 00000000 ____D C:\Windows\ERUNT
2012-12-08 03:15 - 2012-12-08 04:29 - 00000000 ____D C:\JRT
2012-12-08 03:15 - 2012-12-08 03:15 - 00001311 ____A C:\Users\p\Desktop\RKreport[2]_D_12082012_02d0315.txt
2012-12-08 03:15 - 2012-12-08 03:15 - 00001283 ____A C:\Users\p\Desktop\RKreport[3]_D_12082012_02d0315.txt
2012-12-08 03:14 - 2012-12-08 06:52 - 00000000 ____D C:\Users\p\Desktop\RK_Quarantine
2012-12-08 03:14 - 2012-12-08 03:14 - 00446725 ____A (Oleg N. Scherbakov) C:\Users\p\Downloads\JRT.exe
2012-12-08 03:14 - 2012-12-08 03:14 - 00446725 ____A (Oleg N. Scherbakov) C:\Users\p\Desktop\JRT.exe
2012-12-08 03:14 - 2012-12-08 03:14 - 00001345 ____A C:\Users\p\Desktop\RKreport[1]_S_12082012_02d0314.txt
2012-12-08 03:13 - 2012-12-08 03:14 - 00753152 ____A C:\Users\p\Downloads\RogueKiller.exe
2012-12-08 03:13 - 2012-12-08 03:14 - 00753152 ____A C:\Users\p\Desktop\RogueKiller.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 01461029 ____A (Farbar) C:\Users\p\Downloads\FRST64.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 01461029 ____A (Farbar) C:\FRST64.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 00696379 ____A (Farbar) C:\Users\p\Downloads\FSS.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 00696379 ____A (Farbar) C:\Users\p\Desktop\FSS.exe
2012-12-08 03:11 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-12-08 03:11 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-12-08 03:11 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-12-08 03:11 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-12-08 03:07 - 2009-11-25 12:47 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-12-08 03:07 - 2009-11-25 12:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2012-12-08 03:07 - 2009-11-25 12:47 - 00109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2012-12-08 03:07 - 2009-11-25 12:47 - 00048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-12-08 03:04 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-12-08 03:04 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-12-08 03:04 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-12-08 03:04 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-12-08 03:04 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-12-08 03:04 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-12-08 03:04 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-12-08 03:04 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-12-08 03:02 - 2012-03-01 01:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-12-08 03:02 - 2012-03-01 01:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-12-08 03:02 - 2012-03-01 01:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-12-08 03:02 - 2012-03-01 00:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-12-08 03:02 - 2012-03-01 00:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-12-08 03:01 - 2012-12-08 03:53 - 00001462 ____A C:\Users\p\Desktop\FixExec.txt
2012-12-08 03:01 - 2012-12-08 03:01 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\p\Downloads\FixExec.exe
2012-12-08 03:01 - 2012-12-08 03:01 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\FixExec.exe
2012-12-08 03:00 - 2012-12-08 05:27 - 00000464 ____A C:\Users\p\Desktop\defogger_disable.log
2012-12-08 03:00 - 2012-12-08 03:00 - 00050477 ____A C:\Users\p\Downloads\Defogger.exe
2012-12-08 03:00 - 2012-12-08 03:00 - 00050477 ____A C:\Users\p\Desktop\Defogger.exe
2012-12-08 03:00 - 2012-12-08 03:00 - 00000236 ____A C:\Users\p\Desktop\defogger_enable.log
2012-12-08 03:00 - 2012-12-08 03:00 - 00000000 ____A C:\Users\p\defogger_reenable
2012-12-08 03:00 - 2010-03-03 23:40 - 00184832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-12-08 03:00 - 2010-03-03 23:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-12-08 02:44 - 2012-12-08 02:44 - 04732416 ____A (AVAST Software) C:\Users\p\Downloads\aswMBR.exe
2012-12-08 02:44 - 2012-12-08 02:44 - 04732416 ____A (AVAST Software) C:\Users\p\Desktop\aswMBR.exe
2012-12-08 02:37 - 2012-12-08 06:51 - 00000000 ____D C:\Qoobox
2012-12-08 02:37 - 2012-12-08 02:37 - 05010414 ____R (Swearware) C:\Users\p\Desktop\ComboFix.exe
2012-12-08 02:37 - 2012-12-08 02:37 - 00001396 ____A C:\Users\p\Desktop\ComboFix - Shortcut.lnk
2012-12-08 02:37 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-08 02:37 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-08 02:37 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-08 02:37 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-08 02:37 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-08 02:37 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-08 02:37 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-08 02:37 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-08 02:36 - 2012-12-08 02:36 - 05010414 ____A (Swearware) C:\Users\p\Downloads\ComboFix.exe
2012-12-08 02:36 - 2012-12-08 02:36 - 00000000 ____D C:\Users\p\AppData\Local\Google
2012-12-08 02:34 - 2011-05-28 00:22 - 09316352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-08 02:34 - 2011-05-27 23:38 - 05984256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-08 02:34 - 2011-05-27 22:25 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-08 02:34 - 2011-05-27 22:00 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-08 02:34 - 2011-04-22 15:18 - 01500160 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-08 02:34 - 2011-04-22 15:18 - 01197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-08 02:34 - 2011-04-22 15:15 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-12-08 02:34 - 2011-04-22 15:14 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-08 02:34 - 2011-04-22 15:14 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-08 02:34 - 2011-04-22 15:14 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-12-08 02:34 - 2011-04-22 15:14 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 02448896 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-08 02:34 - 2011-04-22 15:13 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-08 02:34 - 2011-04-22 15:09 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-12-08 02:34 - 2011-04-22 14:31 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 02063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 01229824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-08 02:34 - 2011-04-22 14:31 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-12-08 02:34 - 2011-04-22 14:30 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-12-08 02:34 - 2011-04-22 13:49 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-12-08 02:34 - 2011-04-22 13:23 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-12-08 02:12 - 2012-12-08 02:12 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-08 02:11 - 2012-12-08 02:11 - 00895464 ____A (Oracle Corporation) C:\Users\p\Desktop\JavaSetup7u9.exe
