Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PhysicalDrive0_User.dat Found in RK quarantine


  • This topic is locked This topic is locked
21 replies to this topic

#1 kuniva

kuniva

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 November 2013 - 09:57 AM

Hi, PhysicalDrive0_User was found and after a search online it seems it could be a rootkit issue, I was wondering how to get rid of it if I do infact have an infection.

Regards



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 26 November 2013 - 10:33 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Which windows version is running?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 November 2013 - 10:48 AM

Hi, thanks for your reply. I have read your instructions and I understand. I am running Windows 7 Pro OA in 64 bit.

 

Regards



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 26 November 2013 - 11:14 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 November 2013 - 11:46 AM

Hi TB-Psychotic, here is the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by SYSTEM on MININT-UEAAM2S on 26-11-2013 16:41:48
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe [1612504 2013-11-11] (COMODO)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ComodoFSChrome] - "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe [515240 2013-10-21] (AdTrustMedia)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-11-14] (Comodo Security Solutions, Inc.)
 
==================== Services (Whitelisted) =================
 
S2 ADDON11nCU; C:\Program Files (x86)\ADDON\NWU281 USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-31] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-11-14] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-11-14] (Comodo Security Solutions, Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1037312 2007-04-20] (Atheros Communications, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-10-31] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-31] (Avira Operations GmbH & Co. KG)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-06] (Windows ® Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2010-01-28] (Huawei Technologies Co., Ltd.)
S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-06] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-28] (Huawei Technologies Co., Ltd.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1045608 2011-07-12] (Realtek Semiconductor Corporation                           )
S3 MFE_RR; \??\C:\Users\gary\AppData\Local\Temp\mfe_rr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-26 08:22 - 2013-11-26 08:22 - 01091605 _____ (Farbar) C:\Users\gary\Downloads\FRST.exe
2013-11-26 08:21 - 2013-11-26 08:21 - 00000000 ____D C:\Users\gary\Desktop\New folder
2013-11-26 08:20 - 2013-11-26 08:20 - 00000000 ____D C:\FRST
2013-11-26 08:19 - 2013-11-26 08:19 - 01958474 _____ (Farbar) C:\Users\gary\Downloads\FRST64.exe
2013-11-26 08:08 - 2013-11-26 08:08 - 00001332 _____ C:\Users\gary\Documents\aswMBR.txt
2013-11-26 08:08 - 2013-11-26 08:08 - 00000512 _____ C:\Users\gary\Documents\MBR.dat
2013-11-26 08:06 - 2013-11-26 08:06 - 00001568 _____ C:\Users\gary\Desktop\RKreport[0]_D_11262013_160649.txt
2013-11-26 08:05 - 2013-11-26 08:05 - 00001519 _____ C:\Users\gary\Desktop\RKreport[0]_S_11262013_160546.txt
2013-11-26 07:35 - 2013-11-26 07:35 - 04745728 _____ (AVAST Software) C:\Users\gary\Downloads\aswmbr.exe
2013-11-26 07:24 - 2013-11-26 07:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\Users\gary\AppData\Roaming\Malwarebytes
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 07:24 - 2013-04-04 06:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-26 06:31 - 2013-11-26 06:31 - 00000000 ____D C:\Users\gary\AppData\Roaming\ParetoLogic
2013-11-26 06:31 - 2013-11-26 06:31 - 00000000 ____D C:\Users\gary\AppData\Roaming\DriverCure
2013-11-26 06:30 - 2013-11-26 06:32 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-11-26 06:08 - 2013-11-26 06:08 - 00000000 ____D C:\Users\gary\AppData\Roaming\Comodo
2013-11-26 05:51 - 2013-11-26 05:51 - 00000000 ____D C:\Users\gary\AppData\Roaming\Avira
2013-11-26 05:48 - 2013-11-26 08:06 - 00000000 ____D C:\Users\gary\Desktop\RK_Quarantine
2013-11-26 05:47 - 2013-11-26 05:47 - 03687936 _____ C:\Users\gary\Desktop\RogueKiller.exe
2013-11-26 05:43 - 2013-11-26 05:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\gary\Desktop\tdsskiller.exe
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-26 05:36 - 2013-11-26 05:36 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 00001899 _____ C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00000000 ____D C:\first_launch
2013-11-26 05:35 - 2013-11-26 06:08 - 00000000 ____D C:\ProgramData\COMODO
2013-11-26 05:35 - 2013-11-26 05:57 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-11-26 05:35 - 2013-11-26 05:36 - 00057096 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-11-26 05:35 - 2013-11-26 05:36 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-11-26 05:35 - 2013-11-26 05:36 - 00000000 ___SD C:\ProgramData\Shared Space
2013-11-26 05:35 - 2013-11-26 05:35 - 00001116 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Users\gary\AppData\Local\Comodo
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\ProgramData\APN
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\ProgramData\Adtrustmedia
