Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware log


  • This topic is locked This topic is locked
20 replies to this topic

#1 pathirage

pathirage

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 12 August 2014 - 01:22 PM

can someone analyze this log file for me?

 

Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Dialog Mobile Broadband\Dialog Mobile Broadband.exe
D:\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7814495-F7D6-4BE0-A686-6CB33F49C631}: NameServer = 123.231.0.167 202.69.201.194
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dialog Mobile Broadband. OUC (Dialog Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\MBAR\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 6285 bytes

Edited by Chris Cosgrove, 12 August 2014 - 06:42 PM.
Moved from AII to Virus etc logs


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 16 August 2014 - 11:12 AM

:welcome:

Hello pathirage,

my name is Jo and I will help you with your computer problems.


Why do you think you have a virus?

Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 20 August 2014 - 02:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 09:35 AM

Can u please open the topic

#5 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 09:55 AM

HI jo i have attached the tddskiller logs and OTl logs i currently use Norton internet security as my Anti virus and i think i gt infected caz of the dongle i did the scans after i used it once to update my anti virus i just wanted check my computer as the other computers are infected by a virus any help is really appreciated thanks :)
 
 
 
 
 
 
08:29:30.0922 0x0740  Detected object count: 1
08:29:30.0922 0x0740  Actual detected object count: 1
08:29:46.0584 0x0740  C:\Windows\system32\97EC.tmp - copied to quarantine
08:29:46.0584 0x0740  HKLM\SYSTEM\ControlSet001\services\MEMSWEEP2 - will be deleted on reboot
08:29:46.0912 0x0740  C:\Windows\system32\97EC.tmp - will be deleted on reboot
08:29:46.0912 0x0740  MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Delete 
08:29:47.0770 0x0740  KLMD registered as C:\Windows\system32\drivers\56619229.sys
  • 08:48:41.0252 0x07b4  Deinitialize success

Attached Files


Edited by pathirage, 22 August 2014 - 06:27 AM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 21 August 2014 - 10:10 AM

Hello pathirage,

next time please do not attach but copy the content of the logs into your message.

Still waiting for the Security Check log!

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


P2P - I see you have P2P software uTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
Please note:
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
I would advice you, uninstall it now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 10:29 AM

Hi jo i use malwarebytes antirootkit along norton so i did the scan and removed the detections about two days ago ill upload the two mbar logs and the others ASAP thanks a lot :) if u want i can give Gmer log as well :) yeah sorry for attaching the logs ill copy it next time


Edited by pathirage, 21 August 2014 - 10:31 AM.


#8 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 11:38 AM

HI these are the logs of malwarebytes

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org

 

Database version: v2014.05.21.07

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Lilan :: PC [administrator]

 

8/9/2014 2:52:41 PM

mbar-log-2014-08-09 (14-52-41).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 247992

Time elapsed: 2 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Windows\SysWOW64\msstp.vbe (Trojan.Agent.VBS) -> Delete on reboot. [7e8245bb0ff17e825ac894066b9701ff]

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 
 
 
2nd log
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.08.12.09
 
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Lilan :: PC [administrator]
 
8/14/2014 7:54:14 AM
mbar-log-2014-08-14 (07-54-14).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 280747
Time elapsed: 3 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Security.Hijack) -> Delete on reboot. [d6c2487abdbe43f37088870441c224dc]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Security.Hijack) -> Delete on reboot. [5840853d473478be9266a4e7f2113bc5]
 
Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger (Security.Hijack) -> Data: "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" -> Delete on reboot. [d6c2487abdbe43f37088870441c224dc]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger (Security.Hijack) -> Data: "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" -> Delete on reboot. [5840853d473478be9266a4e7f2113bc5]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

adwcleaner log

 

# AdwCleaner v3.308 - Report created 21/08/2014 at 22:00:45

# Updated 20/08/2014 by Xplode

# Operating System : Windows 7 Ultimate  (64 bits)

# Username : Lilan - PC

# Running from : C:\Users\Lilan\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16561

 

 

-\\ Google Chrome v36.0.1985.125

 

[ File : C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [753 octets] - [21/08/2014 22:00:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [812 octets] ##########



#9 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 11:39 AM

security check log

 Results of screen317's Security Check version 0.99.87  

 Windows 7  x64 (UAC is enabled)  

 Out of date service pack!! 