2012-12-08 02:09 - 2012-12-08 02:09 - 00887296 ____A (Tigzy) C:\Users\p\Desktop\WhyIGotInfected.exe
2012-12-08 01:56 - 2012-12-08 01:56 - 00000000 ____D C:\Users\p\Desktop\Autoruns
2012-12-08 01:55 - 2012-12-08 01:55 - 00540921 ____A C:\Users\p\Desktop\Autoruns.zip
2012-12-08 01:46 - 2012-12-08 01:47 - 00028356 ____A C:\Users\p\Desktop\Result.txt
2012-12-08 01:25 - 2012-10-18 13:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-08 01:25 - 2012-08-31 13:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-12-08 01:25 - 2012-06-06 00:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-12-08 01:25 - 2012-06-06 00:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-12-08 01:25 - 2012-06-06 00:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-12-08 01:25 - 2012-03-03 01:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-12-08 01:25 - 2012-03-03 01:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-12-08 01:25 - 2012-03-03 01:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-12-08 01:25 - 2012-03-03 01:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-12-08 01:25 - 2012-03-03 01:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-12-08 01:25 - 2012-03-03 00:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-12-08 01:25 - 2012-03-03 00:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-12-08 01:25 - 2012-03-03 00:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-12-08 01:25 - 2012-03-03 00:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-12-08 01:25 - 2012-03-03 00:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-12-08 01:25 - 2012-01-04 04:58 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-12-08 01:25 - 2012-01-04 04:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-12-08 01:25 - 2011-11-17 02:12 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-12-08 01:25 - 2011-11-17 00:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-12-08 01:25 - 2011-10-26 00:33 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-12-08 01:25 - 2011-10-26 00:22 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-12-08 01:25 - 2011-10-25 23:33 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-12-08 01:25 - 2011-10-25 23:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-12-08 01:25 - 2011-07-08 21:44 - 00287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-12-08 01:25 - 2011-06-16 00:31 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-12-08 01:25 - 2011-06-15 23:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-12-08 01:25 - 2011-06-15 04:58 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-12-08 01:25 - 2011-06-15 04:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-12-08 01:25 - 2011-06-15 04:58 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-12-08 01:25 - 2011-06-15 04:58 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-12-08 01:25 - 2011-06-15 04:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-12-08 01:25 - 2011-06-15 04:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-12-08 01:25 - 2011-06-15 04:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-12-08 01:25 - 2011-06-15 04:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-12-08 01:25 - 2011-06-15 04:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-12-08 01:25 - 2011-05-03 21:51 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-12-08 01:25 - 2011-05-03 21:51 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-12-08 01:25 - 2011-04-26 21:57 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-12-08 01:25 - 2011-04-09 01:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-12-08 01:25 - 2011-04-09 00:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-12-08 01:25 - 2011-02-26 01:23 - 02870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-12-08 01:25 - 2011-02-26 00:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-12-08 01:25 - 2010-12-23 01:07 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-12-08 01:25 - 2010-12-23 01:07 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-12-08 01:25 - 2010-12-23 01:02 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-12-08 01:25 - 2010-12-23 00:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-12-08 01:25 - 2010-12-23 00:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-12-08 01:25 - 2010-12-23 00:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-12-08 01:25 - 2010-11-02 00:18 - 00524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-12-08 01:25 - 2010-11-02 00:17 - 01169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-12-08 01:25 - 2010-11-02 00:17 - 00473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-12-08 01:25 - 2010-11-02 00:16 - 01114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-12-08 01:25 - 2010-11-02 00:10 - 00464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-12-08 01:25 - 2010-11-02 00:10 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-12-08 01:25 - 2010-11-01 23:40 - 00496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2012-12-08 01:25 - 2010-11-01 23:40 - 00305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2012-12-08 01:25 - 2010-11-01 23:34 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2012-12-08 01:25 - 2010-11-01 23:34 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2012-12-08 01:25 - 2010-08-26 00:27 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-12-08 01:25 - 2010-08-25 23:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2012-12-08 01:25 - 2010-06-29 00:39 - 02085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-12-08 01:25 - 2010-06-29 00:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2012-12-08 01:25 - 2010-05-05 02:37 - 00483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-12-08 01:25 - 2010-05-05 01:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2012-12-08 01:24 - 2012-12-08 01:24 - 00958880 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\rkill64.exe