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files\COMODO
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files (x86)\AdTrustMedia
2013-11-26 05:34 - 2013-11-26 05:36 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-11-26 05:34 - 2013-11-26 05:34 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\ProgramData\Avira
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-26 05:34 - 2013-10-31 11:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-11-26 05:34 - 2013-10-31 11:25 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-11-26 05:34 - 2013-10-31 11:25 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-11-26 05:34 - 2013-10-31 11:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-11-26 05:28 - 2013-11-26 08:27 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 05:28 - 2013-11-26 07:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 05:28 - 2013-11-26 05:34 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 05:28 - 2013-11-26 05:34 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Users\gary\AppData\Local\Google
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Users\gary\AppData\Local\Apps\2.0
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-26 05:27 - 2013-11-26 05:28 - 00000000 ____D C:\Users\gary\AppData\Local\Deployment
2013-11-26 05:19 - 2013-11-26 05:19 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-26 05:15 - 2011-07-12 17:29 - 01045608 _____ (Realtek Semiconductor Corporation                           ) C:\Windows\System32\Drivers\rtwlanu.sys
2013-11-26 05:15 - 2011-07-06 15:31 - 00595968 _____ (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
2013-11-26 05:14 - 2013-11-26 05:14 - 00000000 ____D C:\Program Files (x86)\ADDON
2013-11-26 05:14 - 2011-07-06 15:31 - 00595968 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2013-11-26 05:14 - 2010-12-01 01:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2013-11-26 05:14 - 2009-04-02 02:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\RTLExtUI.dll
2013-11-26 05:14 - 2009-03-31 06:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2013-11-26 05:14 - 2009-01-05 12:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
2013-11-26 00:25 - 2013-11-25 16:29 - 00000000 ____D C:\Windows\Panther
2013-11-26 00:24 - 2013-11-26 00:24 - 00000000 ____D C:\Hotfix
2013-11-26 00:24 - 2011-02-15 18:16 - 00000029 ___RH C:\Windows\version
2013-11-26 00:24 - 2011-02-15 18:16 - 00000013 ____R C:\Windows\csup.txt
2013-11-25 17:54 - 2013-11-26 06:14 - 00000000 ____D C:\ProgramData\Birdstep Technology
2013-11-25 17:54 - 2013-11-26 06:13 - 00014091 _____ C:\Windows\TdiInstall.log
2013-11-25 17:54 - 2013-11-25 17:54 - 00071259 _____ C:\Windows\Huawei ModemsUninstall.exe
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Users\gary\AppData\Roaming\Macromedia
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Users\gary\AppData\Roaming\Adobe
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Program Files (x86)\Huawei Modems
2013-11-25 17:54 - 2010-01-28 04:34 - 00243200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
2013-11-25 17:54 - 2010-01-28 04:34 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2013-11-25 17:54 - 2010-01-28 04:34 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbdev.sys
2013-11-25 17:54 - 2010-01-28 04:34 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2013-11-25 17:31 - 2013-11-25 17:31 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-25 17:24 - 2013-11-25 17:24 - 00000000 ____D C:\ProgramData\Intel
2013-11-25 17:24 - 2013-11-25 17:24 - 00000000 ____D C:\Program Files\Intel
2013-11-25 17:24 - 2012-06-25 02:42 - 00015168 _____ (Intel Corporation) C:\Windows\System32\Drivers\IntelMEFWVer.dll
2013-11-25 17:23 - 2013-11-26 06:13 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-11-25 17:23 - 2013-11-25 17:24 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-25 17:23 - 2013-11-25 17:23 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-25 17:23 - 2013-11-25 17:23 - 00000000 ____D C:\Users\gary\AppData\Roaming\InstallShield
2013-11-25 17:23 - 2013-11-25 17:23 - 00000000 ____D C:\Intel
2013-11-25 17:23 - 2012-07-02 07:16 - 00062784 _____ (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-11-25 17:11 - 2013-11-25 17:11 - 00057560 _____ C:\Users\gary\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\Users\gary\AppData\Roaming\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\Users\gary\AppData\Local\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\ProgramData\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\ProgramData\AMD
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-11-25 17:08 - 2013-11-25 17:08 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-11-25 17:07 - 2013-11-25 17:08 - 00000000 ____D C:\Program Files\ATI Technologies
2013-11-25 17:07 - 2013-11-25 17:07 - 00000000 ____D C:\Program Files\ATI
2013-11-25 17:07 - 2013-11-25 17:07 - 00000000 ____D C:\AMD