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 TuneUp Utilities 2014   

 TuneUp Utilities 2014 (en-US)  

 TuneUp Utilities 2014   

 Google Chrome 22.0.1229.95  

 Google Chrome 36.0.1985.125  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Exploit mbae-svc.exe   

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Malwarebytes Anti-Exploit mbae.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 6% 

````````````````````End of Log`````````````````````` 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 21 August 2014 - 01:27 PM

Hello pathirage,


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 07:50 PM

Here are the logs

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by Lilan on Fri 08/22/2014 at  6:05:49.07

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/22/2014 at  6:09:07.81

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 21 August 2014 - 07:51 PM

OTL logfile created on: 8/22/2014 6:10:55 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lilan\Desktop

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.94 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.25% Memory free

15.88 Gb Paging File | 14.48 Gb Available in Paging File | 91.19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 146.48 Gb Total Space | 113.58 Gb Free Space | 77.54% Space Free | Partition Type: NTFS

Drive D: | 394.06 Gb Total Space | 364.28 Gb Free Space | 92.44% Space Free | Partition Type: NTFS

Drive E: | 390.62 Gb Total Space | 260.99 Gb Free Space | 66.81% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Lilan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Lilan\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)

PRC - D:\MBAR\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe (Symantec Corporation)

SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (MbaeSvc) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation)

SRV - (MBAMService) -- D:\MBAR\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- D:\MBAR\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140813.001\ex64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140813.001\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140812.002\IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys (Symantec Corporation)

DRV - (ESProtectionDriver) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys ()

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: E:\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/08/04 19:18:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/08/22 06:03:13 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: YouTube = C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Lilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009/06/11 02:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O13 - gopher Prefix: missing

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/08/22 06:05:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/08/22 06:04:47 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Lilan\Desktop\JRT.exe

[2014/08/21 22:00:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/08/21 19:32:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lilan\Desktop\OTL.exe

[2014/08/21 11:45:03 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2014/08/16 20:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2014/08/16 20:59:09 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2014/08/16 15:54:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/08/16 15:52:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2014/08/14 11:24:38 | 000,000,000 | ---D | C] -- C:\Users\Lilan\Documents\RegRun2

[2014/08/14 09:08:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2014/08/14 09:08:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2014/08/14 09:08:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2014/08/14 09:07:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/08/14 07:52:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2014/08/13 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Secunia PSI

[2014/08/13 11:20:42 | 000,000,000 | ---D | C] -- C:\NPE

[2014/08/13 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\vlc

[2014/08/13 11:17:30 | 000,000,000 | ---D | C] -- C:\Users\Lilan\New folder (2)

[2014/08/13 11:17:13 | 000,000,000 | ---D | C] -- C:\Users\Lilan\vlc

[2014/08/13 11:11:01 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Temporary Projects

[2014/08/13 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Lilan\Documents\Visual Studio 2005

[2014/08/13 10:54:53 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Microsoft Help

[2014/08/13 10:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2014/08/13 09:57:22 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2014/08/13 09:57:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2014/08/13 09:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2014/08/13 09:33:54 | 000,036,152 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2014/08/13 09:32:24 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2014/08/13 09:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014

[2014/08/13 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\TuneUp Software

[2014/08/13 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\TuneUp Software

[2014/08/13 09:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2014

[2014/08/13 09:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2014/08/13 09:29:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

[2014/08/13 09:29:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2014/08/13 09:06:27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2014/08/13 09:06:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2014/08/13 09:06:27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/08/13 09:06:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2014/08/13 09:06:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/08/13 09:06:27 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/08/13 09:06:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2014/08/13 09:06:27 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2014/08/13 09:06:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2014/08/13 09:06:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2014/08/13 09:06:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2014/08/13 09:06:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2014/08/13 09:06:27 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2014/08/13 09:06:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2014/08/13 09:06:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2014/08/13 09:06:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/08/13 09:06:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2014/08/13 09:06:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2014/08/13 09:06:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2014/08/13 09:06:26 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2014/08/13 09:06:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2014/08/13 09:06:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/08/13 09:06:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2014/08/13 09:06:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2014/08/13 09:06:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2014/08/13 09:06:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/08/13 09:06:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2014/08/13 09:06:26 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/08/13 09:06:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2014/08/13 09:06:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2014/08/13 09:06:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/08/13 09:06:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2014/08/13 09:03:52 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\uTorrent