2012-12-08 01:24 - 2012-08-30 13:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-12-08 01:24 - 2012-08-30 12:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-12-08 01:24 - 2012-08-30 12:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-12-08 01:24 - 2012-08-18 10:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-08 01:24 - 2012-08-18 10:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-08 01:24 - 2012-08-18 10:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-08 01:24 - 2012-08-18 10:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-08 01:24 - 2012-08-18 10:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-08 01:24 - 2012-08-18 10:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-08 01:24 - 2012-08-18 10:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-08 01:24 - 2012-08-18 10:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-08 01:24 - 2012-08-18 10:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-08 01:24 - 2012-08-18 06:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-08 01:24 - 2012-08-18 06:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-08 01:24 - 2012-08-18 06:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-08 01:24 - 2012-08-18 06:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 06:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 04:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-08 01:24 - 2012-08-18 04:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-08 01:24 - 2012-08-18 04:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 04:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 04:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-08 01:24 - 2012-08-18 04:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-08 01:24 - 2012-08-02 12:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-12-08 01:24 - 2012-08-02 12:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-12-08 01:24 - 2012-06-09 00:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-12-08 01:24 - 2012-06-08 23:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-12-08 01:24 - 2012-06-06 00:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-12-08 01:24 - 2012-06-02 00:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-12-08 01:24 - 2012-06-02 00:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-12-08 01:24 - 2012-06-02 00:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-12-08 01:24 - 2012-06-02 00:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-08 01:24 - 2012-06-02 00:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-12-08 01:24 - 2012-06-01 23:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-12-08 01:24 - 2012-06-01 23:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-12-08 01:24 - 2012-06-01 23:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-12-08 01:24 - 2012-06-01 23:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-12-08 01:24 - 2012-05-02 00:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-12-08 01:24 - 2012-04-26 00:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-12-08 01:24 - 2012-04-26 00:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-12-08 01:24 - 2012-04-26 00:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-12-08 01:24 - 2012-01-03 01:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-12-08 01:24 - 2012-01-03 00:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-12-08 01:24 - 2011-11-17 02:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-12-08 01:24 - 2011-11-17 02:11 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-12-08 01:24 - 2011-11-17 02:11 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-12-08 01:24 - 2011-11-17 02:08 - 01446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-12-08 01:24 - 2011-11-17 02:05 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-12-08 01:24 - 2011-10-26 00:19 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-12-08 01:24 - 2011-04-22 15:18 - 00027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-12-08 01:24 - 2011-03-12 07:03 - 00662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-12-08 01:24 - 2011-03-12 06:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-12-08 01:24 - 2011-03-11 01:19 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-12-08 01:24 - 2011-03-11 01:19 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-12-08 01:24 - 2011-03-11 00:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-12-08 01:24 - 2011-03-11 00:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-12-08 01:24 - 2011-02-24 01:30 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-12-08 01:24 - 2011-02-24 00:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-12-08 01:24 - 2011-02-19 01:36 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-08 01:24 - 2011-02-19 00:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-08 01:24 - 2011-02-18 23:13 - 00367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-08 01:24 - 2011-02-18 22:37 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-08 01:24 - 2010-12-21 01:16 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-12-08 01:24 - 2010-12-21 01:16 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-12-08 01:24 - 2010-12-21 01:16 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2012-12-08 01:24 - 2010-12-21 01:16 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-12-08 01:24 - 2010-12-21 01:15 - 00264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-12-08 01:24 - 2010-12-21 01:15 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2012-12-08 01:24 - 2010-12-21 01:10 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-12-08 01:24 - 2010-12-21 00:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2012-12-08 01:24 - 2010-12-21 00:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2012-12-08 01:24 - 2010-12-21 00:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2012-12-08 01:24 - 2010-12-21 00:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2012-12-08 01:24 - 2010-12-21 00:38 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2012-12-08 01:24 - 2010-12-21 00:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2012-12-08 01:24 - 2010-08-21 01:31 - 00633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-12-08 01:24 - 2010-08-21 00:33 - 00530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2012-12-08 01:24 - 2010-07-29 01:30 - 00082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2012-12-08 01:24 - 2010-06-19 01:53 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-12-08 01:24 - 2010-06-19 01:23 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2012-12-08 01:24 - 2009-09-26 01:20 - 00223448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2012-12-08 01:23 - 2012-09-14 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-08 01:23 - 2012-09-14 13:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-08 01:23 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-12-08 01:23 - 2012-08-24 12:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-12-08 01:23 - 2012-08-10 19:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-12-08 01:23 - 2012-08-10 18:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-12-08 01:23 - 2012-04-27 22:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-12-08 01:23 - 2012-04-07 07:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-12-08 01:23 - 2012-04-07 06:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-12-08 01:23 - 2012-03-17 02:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-12-08 01:23 - 2011-12-27 22:59 - 00499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-12-08 01:23 - 2011-08-17 00:32 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-12-08 01:23 - 2011-08-17 00:27 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-12-08 01:23 - 2011-08-17 00:27 