2013-11-25 17:05 - 2010-06-01 20:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-25 17:05 - 2010-06-01 20:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-11-25 17:05 - 2010-06-01 20:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-25 17:05 - 2010-06-01 20:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-11-25 17:05 - 2010-06-01 20:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-11-25 17:05 - 2010-06-01 20:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-11-25 17:05 - 2010-05-26 03:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-11-25 17:05 - 2010-02-04 02:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-25 17:05 - 2009-09-04 09:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-11-25 17:05 - 2009-09-04 09:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-25 17:05 - 2009-09-04 09:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-25 17:05 - 2009-09-04 09:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-11-25 17:05 - 2009-09-04 09:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2013-11-25 17:05 - 2009-03-09 07:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-11-25 17:04 - 2013-11-25 17:04 - 00000000 _____ C:\Users\gary\Documents\Default.rdp
2013-11-25 17:04 - 2009-09-04 09:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-11-25 17:04 - 2009-09-04 09:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2013-11-25 17:04 - 2009-03-16 06:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-11-25 17:04 - 2008-10-27 02:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2013-11-25 17:04 - 2008-10-09 20:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-25 17:04 - 2008-07-31 02:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-25 17:04 - 2008-07-31 02:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2013-11-25 17:04 - 2008-07-31 02:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-11-25 17:04 - 2008-07-31 02:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-25 17:04 - 2008-07-31 02:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-11-25 17:04 - 2008-07-31 02:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-25 17:04 - 2008-07-10 03:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-25 17:04 - 2008-07-10 03:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-11-25 17:04 - 2008-07-10 03:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-25 17:04 - 2008-07-10 03:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-11-25 17:04 - 2008-07-10 03:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-25 17:04 - 2008-07-10 03:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-11-25 17:04 - 2008-05-30 06:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2013-11-25 17:04 - 2008-05-30 06:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-25 17:04 - 2008-05-30 06:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-25 17:04 - 2008-05-30 06:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2013-11-25 17:04 - 2008-05-30 06:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2013-11-25 17:04 - 2008-05-30 06:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-25 17:04 - 2008-05-30 06:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-25 17:04 - 2008-05-30 06:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2013-11-25 17:04 - 2008-05-30 06:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-25 17:04 - 2008-03-05 08:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2013-11-25 17:04 - 2008-03-05 08:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-25 17:04 - 2008-03-05 08:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-25 17:04 - 2008-03-05 08:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2013-11-25 17:04 - 2008-03-05 08:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2013-11-25 17:04 - 2008-03-05 08:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-25 17:04 - 2008-03-05 07:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2013-11-25 17:04 - 2008-03-05 07:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-25 17:04 - 2008-03-05 07:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2013-11-25 17:04 - 2008-03-05 07:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-25 17:04 - 2008-02-05 15:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2013-11-25 17:04 - 2008-02-05 15:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-25 17:04 - 2007-10-21 19:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2013-11-25 17:04 - 2007-10-21 19:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-25 17:04 - 2007-10-21 19:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2013-11-25 17:04 - 2007-10-21 19:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-25 17:04 - 2007-10-12 07:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2013-11-25 17:04 - 2007-10-12 07:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-25 17:04 - 2007-10-12 07:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2013-11-25 17:04 - 2007-10-12 07:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-25 17:04 - 2007-10-02 01:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2013-11-25 17:04 - 2007-10-02 01:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-25 17:04 - 2007-07-19 16:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2013-11-25 17:04 - 2007-07-19 16:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2013-11-25 17:04 - 2007-07-19 10:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-25 17:04 - 2007-06-20 12:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2013-11-25 17:04 - 2007-06-20 12:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2013-11-25 17:04 - 2007-05-16 08:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-25 17:04 - 2007-04-04 10:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-11-25 