[2014/08/13 08:48:16 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll

[2014/08/13 08:46:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll

[2014/08/13 08:46:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll

[2014/08/13 08:46:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll

[2014/08/13 08:45:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2014/08/13 08:45:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2014/08/13 08:45:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2014/08/13 08:45:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2014/08/13 08:45:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2014/08/13 08:45:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2014/08/13 08:45:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2014/08/13 08:45:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2014/08/13 08:45:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2014/08/13 08:45:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2014/08/12 23:22:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2014/08/12 23:22:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2014/08/12 23:22:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2014/08/12 23:10:08 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2014/08/12 23:10:07 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2014/08/12 23:10:07 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll

[2014/08/12 23:10:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2014/08/12 23:10:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll

[2014/08/12 23:09:15 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2014/08/12 23:09:15 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2014/08/12 23:09:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2014/08/12 23:09:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2014/08/12 23:09:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2014/08/12 23:09:08 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2014/08/12 23:09:08 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2014/08/12 23:09:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2014/08/12 23:08:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2014/08/12 23:08:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2014/08/12 23:08:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2014/08/12 23:08:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2014/08/12 23:08:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2014/08/12 23:08:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2014/08/12 23:08:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2014/08/12 23:08:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2014/08/12 23:08:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2014/08/12 23:08:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2014/08/12 23:08:19 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2014/08/12 23:08:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2014/08/12 23:08:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2014/08/12 23:08:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2014/08/12 23:08:19 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2014/08/12 23:08:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2014/08/12 23:08:15 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2014/08/12 23:08:08 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2014/08/12 23:08:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2014/08/12 23:08:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2014/08/12 23:08:02 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2014/08/12 23:08:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2014/08/12 23:07:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2014/08/12 23:07:49 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2014/08/12 23:07:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2014/08/12 23:07:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2014/08/12 23:07:45 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2014/08/12 23:07:44 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2014/08/12 23:07:40 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2014/08/12 23:07:40 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2014/08/12 23:07:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2014/08/12 23:07:25 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2014/08/12 23:07:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2014/08/12 23:07:19 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2014/08/12 23:07:19 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2014/08/12 23:07:19 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2014/08/12 23:07:19 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2014/08/12 23:07:19 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2014/08/12 23:07:19 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2014/08/12 23:07:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2014/08/12 23:07:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2014/08/12 23:07:05 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2014/08/12 23:07:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2014/08/12 23:07:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2014/08/12 23:06:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2014/08/12 23:06:56 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2014/08/12 23:06:56 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2014/08/12 23:06:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2014/08/12 23:06:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2014/08/12 23:06:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2014/08/12 23:06:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2014/08/12 23:06:51 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2014/08/12 23:06:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2014/08/12 23:06:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2014/08/12 23:06:35 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll

[2014/08/12 23:06:35 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll

[2014/08/12 23:06:35 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe

[2014/08/12 23:06:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2014/08/12 23:06:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2014/08/12 23:06:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2014/08/12 23:06:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax

[2014/08/12 23:06:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax

[2014/08/12 23:06:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2014/08/12 23:06:12 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2014/08/12 23:04:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2014/08/12 23:04:29 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2014/08/12 23:04:28 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2014/08/12 23:04:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2014/08/12 23:04:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2014/08/12 23:04:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2014/08/12 23:04:26 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2014/08/12 23:01:23 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2014/08/12 23:01:23 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2014/08/12 23:01:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2014/08/12 23:01:19 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

[2014/08/12 23:01:19 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2014/08/12 23:01:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2014/08/12 22:56:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2014/08/12 22:46:07 | 001,291,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll

[2014/08/12 22:46:07 | 001,126,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll

[2014/08/12 22:46:07 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\NVIDIA Corporation

[2014/08/12 22:24:54 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\NPE

[2014/08/12 22:14:40 | 000,000,000 | ---D | C] -- C:\Users\Lilan\Documents\Symantec

[2014/08/12 22:13:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2014/08/10 09:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

[2014/08/10 09:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit

[2014/08/10 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit

[2014/08/09 15:58:56 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Apps

[2014/08/08 18:47:04 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll

[2014/08/08 18:47:04 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx

[2014/08/08 18:47:04 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl32.ocx

[2014/08/08 18:47:04 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll

[2014/08/08 18:47:04 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71u.dll

[2014/08/08 18:47:04 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll

[2014/08/08 18:47:04 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70u.dll

[2014/08/08 18:47:04 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb40032.dll

[2014/08/08 18:47:04 | 000,659,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx

[2014/08/08 18:47:04 | 000,617,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx

[2014/08/08 18:47:04 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll

[2014/08/08 18:47:04 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshflxgd.ocx

[2014/08/08 18:47:04 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\Windows\SysWow64\comct332.ocx

[2014/08/08 18:47:04 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll

[2014/08/08 18:47:04 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatgrd.ocx

[2014/08/08 18:47:04 | 000,258,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msflxgrd.ocx

[2014/08/08 18:47:04 | 000,252,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatlst.ocx

[2014/08/08 18:47:04 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dblist32.ocx

[2014/08/08 18:47:04 | 000,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx

[2014/08/08 18:47:04 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx

[2014/08/08 18:47:04 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mci32.ocx

[2014/08/08 18:47:04 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmask32.ocx

[2014/08/08 18:47:04 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx

[2014/08/08 18:47:04 | 000,163,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx

[2014/08/08 18:47:04 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx

[2014/08/08 18:47:04 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll

[2014/08/08 18:47:04 | 000,126,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx

[2014/08/08 18:47:04 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomm32.ocx

[2014/08/08 18:47:04 | 000,107,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll

[2014/08/08 18:47:04 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\picclp32.ocx

[2014/08/08 18:47:04 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll

[2014/08/08 18:47:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl70.dll

[2014/08/08 18:47:04 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysinfo.ocx

[2014/08/08 18:47:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71deu.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ita.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71fra.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71esp.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ita.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70fra.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70esp.dll

[2014/08/08 18:47:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70deu.dll

[2014/08/08 18:47:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71enu.dll

[2014/08/08 18:47:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70enu.dll

[2014/08/08 18:47:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll

[2014/08/08 18:47:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71kor.dll

[2014/08/08 18:47:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71jpn.dll

[2014/08/08 18:47:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70kor.dll

[2014/08/08 18:47:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70jpn.dll

[2014/08/08 18:47:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71cht.dll

[2014/08/08 18:47:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70cht.dll

[2014/08/08 18:47:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71chs.dll

[2014/08/08 18:47:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70chs.dll

[2014/08/08 18:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2014/08/08 18:18:35 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\NVIDIA

[2014/08/08 18:16:57 | 000,609,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe

[2014/08/08 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2014/08/08 18:14:27 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2014/08/08 18:14:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2014/08/08 18:14:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2014/08/08 18:14:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2014/08/08 18:13:37 | 024,196,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2014/08/08 18:13:37 | 016,122,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2014/08/08 18:13:37 | 015,294,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2014/08/08 18:13:37 | 014,498,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2014/08/08 18:13:37 | 011,283,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2014/08/08 18:13:37 | 011,222,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2014/08/08 18:13:37 | 003,989,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2014/08/08 18:13:37 | 002,814,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2014/08/08 18:13:37 | 000,907,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll

[2014/08/08 18:13:37 | 000,869,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll

[2014/08/08 18:13:37 | 000,846,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll

[2014/08/08 18:13:37 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll

[2014/08/08 18:13:37 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll

[2014/08/08 18:13:37 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll

[2014/08/08 08:15:45 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Diagnostics

[2014/08/07 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\CrashDumps

[2014/08/07 22:03:51 | 000,000,000 | ---D | C] -- C:\Users\Lilan\New folder

[2014/08/07 21:58:01 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2014/08/07 21:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2014/08/07 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2014/08/07 21:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2014/08/07 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Programs

[2014/08/07 21:25:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2014/08/07 20:19:15 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\WinRAR

[2014/08/05 08:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2014/08/05 07:26:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2014/08/05 07:25:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2014/08/04 20:42:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2014/08/04 20:01:54 | 000,000,000 | ---D | C] -- C:\Users\Lilan\Documents\Criterion Games

[2014/08/04 20:01:48 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2014/08/04 20:01:48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2014/08/04 20:01:47 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2014/08/04 20:01:47 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2014/08/04 20:01:47 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2014/08/04 20:01:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2014/08/04 20:01:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2014/08/04 20:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2014/08/04 19:52:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2014/08/04 19:52:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2014/08/04 19:52:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2014/08/04 19:51:59 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2014/08/04 19:51:59 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2014/08/04 19:51:59 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2014/08/04 19:51:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2014/08/04 19:51:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2014/08/04 19:51:59 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2014/08/04 19:51:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2014/08/04 19:51:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2014/08/04 19:51:58 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2014/08/04 19:51:58 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll

[2014/08/04 19:51:58 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2014/08/04 19:51:58 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll

[2014/08/04 19:51:58 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2014/08/04 19:51:58 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2014/08/04 19:51:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2014/08/04 19:51:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2014/08/04 19:51:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2014/08/04 19:51:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2014/08/04 19:51:57 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2014/08/04 19:51:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2014/08/04 19:51:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2014/08/04 19:51:56 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2014/08/04 19:51:56 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2014/08/04 19:51:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2014/08/04 19:51:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2014/08/04 19:51:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2014/08/04 19:51:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2014/08/04 19:51:56 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2014/08/04 19:51:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2014/08/04 19:51:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2014/08/04 19:51:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2014/08/04 19:51:55 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2014/08/04 19:51:55 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2014/08/04 19:51:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2014/08/04 19:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2014/08/04 19:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2014/08/04 19:51:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2014/08/04 19:51:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2014/08/04 19:51:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2014/08/04 19:51:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2014/08/04 19:51:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2014/08/04 19:51:54 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2014/08/04 19:51:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2014/08/04 19:51:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2014/08/04 19:51:54 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2014/08/04 19:51:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2014/08/04 19:51:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2014/08/04 19:51:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2014/08/04 19:51:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2014/08/04 19:51:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2014/08/04 19:51:53 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2014/08/04 19:51:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2014/08/04 19:51:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2014/08/04 19:51:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2014/08/04 19:51:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2014/08/04 19:51:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2014/08/04 19:51:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2014/08/04 19:51:52 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2014/08/04 19:51:51 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2014/08/04 19:51:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2014/08/04 19:51:51 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2014/08/04 19:51:51 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2014/08/04 19:51:51 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2014/08/04 19:51:51 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2014/08/04 19:51:51 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2014/08/04 19:51:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2014/08/04 19:51:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2014/08/04 19:51:50 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2014/08/04 19:51:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2014/08/04 19:51:50 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2014/08/04 