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-12-08 01:23 - 2011-08-17 00:27 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-12-08 01:23 - 2011-08-17 00:27 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-12-08 01:23 - 2011-08-16 23:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-12-08 01:23 - 2011-08-16 23:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2012-12-08 01:23 - 2011-08-16 23:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-12-08 01:23 - 2011-08-16 23:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2012-12-08 01:23 - 2011-08-16 23:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2012-12-08 01:23 - 2011-04-28 22:13 - 00461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-12-08 01:23 - 2011-04-28 22:12 - 00399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-12-08 01:23 - 2011-04-28 22:12 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-12-08 01:23 - 2011-03-03 01:17 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-12-08 01:23 - 2011-03-03 01:17 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-12-08 01:23 - 2011-03-03 01:14 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-12-08 01:23 - 2011-03-03 00:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-12-08 01:23 - 2011-03-03 00:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-12-08 01:22 - 2012-09-25 17:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-12-08 01:22 - 2012-09-25 16:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-12-08 01:22 - 2012-07-04 17:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-12-08 01:22 - 2012-07-04 17:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-12-08 01:22 - 2012-07-04 17:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-12-08 01:22 - 2012-07-04 16:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-12-08 01:22 - 2012-07-04 16:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-12-08 01:22 - 2012-06-16 00:25 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-08 01:22 - 2012-06-16 00:25 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-08 01:22 - 2012-06-15 23:37 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-08 01:22 - 2012-06-15 23:36 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-08 01:22 - 2012-06-02 00:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-12-08 01:22 - 2012-06-02 00:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-12-08 01:22 - 2012-06-02 00:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-12-08 01:22 - 2012-06-01 23:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-12-08 01:22 - 2012-06-01 23:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-12-08 01:22 - 2012-06-01 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-12-08 01:22 - 2012-05-14 00:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-12-08 01:22 - 2012-05-05 03:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-12-08 01:22 - 2012-05-05 02:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-12-08 01:22 - 2012-03-30 06:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-12-08 01:22 - 2012-02-11 01:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-12-08 01:22 - 2012-02-11 01:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-12-08 01:22 - 2012-02-11 01:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-12-08 01:22 - 2012-02-11 00:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-12-08 01:22 - 2011-12-16 03:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-12-08 01:22 - 2011-12-16 02:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-12-08 01:22 - 2011-11-19 10:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-12-08 01:22 - 2011-11-19 09:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-12-08 01:22 - 2011-11-17 02:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-12-08 01:22 - 2011-11-17 00:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-12-08 01:22 - 2011-10-15 01:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-12-08 01:22 - 2011-10-15 00:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-12-08 01:22 - 2011-08-27 00:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-12-08 01:22 - 2011-08-27 00:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-12-08 01:22 - 2011-08-26 23:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-12-08 01:22 - 2011-08-26 23:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-12-08 01:22 - 2011-05-24 06:21 - 00404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-12-08 01:22 - 2011-05-24 05:34 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-12-08 01:22 - 2011-05-24 05:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-12-08 01:22 - 2011-05-24 05:34 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-12-08 01:22 - 2011-05-24 05:32 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-12-08 01:22 - 2011-05-03 00:21 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-12-08 01:22 - 2011-05-02 23:50 - 00740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-12-08 01:22 - 2011-02-23 00:15 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-12-08 01:22 - 2011-02-18 01:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-12-08 01:22 - 2011-02-18 00:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-12-08 01:22 - 2011-02-05 07:41 - 00640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-12-08 01:22 - 2011-02-05 07:41 - 00556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-12-08 01:22 - 2011-02-05 07:41 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-12-08 01:22 - 2011-02-05 07:41 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-12-08 01:22 - 2011-02-05 07:41 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-12-08 01:22 - 2011-02-05 07:39 - 00603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-12-08 01:22 - 2011-02-05 07:39 - 00518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-12-08 01:22 - 2010-12-18 01:12 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-12-08 01:22 - 2010-12-18 01:08 - 01097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-12-08 01:22 - 2010-12-18 00:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-12-08 01:22 - 2010-12-18 00:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-12-08 01:22 - 2010-10-16 00:23 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-12-08 01:22 - 2010-10-16 00:17 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-12-08 01:22 - 2010-10-15 23:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2012-12-08 01:22 - 2010-08-30 23:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2012-12-08 01:22 - 2010-08-30 23:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2012-12-08 01:22 - 2010-08-27 01:14 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-12-08 01:22 - 2010-08-27 00:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2012-12-08 01:14 - 2012-02-15 01:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-12-08 01:14 - 2012-02-15 00:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-12-08 01:14 - 2012-02-14 23:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-12-08 01:11 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-12-08 01:11 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-12-08 01:11 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-12-08 01:11 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-12-08 01:11 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-12-08 01:11 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-12-08 01:11 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-12-08 01:11 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-12-08 01:11 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-12-08 01:06 - 2012-12-08 01:06 - 00000000 ____D C:\Users\p\Documents\Fax