17:04 - 2007-04-04 10:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-25 17:04 - 2007-04-04 10:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-11-25 17:04 - 2007-04-04 10:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-11-25 17:04 - 2007-03-15 08:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-11-25 17:04 - 2007-03-15 08:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-25 17:04 - 2007-03-12 08:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-11-25 17:04 - 2007-03-12 08:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-25 17:04 - 2007-03-12 08:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-11-25 17:04 - 2007-03-12 08:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-25 17:04 - 2007-03-05 04:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-11-25 17:04 - 2007-03-05 04:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-25 17:04 - 2007-01-24 07:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2013-11-25 17:04 - 2007-01-24 07:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-25 17:04 - 2006-12-08 04:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-25 17:04 - 2006-12-08 04:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2013-11-25 17:04 - 2006-11-29 05:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-11-25 17:04 - 2006-11-29 05:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-25 17:04 - 2006-11-29 05:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2013-11-25 17:04 - 2006-11-29 05:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-25 17:04 - 2006-09-28 08:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2013-11-25 17:04 - 2006-09-28 08:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-11-25 17:04 - 2006-09-28 08:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-25 17:04 - 2006-09-28 08:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2013-11-25 17:04 - 2006-07-28 01:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2013-11-25 17:04 - 2006-07-28 01:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2013-11-25 17:04 - 2006-07-28 01:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-25 17:04 - 2006-07-28 01:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-25 17:04 - 2006-05-30 23:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-25 17:04 - 2006-05-30 23:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2013-11-25 17:04 - 2006-03-31 04:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2013-11-25 17:04 - 2006-03-31 04:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-25 17:04 - 2006-03-31 04:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2013-11-25 17:04 - 2006-03-31 04:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-25 17:04 - 2006-03-31 04:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2013-11-25 17:04 - 2006-03-31 04:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-25 17:04 - 2006-02-03 00:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2013-11-25 17:04 - 2006-02-03 00:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-25 17:04 - 2006-02-03 00:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2013-11-25 17:04 - 2006-02-03 00:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-25 17:04 - 2006-02-03 00:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2013-11-25 17:04 - 2006-02-03 00:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-25 17:04 - 2005-12-05 10:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2013-11-25 17:04 - 2005-12-05 10:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-25 17:04 - 2005-07-22 11:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2013-11-25 17:04 - 2005-07-22 11:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-25 17:04 - 2005-05-26 07:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2013-11-25 17:04 - 2005-05-26 07:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-25 17:04 - 2005-03-18 09:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2013-11-25 17:04 - 2005-03-18 09:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-25 17:03 - 2013-11-25 17:04 - 00009971 _____ C:\Windows\DirectX.log
2013-11-25 17:03 - 2005-02-05 11:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2013-11-25 17:03 - 2005-02-05 11:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-25 17:02 - 2013-11-25 17:41 - 00001203 _____ C:\Users\Public\Desktop\The Secret World.lnk
2013-11-25 17:02 - 2013-11-25 17:05 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-25 17:02 - 2013-11-25 17:03 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Users\gary\AppData\Local\Funcom
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Program Files (x86)\Funcom
2013-11-25 16:53 - 2013-11-26 08:16 - 938883600 _____ C:\Windows\MEMORY.DMP
2013-11-25 16:53 - 2013-11-26 08:16 - 00000000 ____D C:\Windows\Minidump
2013-11-25 16:38 - 2013-11-25 16:38 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-25 16:31 - 2013-11-26 08:31 - 00074084 _____ C:\Windows\WindowsUpdate.log
2013-11-25 16:30 - 2013-11-25 16:30 - 00000000 ____D C:\Users\gary\AppData\Local\VirtualStore
2013-11-25 16:29 - 2013-11-25 16:30 - 00000000 ____D C:\users\gary
2013-11-25 16:29 - 2013-11-25 16:29 - 00000020 ___SH C:\Users\gary\ntuser.ini
2013-11-25 16:29 - 2013-11-25 16:29 - 00000000 __SHD C:\Recovery
2013-11-25 16:27 - 2013-11-25 16:27 - 00001355 _____ C:\Windows\TSSysprep.log
 