2012-12-08 00:58 - 2012-12-08 00:58 - 00000000 ____D C:\Users\p\AppData\Local\TOSHIBA_Corporation
2012-12-08 00:05 - 2012-12-08 00:05 - 00856731 ____A C:\Users\p\Desktop\SecurityCheck.exe
2012-12-07 23:58 - 2012-12-07 23:58 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\p\Desktop\iexplorej.exe
2012-12-07 23:08 - 2012-12-07 23:15 - 00000000 ____D C:\Windows\erdnt
2012-12-07 23:07 - 2012-12-08 04:27 - 00002494 ____A C:\Users\p\Desktop\Rkill.txt
2012-12-07 23:07 - 2012-12-08 01:23 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\rkill.exe
2012-12-07 23:07 - 2012-12-07 23:07 - 00000000 ____D C:\Users\p\Desktop\rkill
2012-12-07 23:06 - 2012-12-07 23:06 - 00000000 ____D C:\Users\p\AppData\Roaming\Macromedia
2012-12-07 23:06 - 2012-12-07 23:06 - 00000000 ____D C:\Users\p\AppData\Roaming\Adobe
2012-12-07 23:06 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-12-07 23:01 - 2012-12-07 23:01 - 00000000 ____D C:\Users\p\AppData\Roaming\Toshiba
2012-12-07 22:46 - 2012-12-08 05:16 - 00000000 ____D C:\Users\p\AppData\Local\Apps\2.0
2012-12-07 22:46 - 2012-12-07 22:46 - 00000398 ____A C:\Users\p\Desktop\pc app.appref-ms
2012-12-07 22:46 - 2012-12-07 22:46 - 00000000 ____D C:\Users\p\AppData\Roaming\Intel
2012-12-07 22:46 - 2012-12-07 22:46 - 00000000 ____D C:\Users\p\AppData\Local\Deployment
2012-12-07 22:45 - 2012-12-07 22:45 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-12-07 22:45 - 2012-12-07 22:45 - 00000000 ____D C:\Users\p\AppData\Local\VirtualStore
2012-12-07 22:44 - 2012-12-08 03:00 - 00000000 ____D C:\users\p
2012-12-07 22:44 - 2012-12-07 22:44 - 00000020 ___SH C:\Users\p\ntuser.ini
2012-12-07 22:44 - 2012-12-07 22:44 - 00000000 ____D C:\Users\p\AppData\Roaming\WinBatch
2012-12-07 19:32 - 2012-12-07 19:32 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-12-07 19:32 - 2012-12-07 19:32 - 00000000 ___DC C:\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-12-07 19:31 - 2012-12-07 19:31 - 00000000 ____D C:\Users\Public\Book Place
2012-12-07 19:31 - 2012-12-07 19:31 - 00000000 ____D C:\Users\All Users\Blio
2012-12-07 19:29 - 2012-12-08 00:56 - 00000000 ____D C:\Users\All Users\Norton
2012-12-07 19:28 - 2010-05-08 21:38 - 00482384 ____A (TOSHIBA Corporation) C:\Windows\System32\Drivers\tos_sps64.sys
2012-12-07 19:28 - 2009-03-09 18:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-12-07 19:27 - 2012-12-08 06:25 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WDKMD_01009.Wdf
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_bpusb_01007.Wdf
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2012-12-07 19:26 - 2012-12-07 19:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2012-12-07 19:24 - 2012-12-08 05:19 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-12-07 19:24 - 2012-12-07 19:27 - 00000000 ____D C:\Program Files\Intel
2012-12-07 19:24 - 2012-12-07 19:24 - 00000000 ____D C:\Users\All Users\Intel
2012-12-07 19:24 - 2012-12-07 19:24 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-12-07 19:22 - 2010-03-04 19:44 - 00049664 ____A (COMPAL ELECTRONIC INC.) C:\Windows\System32\HWS_Ctrl.dll
2012-12-07 19:22 - 2010-03-04 19:44 - 00008192 ____A (COMPAL ELECTRONIC INC.) C:\Windows\System32\TSBWLS.dll
2012-12-07 19:20 - 1999-10-12 21:47 - 00024576 ____A (Toshiba) C:\Windows\SysWOW64\TSCI.dll
2012-12-07 19:20 - 1999-10-12 21:45 - 00024576 ____A (Toshiba) C:\Windows\SysWOW64\THCI.dll
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-07 19:18 - 2012-12-07 19:21 - 00000000 ____D C:\Users\All Users\win7_64
2012-12-07 19:18 - 2012-12-07 19:21 - 00000000 ____D C:\Users\All Users\win7_32
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Windows\SysWOW64\Microsoft.VC80.MFC
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Windows\System32\Microsoft.VC80.MFC
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\xp
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\vista64
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\vista32
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\tr
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\sv
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\sk
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\ru
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\pt
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\pl
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\no
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\nl
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\it
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\hu
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\fr
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\fi
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\es
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\el
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\de
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\da
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\cs
2012-12-07 19:16 - 2012-12-07 19:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-12-07 19:16 - 2012-12-07 19:16 - 00000000 ____D C:\Program Files\Synaptics
2012-12-07 19:14 - 2010-05-03 17:44 - 00331880 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-12-07 19:14 - 2010-01-06 03:39 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-12-07 19:14 - 2009-12-03 20:27 - 00074272 ____A C:\Windows\System32\RtNicProp64.dll
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Windows\SysWOW64\SDA
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Program Files\DIFX
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Program Files (x86)\JMicron
2012-12-07 19:12 - 2012-12-07 19:14 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-12-07 19:12 - 2012-12-07 19:12 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-12-07 19:12 - 2012-12-07 19:12 - 00000000 ____D C:\Program Files\Realtek
2012-12-07 19:12 - 2010-03-24 23:00 - 00000048 ____A C:\Windows\System32\Drivers\rtkhdaud.dat
2012-12-07 19:12 - 2010-03-22 14:21 - 02719504 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 02298400 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2012-12-07 19:12 - 2010-03-22 14:21 - 02197264 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01929760 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01660448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01325328 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01247776 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01210912 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01178384 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 01110800 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00612384 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2012-12-07 19:12 - 2010-03-22 14:21 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00504592 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00489744 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00477216 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00474896 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00372936 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00338848 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00332320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00325904 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00315152 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00307920 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00307920 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00268560 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00265488 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00201928 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00168288 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00149536 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00123664 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00123152 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00122128 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00108960 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00099016 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00076488 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2012-12-07 19:12 - 2010-03-22 14:21 - 00069664 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInst64.dll
2012-12-07 19:12 - 2010-03-19 19:19 - 00002204 ____A C:\Windows\System32\Drivers\RtPCEE3.DAT
2012-12-07 19:12 - 2010-03-06 06:01 - 00000852 ____A C:\Windows\System32\Drivers\RTKHDRC.dat
2012-12-07 19:12 - 2010-03-06 06:01 - 00000712 ____A C:\Windows\System32\Drivers\RTEQEX1.dat
2012-12-07 19:12 - 2010-02-18 00:08 - 00000712 ____A C:\Windows\System32\Drivers\RTEQEX0.dat
2012-12-07 19:09 - 2010-01-15 15:22 - 00538136 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2012-12-07 19:08 - 2012-12-08 05:20 - 00015796 ____A C:\Windows\System32\results.xml
2012-12-07 19:07 - 2012-12-08 06:46 - 01865564 ____A C:\Windows\WindowsUpdate.log
2012-12-07 19:07 - 2012-12-07 19:07 - 00000000 ____D C:\Intel
2012-12-07 19:06 - 2009-09-17 15:54 - 00056344 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys

==================== One Month Modified Files and Folders =======

2012-12-08 06:52 - 2012-12-08 06:52 - 00001799 ____A C:\Users\p\Desktop\RKreport[11]_S_12082012_02d0652.txt
2012-12-08 06:52 - 2012-12-08 06:52 - 00001766 ____A C:\Users\p\Desktop\RKreport[12]_D_12082012_02d0652.txt
2012-12-08 06:52 - 2012-12-08 03:14 - 00000000 ____D C:\Users\p\Desktop\RK_Quarantine
2012-12-08 06:51 - 2012-12-08 06:51 - 00019886 ____A C:\ComboFix.txt
2012-12-08 06:51 - 2012-12-08 02:37 - 00000000 ____D C:\Qoobox
2012-12-08 06:51 - 2012-12-07 19:07 - 01865564 ____A C:\Windows\WindowsUpdate.log
2012-12-08 06:50 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-12-08 06:33 - 2012-12-08 06:33 - 00016545 ____A C:\Users\p\Desktop\dds.txt
2012-12-08 06:33 - 2012-12-08 06:33 - 00010728 ____A C:\Users\p\Desktop\attach.txt
2012-12-08 06:32 - 2012-12-08 06:32 - 00688992 ____R (Swearware) C:\Users\p\Desktop\dds.scr
2012-12-08 06:32 - 2009-07-13 23:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-08 06:32 - 2009-07-13 23:45 - 00016080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-08 06:30 - 2009-07-14 00:13 - 00639806 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-08 06:26 - 2010-07-29 20:55 - 00000000 ____D C:\Windows\Panther
2012-12-08 06:25 - 2012-12-08 04:47 - 00000598 ____A C:\Windows\setupact.log
2012-12-08 06:25 - 2012-12-07 19:27 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-12-08 06:25 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-08 06:23 - 2012-12-08 04:52 - 00002720 ____A C:\Windows\PFRO.log
2012-12-08 06:01 - 2012-12-08 06:01 - 00058016 ____A C:\Users\p\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-08 05:28 - 2012-12-08 05:28 - 00000684 ____A C:\Users\p\Desktop\GooredFix.txt
2012-12-08 05:28 - 2012-12-08 05:28 - 00000000 ____D C:\Users\p\Desktop\GooredFix Backups
2012-12-08 05:27 - 2012-12-08 03:00 - 00000464 ____A C:\Users\p\Desktop\defogger_disable.log
2012-12-08 05:26 - 2012-12-08 05:26 - 00071398 ____A (jpshortstuff) C:\Users\p\Downloads\GooredFix.exe
2012-12-08 05:26 - 2012-12-08 05:26 - 00071398 ____A (jpshortstuff) C:\Users\p\Desktop\GooredFix (1).exe
2012-12-08 05:25 - 2012-12-08 05:25 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-08 05:25 - 2012-12-08 05:25 - 00000000 ____D C:\Users\p\AppData\Roaming\Malwarebytes
2012-12-08 05:25 - 2012-12-08 05:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-08 05:24 - 2012-12-08 05:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\p\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-08 05:24 - 2012-12-08 05:24 - 00302592 ____A C:\Users\p\Downloads\elmovf6k.exe
2012-12-08 05:20 - 2012-12-07 19:08 - 00015796 ____A C:\Windows\System32\results.xml
2012-12-08 05:19 - 2012-12-07 19:24 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-12-08 05:19 - 2010-07-29 04:39 - 00000000 ____D C:\Program Files (x86)\Intel
2012-12-08 05:16 - 2012-12-08 05:13 - 87412106 ____A (Intel Corporation) C:\Users\p\Downloads\Win7Vista_64_152257.exe
2012-12-08 05:16 - 2012-12-07 22:46 - 00000000 ____D C:\Users\p\AppData\Local\Apps\2.0
2012-12-08 05:11 - 2012-12-08 05:11 - 00895464 ____A (Oracle Corporation) C:\Users\p\Downloads\chromeinstall-7u9.exe
2012-12-08 05:07 - 2012-12-08 05:07 - 06181783 ____A (Intel Corporation) C:\Users\p\Downloads\win2k_xp14103.exe
2012-12-08 04:52 - 2012-12-08 04:52 - 00267240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-08 04:52 - 2010-07-29 04:49 - 00000000 ____D C:\Users\All Users\Partner
2012-12-08 04:52 - 2010-07-29 04:49 - 00000000 ____D C:\Program Files\Google
2012-12-08 04:52 - 2010-07-29 04:49 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-08 04:47 - 2012-12-08 04:47 - 00003452 ____A C:\Windows\DPINST.LOG
2012-12-08 04:47 - 2012-12-08 04:47 - 00000000 ____A C:\Windows\setuperr.log