==================== One Month Modified Files and Folders =======
 
2013-11-26 08:31 - 2013-11-25 16:31 - 00074084 _____ C:\Windows\WindowsUpdate.log
2013-11-26 08:31 - 2009-07-13 20:45 - 00020656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 08:31 - 2009-07-13 20:45 - 00020656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 08:27 - 2013-11-26 05:28 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 08:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 08:27 - 2009-07-13 20:51 - 00026116 _____ C:\Windows\setupact.log
2013-11-26 08:22 - 2013-11-26 08:22 - 01091605 _____ (Farbar) C:\Users\gary\Downloads\FRST.exe
2013-11-26 08:22 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-26 08:21 - 2013-11-26 08:21 - 00000000 ____D C:\Users\gary\Desktop\New folder
2013-11-26 08:20 - 2013-11-26 08:20 - 00000000 ____D C:\FRST
2013-11-26 08:19 - 2013-11-26 08:19 - 01958474 _____ (Farbar) C:\Users\gary\Downloads\FRST64.exe
2013-11-26 08:16 - 2013-11-25 16:53 - 938883600 _____ C:\Windows\MEMORY.DMP
2013-11-26 08:16 - 2013-11-25 16:53 - 00000000 ____D C:\Windows\Minidump
2013-11-26 08:08 - 2013-11-26 08:08 - 00001332 _____ C:\Users\gary\Documents\aswMBR.txt
2013-11-26 08:08 - 2013-11-26 08:08 - 00000512 _____ C:\Users\gary\Documents\MBR.dat
2013-11-26 08:06 - 2013-11-26 08:06 - 00001568 _____ C:\Users\gary\Desktop\RKreport[0]_D_11262013_160649.txt
2013-11-26 08:06 - 2013-11-26 05:48 - 00000000 ____D C:\Users\gary\Desktop\RK_Quarantine
2013-11-26 08:05 - 2013-11-26 08:05 - 00001519 _____ C:\Users\gary\Desktop\RKreport[0]_S_11262013_160546.txt
2013-11-26 07:39 - 2013-11-26 05:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 07:35 - 2013-11-26 07:35 - 04745728 _____ (AVAST Software) C:\Users\gary\Downloads\aswmbr.exe
2013-11-26 07:24 - 2013-11-26 07:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\Users\gary\AppData\Roaming\Malwarebytes
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 07:24 - 2013-11-26 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 07:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-26 06:48 - 2010-11-20 19:47 - 00009542 _____ C:\Windows\PFRO.log
2013-11-26 06:32 - 2013-11-26 06:30 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-11-26 06:31 - 2013-11-26 06:31 - 00000000 ____D C:\Users\gary\AppData\Roaming\ParetoLogic
2013-11-26 06:31 - 2013-11-26 06:31 - 00000000 ____D C:\Users\gary\AppData\Roaming\DriverCure
2013-11-26 06:14 - 2013-11-25 17:54 - 00000000 ____D C:\ProgramData\Birdstep Technology
2013-11-26 06:13 - 2013-11-25 17:54 - 00014091 _____ C:\Windows\TdiInstall.log
2013-11-26 06:13 - 2013-11-25 17:23 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-11-26 06:08 - 2013-11-26 06:08 - 00000000 ____D C:\Users\gary\AppData\Roaming\Comodo
2013-11-26 06:08 - 2013-11-26 05:35 - 00000000 ____D C:\ProgramData\COMODO
2013-11-26 05:57 - 2013-11-26 05:35 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-11-26 05:51 - 2013-11-26 05:51 - 00000000 ____D C:\Users\gary\AppData\Roaming\Avira
2013-11-26 05:47 - 2013-11-26 05:47 - 03687936 _____ C:\Users\gary\Desktop\RogueKiller.exe
2013-11-26 05:43 - 2013-11-26 05:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\gary\Desktop\tdsskiller.exe
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-26 05:37 - 2013-11-26 05:37 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-26 05:36 - 2013-11-26 05:36 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-11-26 05:36 - 2013-11-26 05:36 - 00001899 _____ C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2013-11-26 05:36 - 2013-11-26 05:36 - 00000000 ____D C:\first_launch
2013-11-26 05:36 - 2013-11-26 05:35 - 00057096 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-11-26 05:36 - 2013-11-26 05:35 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-11-26 05:36 - 2013-11-26 05:35 - 00000000 ___SD C:\ProgramData\Shared Space
2013-11-26 05:36 - 2013-11-26 05:34 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-11-26 05:35 - 2013-11-26 05:35 - 00001116 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Users\gary\AppData\Local\Comodo
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\ProgramData\APN
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\ProgramData\Adtrustmedia
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files\COMODO
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files\AdTrustMedia
2013-11-26 05:35 - 2013-11-26 05:35 - 00000000 ____D C:\Program Files (x86)\AdTrustMedia
2013-11-26 05:34 - 2013-11-26 05:34 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\ProgramData\Avira
2013-11-26 05:34 - 2013-11-26 05:34 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-26 05:34 - 2013-11-26 05:28 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 05:34 - 2013-11-26 05:28 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Users\gary\AppData\Local\Google