2012-12-08 04:47 - 2010-07-29 04:49 - 00000000 ____D C:\Users\All Users\Google
2012-12-08 04:41 - 2012-12-08 04:41 - 00065038 ____A C:\Users\p\Documents\cc_20121208_044115.reg
2012-12-08 04:39 - 2012-12-08 04:39 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-08 04:39 - 2012-12-08 04:39 - 00000000 ____D C:\Program Files\CCleaner
2012-12-08 04:38 - 2012-12-08 04:38 - 04167720 ____A (Piriform Ltd) C:\Users\p\Downloads\ccsetup325.exe
2012-12-08 04:38 - 2012-12-08 04:38 - 04167720 ____A (Piriform Ltd) C:\Users\p\Desktop\ccsetup325 (1).exe
2012-12-08 04:35 - 2012-12-08 04:35 - 00000667 ____A C:\Users\p\Desktop\JRT.txt
2012-12-08 04:29 - 2012-12-08 03:15 - 00000000 ____D C:\JRT
2012-12-08 04:28 - 2012-12-08 04:28 - 00001547 ____A C:\Users\p\Desktop\RKreport[10]_S_12082012_02d0428.txt
2012-12-08 04:27 - 2012-12-07 23:07 - 00002494 ____A C:\Users\p\Desktop\Rkill.txt
2012-12-08 04:24 - 2012-12-08 03:52 - 00000000 ____D C:\Program Files (x86)\trend micro
2012-12-08 04:17 - 2012-12-08 04:10 - 00000000 ____D C:\Users\p\Desktop\mbar
2012-12-08 04:14 - 2012-12-08 04:14 - 00002147 ____A C:\Users\p\Desktop\aswMBR.txt
2012-12-08 04:14 - 2012-12-08 04:14 - 00000512 ____A C:\Users\p\Desktop\MBR.dat
2012-12-08 04:11 - 2012-12-08 04:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-08 04:09 - 2012-12-08 04:09 - 13485902 ____A C:\Users\p\Desktop\mbar-1.01.0.1011.zip
2012-12-08 04:09 - 2012-12-08 04:08 - 13485902 ____A C:\Users\p\Downloads\mbar-1.01.0.1011.zip
2012-12-08 04:05 - 2012-12-08 04:05 - 00001481 ____A C:\Users\p\Desktop\RKreport[5]_D_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00001399 ____A C:\Users\p\Desktop\RKreport[9]_SC_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000903 ____A C:\Users\p\Desktop\RKreport[6]_H_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000870 ____A C:\Users\p\Desktop\RKreport[8]_DN_12082012_02d0405.txt
2012-12-08 04:05 - 2012-12-08 04:05 - 00000834 ____A C:\Users\p\Desktop\RKreport[7]_PR_12082012_02d0405.txt
2012-12-08 04:04 - 2012-12-08 04:04 - 00001438 ____A C:\Users\p\Desktop\RKreport[4]_S_12082012_02d0404.txt
2012-12-08 04:03 - 2012-12-08 03:25 - 00002272 ____A C:\Users\p\Desktop\FSS.txt
2012-12-08 03:53 - 2012-12-08 03:01 - 00001462 ____A C:\Users\p\Desktop\FixExec.txt
2012-12-08 03:52 - 2012-12-08 03:52 - 00000000 ____D C:\rsit
2012-12-08 03:46 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-12-08 03:42 - 2012-12-08 03:42 - 00781383 ____A C:\Users\p\Desktop\RSIT.exe
2012-12-08 03:42 - 2012-12-08 03:42 - 00021699 ____A C:\Users\p\Desktop\stinger.aspx
2012-12-08 03:38 - 2012-12-08 03:38 - 32690664 ____A (Oracle Corporation) C:\Users\p\Downloads\jre-7u6-windows-x64.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-12-08 03:38 - 2012-12-08 03:38 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-08 03:38 - 2012-12-08 03:38 - 00000000 ____D C:\Program Files\Java
2012-12-08 03:37 - 2012-12-08 03:37 - 00856731 ____A C:\Users\p\Downloads\SecurityCheck.exe
2012-12-08 03:31 - 2012-12-08 03:31 - 00000000 ____D C:\Users\p\AppData\Roaming\QuickScan
2012-12-08 03:30 - 2012-12-08 03:30 - 00791393 ____A (Lars Hederer ) C:\Users\p\Downloads\erunt-setup.exe
2012-12-08 03:24 - 2012-12-08 03:23 - 00034247 ____A C:\Users\p\Desktop\FRST.txt
2012-12-08 03:23 - 2012-12-08 03:23 - 00000000 ____D C:\FRST
2012-12-08 03:16 - 2012-12-08 03:16 - 00000000 ____D C:\Windows\ERUNT
2012-12-08 03:15 - 2012-12-08 03:15 - 00001311 ____A C:\Users\p\Desktop\RKreport[2]_D_12082012_02d0315.txt
2012-12-08 03:15 - 2012-12-08 03:15 - 00001283 ____A C:\Users\p\Desktop\RKreport[3]_D_12082012_02d0315.txt
2012-12-08 03:14 - 2012-12-08 03:14 - 00446725 ____A (Oleg N. Scherbakov) C:\Users\p\Downloads\JRT.exe
2012-12-08 03:14 - 2012-12-08 03:14 - 00446725 ____A (Oleg N. Scherbakov) C:\Users\p\Desktop\JRT.exe
2012-12-08 03:14 - 2012-12-08 03:14 - 00001345 ____A C:\Users\p\Desktop\RKreport[1]_S_12082012_02d0314.txt
2012-12-08 03:14 - 2012-12-08 03:13 - 00753152 ____A C:\Users\p\Downloads\RogueKiller.exe
2012-12-08 03:14 - 2012-12-08 03:13 - 00753152 ____A C:\Users\p\Desktop\RogueKiller.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 01461029 ____A (Farbar) C:\Users\p\Downloads\FRST64.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 01461029 ____A (Farbar) C:\FRST64.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 00696379 ____A (Farbar) C:\Users\p\Downloads\FSS.exe
2012-12-08 03:12 - 2012-12-08 03:12 - 00696379 ____A (Farbar) C:\Users\p\Desktop\FSS.exe
2012-12-08 03:01 - 2012-12-08 03:01 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\p\Downloads\FixExec.exe
2012-12-08 03:01 - 2012-12-08 03:01 - 00883616 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\FixExec.exe
2012-12-08 03:00 - 2012-12-08 03:00 - 00050477 ____A C:\Users\p\Downloads\Defogger.exe
2012-12-08 03:00 - 2012-12-08 03:00 - 00050477 ____A C:\Users\p\Desktop\Defogger.exe
2012-12-08 03:00 - 2012-12-08 03:00 - 00000236 ____A C:\Users\p\Desktop\defogger_enable.log
2012-12-08 03:00 - 2012-12-08 03:00 - 00000000 ____A C:\Users\p\defogger_reenable
2012-12-08 03:00 - 2012-12-07 22:44 - 00000000 ____D C:\users\p
2012-12-08 02:44 - 2012-12-08 02:44 - 04732416 ____A (AVAST Software) C:\Users\p\Downloads\aswMBR.exe
2012-12-08 02:44 - 2012-12-08 02:44 - 04732416 ____A (AVAST Software) C:\Users\p\Desktop\aswMBR.exe
2012-12-08 02:37 - 2012-12-08 02:37 - 05010414 ____R (Swearware) C:\Users\p\Desktop\ComboFix.exe
2012-12-08 02:37 - 2012-12-08 02:37 - 00001396 ____A C:\Users\p\Desktop\ComboFix - Shortcut.lnk
2012-12-08 02:36 - 2012-12-08 02:36 - 05010414 ____A (Swearware) C:\Users\p\Downloads\ComboFix.exe
2012-12-08 02:36 - 2012-12-08 02:36 - 00000000 ____D C:\Users\p\AppData\Local\Google
2012-12-08 02:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-12-08 02:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-12-08 02:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-12-08 02:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-08 02:12 - 2012-12-08 02:12 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-08 02:11 - 2012-12-08 02:11 - 00895464 ____A (Oracle Corporation) C:\Users\p\Desktop\JavaSetup7u9.exe
2012-12-08 02:09 - 2012-12-08 02:09 - 00887296 ____A (Tigzy) C:\Users\p\Desktop\WhyIGotInfected.exe
2012-12-08 01:56 - 2012-12-08 01:56 - 00000000 ____D C:\Users\p\Desktop\Autoruns
2012-12-08 01:55 - 2012-12-08 01:55 - 00540921 ____A C:\Users\p\Desktop\Autoruns.zip
2012-12-08 01:47 - 2012-12-08 01:46 - 00028356 ____A C:\Users\p\Desktop\Result.txt
2012-12-08 01:24 - 2012-12-08 01:24 - 00958880 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\rkill64.exe
2012-12-08 01:23 - 2012-12-07 23:07 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\p\Desktop\rkill.exe
2012-12-08 01:06 - 2012-12-08 01:06 - 00000000 ____D C:\Users\p\Documents\Fax
2012-12-08 00:58 - 2012-12-08 00:58 - 00000000 ____D C:\Users\p\AppData\Local\TOSHIBA_Corporation
2012-12-08 00:56 - 2012-12-07 19:29 - 00000000 ____D C:\Users\All Users\Norton
2012-12-08 00:05 - 2012-12-08 00:05 - 00856731 ____A C:\Users\p\Desktop\SecurityCheck.exe
2012-12-07 23:58 - 2012-12-07 23:58 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\p\Desktop\iexplorej.exe
2012-12-07 23:16 - 2009-07-13 22:20 - 00000000 ___RD C:\users\Default
2012-12-07 23:15 - 2012-12-07 23:08 - 00000000 ____D C:\Windows\erdnt
2012-12-07 23:07 - 2012-12-07 23:07 - 00000000 ____D C:\Users\p\Desktop\rkill
2012-12-07 23:06 - 2012-12-07 23:06 - 00000000 ____D C:\Users\p\AppData\Roaming\Macromedia
2012-12-07 23:06 - 2012-12-07 23:06 - 00000000 ____D C:\Users\p\AppData\Roaming\Adobe
2012-12-07 23:01 - 2012-12-07 23:01 - 00000000 ____D C:\Users\p\AppData\Roaming\Toshiba
2012-12-07 22:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-07 22:46 - 2012-12-07 22:46 - 00000398 ____A C:\Users\p\Desktop\pc app.appref-ms
2012-12-07 22:46 - 2012-12-07 22:46 - 00000000 ____D C:\Users\p\AppData\Roaming\Intel
2012-12-07 22:46 - 2012-12-07 22:46 - 00000000 ____D C:\Users\p\AppData\Local\Deployment
2012-12-07 22:45 - 2012-12-07 22:45 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-12-07 22:45 - 2012-12-07 22:45 - 00000000 ____D C:\Users\p\AppData\Local\VirtualStore
2012-12-07 22:45 - 2010-07-29 04:42 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2012-12-07 22:45 - 2010-07-29 04:42 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-12-07 22:45 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2012-12-07 22:45 - 2009-07-13 22:20 - 00000000 ___AD C:\Windows\System32\sysprep
2012-12-07 22:44 - 2012-12-07 22:44 - 00000020 ___SH C:\Users\p\ntuser.ini
2012-12-07 22:44 - 2012-12-07 22:44 - 00000000 ____D C:\Users\p\AppData\Roaming\WinBatch
2012-12-07 22:44 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2012-12-07 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-12-07 20:02 - 2009-07-14 00:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-12-07 20:02 - 2009-07-14 00:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-12-07 19:33 - 2010-07-29 04:42 - 00000000 ____D C:\Program Files\TOSHIBA
2012-12-07 19:32 - 2012-12-07 19:32 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-12-07 19:32 - 2012-12-07 19:32 - 00000000 ___DC C:\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-12-07 19:31 - 2012-12-07 19:31 - 00000000 ____D C:\Users\Public\Book Place
2012-12-07 19:31 - 2012-12-07 19:31 - 00000000 ____D C:\Users\All Users\Blio
2012-12-07 19:29 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-07 19:28 - 2010-07-29 04:49 - 00000000 ____D C:\Users\All Users\Toshiba
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WDKMD_01009.Wdf
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_bpusb_01007.Wdf
2012-12-07 19:27 - 2012-12-07 19:27 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2012-12-07 19:27 - 2012-12-07 19:24 - 00000000 ____D C:\Program Files\Intel
2012-12-07 19:26 - 2012-12-07 19:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2012-12-07 19:24 - 2012-12-07 19:24 - 00000000 ____D C:\Users\All Users\Intel
2012-12-07 19:24 - 2012-12-07 19:24 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-12-07 19:23 - 2010-07-29 04:42 - 00000000 ____D C:\Windows\Downloaded Installations
2012-12-07 19:21 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\win7_64
2012-12-07 19:21 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\win7_32
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-07 19:19 - 2012-12-07 19:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Windows\SysWOW64\Microsoft.VC80.MFC
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Windows\System32\Microsoft.VC80.MFC
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\xp
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\vista64
2012-12-07 19:18 - 2012-12-07 19:18 - 00000000 ____D C:\Users\All Users\vista32
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\tr
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\sv
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\sk
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\ru
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\pt
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\pl
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\no
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\nl
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\it
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\hu
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\fr
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\fi
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\es
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\el
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\de
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\da
2012-12-07 19:17 - 2012-12-07 19:17 - 00000000 ____D C:\Windows\System32\cs
2012-12-07 19:16 - 2012-12-07 19:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-12-07 19:16 - 2012-12-07 19:16 - 00000000 ____D C:\Program Files\Synaptics
2012-12-07 19:14 - 2012-12-07 19:12 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Windows\SysWOW64\SDA
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Program Files\DIFX
2012-12-07 19:13 - 2012-12-07 19:13 - 00000000 ____D C:\Program Files (x86)\JMicron
2012-12-07 19:12 - 2012-12-07 19:12 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-12-07 19:12 - 2012-12-07 19:12 - 00000000 ____D C:\Program Files\Realtek
2012-12-07 19:07 - 2012-12-07 19:07 - 00000000 ____D C:\Intel

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-12-08 01:28:46
Restore point made on: 2012-12-08 01:39:29
Restore point made on: 2012-12-08 02:13:03
Restore point made on: 2012-12-08 03:00:22
Restore point made on: 2012-12-08 03:38:26
Restore point made on: 2012-12-08 05:01:02
Restore point made on: 2012-12-08 05:01:49
Restore point made on: 2012-12-08 05:02:43
Restore point made on: 2012-12-08 05:03:25
Restore point made on: 2012-12-08 05:31:05

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3890.67 MB
Available physical RAM: 2019.04 MB
Total Pagefile: 7779.49 MB
Available Pagefile: 5655.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (TI105957W0C) (Fixed) (Total:453.15 GB) (Free:424.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 11 GB 454 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105957W0C NTFS Partition 453 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Last Boot: 2010-07-29 04:14

==================== End Of Log =============================

Edited by mcwaffle, 08 December 2012 - 06:08 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 13 December 2012 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/477780 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 18 December 2012 - 06:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users