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Users\gary\AppData\Local\Apps\2.0
2013-11-26 05:28 - 2013-11-26 05:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-26 05:28 - 2013-11-26 05:27 - 00000000 ____D C:\Users\gary\AppData\Local\Deployment
2013-11-26 05:19 - 2013-11-26 05:19 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-26 05:14 - 2013-11-26 05:14 - 00000000 ____D C:\Program Files (x86)\ADDON
2013-11-26 00:25 - 2009-07-13 21:38 - 00025600 ___SH C:\Windows\System32\config\BCD-Template.LOG
2013-11-26 00:25 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2013-11-26 00:24 - 2013-11-26 00:24 - 00000000 ____D C:\Hotfix
2013-11-26 00:24 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2013-11-26 00:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-11-26 00:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-11-25 17:54 - 2013-11-25 17:54 - 00071259 _____ C:\Windows\Huawei ModemsUninstall.exe
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Users\gary\AppData\Roaming\Macromedia
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Users\gary\AppData\Roaming\Adobe
2013-11-25 17:54 - 2013-11-25 17:54 - 00000000 ____D C:\Program Files (x86)\Huawei Modems
2013-11-25 17:41 - 2013-11-25 17:02 - 00001203 _____ C:\Users\Public\Desktop\The Secret World.lnk
2013-11-25 17:31 - 2013-11-25 17:31 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-25 17:24 - 2013-11-25 17:24 - 00000000 ____D C:\ProgramData\Intel
2013-11-25 17:24 - 2013-11-25 17:24 - 00000000 ____D C:\Program Files\Intel
2013-11-25 17:24 - 2013-11-25 17:23 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-25 17:24 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-25 17:23 - 2013-11-25 17:23 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-25 17:23 - 2013-11-25 17:23 - 00000000 ____D C:\Users\gary\AppData\Roaming\InstallShield
2013-11-25 17:23 - 2013-11-25 17:23 - 00000000 ____D C:\Intel
2013-11-25 17:11 - 2013-11-25 17:11 - 00057560 _____ C:\Users\gary\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\Users\gary\AppData\Roaming\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\Users\gary\AppData\Local\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 ____D C:\ProgramData\ATI
2013-11-25 17:11 - 2013-11-25 17:11 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\ProgramData\AMD
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-11-25 17:09 - 2013-11-25 17:09 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-11-25 17:08 - 2013-11-25 17:08 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-11-25 17:08 - 2013-11-25 17:07 - 00000000 ____D C:\Program Files\ATI Technologies
2013-11-25 17:07 - 2013-11-25 17:07 - 00000000 ____D C:\Program Files\ATI
2013-11-25 17:07 - 2013-11-25 17:07 - 00000000 ____D C:\AMD
2013-11-25 17:05 - 2013-11-25 17:02 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-25 17:04 - 2013-11-25 17:04 - 00000000 _____ C:\Users\gary\Documents\Default.rdp
2013-11-25 17:04 - 2013-11-25 17:03 - 00009971 _____ C:\Windows\DirectX.log
2013-11-25 17:03 - 2013-11-25 17:02 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Users\gary\AppData\Local\Funcom
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Program Files (x86)\Funcom
2013-11-25 16:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-11-25 16:38 - 2013-11-25 16:38 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-25 16:30 - 2013-11-25 16:30 - 00000000 ____D C:\Users\gary\AppData\Local\VirtualStore
2013-11-25 16:30 - 2013-11-25 16:29 - 00000000 ____D C:\users\gary
2013-11-25 16:29 - 2013-11-26 00:25 - 00000000 ____D C:\Windows\Panther
2013-11-25 16:29 - 2013-11-25 16:29 - 00000020 ___SH C:\Users\gary\ntuser.ini
2013-11-25 16:29 - 2013-11-25 16:29 - 00000000 __SHD C:\Recovery
2013-11-25 16:29 - 2009-07-13 20:45 - 00274320 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-25 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 16:27 - 2013-11-25 16:27 - 00001355 _____ C:\Windows\TSSysprep.log
2013-11-25 16:27 - 2009-07-13 20:46 - 00002790 _____ C:\Windows\DtcInstall.log
2013-11-25 16:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-11-25 16:26 - 2010-11-20 23:17 - 00000000 ____D C:\Windows\CSC
2013-11-14 03:38 - 2013-09-24 02:54 - 00709144 _____ (COMODO) C:\Windows\System32\Drivers\cmdguard.sys
2013-11-14 03:38 - 2013-09-24 02:53 - 00043216 _____ (COMODO) C:\Windows\System32\cmdcsr.dll
2013-10-31 11:25 - 2013-11-26 05:34 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-31 11:25 - 2013-11-26 05:34 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-31 11:25 - 2013-11-26 05:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-10-31 11:25 - 2013-11-26 05:34 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
 
Some content of TEMP:
====================
C:\Users\gary\AppData\Local\Temp\avgnt.exe
C:\Users\gary\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\gary\AppData\Local\Temp\ntdll_dump.dll
C:\Users\gary\AppData\Local\Temp\ResetDevice.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
6
Restore point made on: 2013-11-25 16:41:01
Restore point made on: 2013-11-25 17:03:46
Restore point made on: 2013-11-25 17:53:15
Restore point made on: 2013-11-26 05:14:08
Restore point made on: 2013-11-26 05:36:15
Restore point made on: 2013-11-26 06:13:49
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 12242.15 MB
Available physical RAM: 11127.71 MB
Total Pagefile: 12240.35 MB
Available Pagefile: 11123.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1815.32 GB) NTFS
Drive e: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E54C1790)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2013-11-25 16:25
 

 

==================== End Of Log ============================


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 27 November 2013 - 04:40 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 27 November 2013 - 06:43 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.27.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
gary :: GARY-PC [administrator]
 
Protection: Enabled
 
27/11/2013 23:17:44
mbam-log-2013-11-27 (23-17-44).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270819
Time elapsed: 12 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 28 November 2013 - 03:05 PM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 28 November 2013 - 09:27 PM

Hi TB-Psychotic, here are the results.

 

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 29 November 2013 - 02:44 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 29 November 2013 - 09:49 AM

Hi TB-Psychotic, here are the log results

 

# AdwCleaner v3.013 - Report created 29/11/2013 at 14:42:12
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : gary - GARY-PC
# Running from : C:\Users\gary\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\gary\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\gary\AppData\Roaming\ParetoLogic
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1276 octets] - [29/11/2013 14:40:40]
AdwCleaner[S0].txt - [1176 octets] - [29/11/2013 14:42:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1236 octets] ##########
 
 
------------------------------------------------------------------------------------------
 
 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Comodo Firewall cmdagent.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
Regards


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 02 December 2013 - 03:05 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 02 December 2013 - 04:58 PM

Hi TB-Psychotic here are the results

 

Farbar Service Scanner Version: 23-11-2013
Ran by gary (administrator) on 02-12-2013 at 21:57:04
Running from "C:\Users\gary\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#14 kuniva

kuniva
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 02 December 2013 - 05:25 PM

On a side note, whether this is important or not I do not know, but I took some screenshots of what I think looks suspicious with the User accounts and services running.

 

screen1.jpg

 

screen2.jpg

 

screen3.jpg

 

screen4.jpg

 

Kind Regards



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 03 December 2013 - 03:39 AM

Everything on these pictures is correct in a normal windows environment or if you have additional programs like avira antivir or comodo products installed! :)

 

Your computer is clean! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users