19:51:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2014/08/04 19:51:47 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2014/08/04 19:51:47 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2014/08/04 19:51:47 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2014/08/04 19:51:46 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2014/08/04 19:51:46 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2014/08/04 19:51:46 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2014/08/04 19:51:46 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2014/08/04 19:51:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2014/08/04 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2014/08/04 19:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2014/08/04 19:42:02 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2014/08/04 19:42:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2014/08/04 19:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/08/04 19:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2014/08/04 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\DAEMON Tools Pro

[2014/08/04 19:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2014/08/04 19:23:55 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\DAEMON Tools Lite

[2014/08/04 19:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2014/08/04 19:20:29 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Skyrim

[2014/08/04 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\Lilan\Documents\Assassin's Creed IV Black Flag

[2014/08/04 19:19:32 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\GameSave Manager 3

[2014/08/04 19:17:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2014/08/04 19:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2014/08/04 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Macromedia

[2014/08/04 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Adobe

[2014/08/04 19:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/08/04 19:11:56 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Google

[2014/08/04 19:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2014/08/04 19:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2014/08/04 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2014/08/04 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2014/08/04 19:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2014/08/04 19:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

[2014/08/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2014/08/04 19:06:37 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS

[2014/08/04 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2014/08/04 19:06:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2014/08/04 19:06:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2014/08/04 19:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2014/08/04 19:05:27 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2014/08/04 19:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2014/08/04 19:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2014/08/04 19:04:54 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll

[2014/08/04 19:00:34 | 000,000,000 | R--D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2014/08/04 19:00:34 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Searches

[2014/08/04 19:00:34 | 000,000,000 | R--D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2014/08/04 19:00:34 | 000,000,000 | -H-D | C] -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2014/08/04 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Identities

[2014/08/04 19:00:25 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Contacts

[2014/08/04 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\VirtualStore

[2014/08/04 19:00:18 | 000,000,000 | --SD | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Videos

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Saved Games

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Pictures

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Music

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Links

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Favorites

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Downloads

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Documents

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\Desktop

[2014/08/04 19:00:18 | 000,000,000 | R--D | C] -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\AppData\Local\Temporary Internet Files

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Templates

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Start Menu

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\SendTo

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Recent

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\PrintHood

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\NetHood

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Documents\My Videos

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Documents\My Pictures

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Documents\My Music

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\My Documents

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Local Settings

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\AppData\Local\History

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Cookies

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\Application Data

[2014/08/04 19:00:18 | 000,000,000 | -HSD | C] -- C:\Users\Lilan\AppData\Local\Application Data

[2014/08/04 19:00:18 | 000,000,000 | -H-D | C] -- C:\Users\Lilan\AppData

[2014/08/04 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Temp

[2014/08/04 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Local\Microsoft

[2014/08/04 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Lilan\AppData\Roaming\Media Center Programs

[2014/08/04 19:00:15 | 000,000,000 | ---D | C] -- C:\Recovery

[2014/08/04 19:00:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

 

========== Files - Modified Within 30 Days ==========

 

[2014/08/22 06:02:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2014/08/22 06:02:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/08/22 06:02:35 | 2099,150,847 | -HS- | M] () -- C:\hiberfil.sys

[2014/08/22 00:12:58 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Lilan\Desktop\JRT.exe

[2014/08/21 23:06:21 | 001,310,720 | -HS- | M] () -- C:\Users\Lilan\NTUSER.DAT

[2014/08/21 23:06:18 | 002,434,377 | -H-- | M] () -- C:\Users\Lilan\AppData\Local\IconCache.db

[2014/08/21 21:58:29 | 001,364,531 | ---- | M] () -- C:\Users\Lilan\Desktop\AdwCleaner.exe

[2014/08/21 18:06:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lilan\Desktop\OTL.exe

[2014/08/19 22:30:58 | 000,000,000 | -H-- | M] () -- C:\Users\Lilan\Documents\Default.rdp

[2014/08/16 15:52:14 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2014/08/14 11:35:40 | 000,000,092 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI

[2014/08/14 11:24:40 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat

[2014/08/14 11:24:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT

[2014/08/14 11:24:40 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT

[2014/08/13 20:09:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/08/13 20:09:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/08/13 09:45:44 | 000,001,254 | ---- | M] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/08/13 09:10:34 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/08/13 09:06:27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2014/08/13 09:06:27 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2014/08/13 09:06:27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/08/13 09:06:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2014/08/13 09:06:27 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/08/13 09:06:27 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/08/13 09:06:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2014/08/13 09:06:27 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2014/08/13 09:06:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2014/08/13 09:06:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2014/08/13 09:06:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2014/08/13 09:06:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2014/08/13 09:06:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2014/08/13 09:06:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2014/08/13 09:06:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2014/08/13 09:06:27 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2014/08/13 09:06:26 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/08/13 09:06:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2014/08/13 09:06:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2014/08/13 09:06:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2014/08/13 09:06:26 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2014/08/13 09:06:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2014/08/13 09:06:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/08/13 09:06:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2014/08/13 09:06:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2014/08/13 09:06:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2014/08/13 09:06:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/08/13 09:06:26 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/08/13 09:06:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2014/08/13 09:06:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2014/08/13 09:06:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2014/08/13 09:06:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/08/13 09:06:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2014/08/12 23:43:36 | 000,002,279 | ---- | M] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/08/12 23:40:23 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2014/08/09 14:41:54 | 000,001,061 | ---- | M] () -- C:\Users\Lilan\rgmnr

[2014/08/08 18:08:43 | 000,000,702 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/08/05 07:28:36 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2014/08/04 19:55:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/08/04 19:50:58 | 000,001,138 | ---- | M] () -- C:\Users\Lilan\Desktop\skyrim - Shortcut.lnk

[2014/08/04 19:48:50 | 000,000,900 | ---- | M] () -- C:\Users\Lilan\Desktop\mbar - Shortcut.lnk

[2014/08/04 19:45:46 | 000,000,898 | ---- | M] () -- C:\Users\Lilan\Desktop\AC4BFSP - Shortcut.lnk

[2014/08/04 19:31:55 | 000,037,856 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2014/08/04 19:10:17 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2014/08/04 19:06:52 | 000,524,288 | -HS- | M] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2014/08/04 19:06:52 | 000,524,288 | -HS- | M] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2014/08/04 19:06:52 | 000,065,536 | -HS- | M] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2014/08/04 19:00:18 | 000,000,020 | -HS- | M] () -- C:\Users\Lilan\ntuser.ini

[2014/07/25 19:31:55 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll

[2014/07/25 19:31:55 | 001,126,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll

 

========== Files Created - No Company Name ==========

 

[2014/08/21 22:00:34 | 001,364,531 | ---- | C] () -- C:\Users\Lilan\Desktop\AdwCleaner.exe

[2014/08/21 20:10:36 | 002,434,377 | -H-- | C] () -- C:\Users\Lilan\AppData\Local\IconCache.db

[2014/08/19 22:30:58 | 000,000,000 | -H-- | C] () -- C:\Users\Lilan\Documents\Default.rdp

[2014/08/14 11:33:32 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI

[2014/08/14 11:24:40 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

[2014/08/14 11:24:40 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT

[2014/08/14 11:24:40 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT

[2014/08/14 09:08:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2014/08/14 09:08:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2014/08/14 09:08:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2014/08/14 09:08:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2014/08/14 09:08:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2014/08/13 09:32:15 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

[2014/08/13 09:06:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2014/08/13 08:47:49 | 000,420,032 | ---- | C] () -- C:\Windows\SysWow64\locale.nls

[2014/08/08 18:47:04 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll

[2014/08/08 18:37:41 | 000,001,061 | ---- | C] () -- C:\Users\Lilan\rgmnr

[2014/08/08 18:15:44 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/08/08 18:08:43 | 000,000,702 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/08/07 21:28:00 | 000,001,254 | ---- | C] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/08/05 07:28:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2014/08/05 07:28:18 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2014/08/05 07:25:37 | 2099,150,847 | -HS- | C] () -- C:\hiberfil.sys

[2014/08/04 19:55:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/08/04 19:50:58 | 000,001,138 | ---- | C] () -- C:\Users\Lilan\Desktop\skyrim - Shortcut.lnk

[2014/08/04 19:48:50 | 000,000,900 | ---- | C] () -- C:\Users\Lilan\Desktop\mbar - Shortcut.lnk

[2014/08/04 19:45:46 | 000,000,898 | ---- | C] () -- C:\Users\Lilan\Desktop\AC4BFSP - Shortcut.lnk

[2014/08/04 19:17:59 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2014/08/04 19:12:04 | 000,002,279 | ---- | C] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/08/04 19:11:59 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/08/04 19:11:58 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/08/04 19:10:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2014/08/04 19:09:39 | 000,037,856 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2014/08/04 19:00:37 | 000,001,409 | ---- | C] () -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2014/08/04 19:00:35 | 000,001,260 | ---- | C] () -- C:\Users\Lilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2014/08/04 19:00:18 | 001,310,720 | -HS- | C] () -- C:\Users\Lilan\NTUSER.DAT

[2014/08/04 19:00:18 | 000,524,288 | -HS- | C] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2014/08/04 19:00:18 | 000,524,288 | -HS- | C] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2014/08/04 19:00:18 | 000,065,536 | -HS- | C] () -- C:\Users\Lilan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2014/08/04 19:00:18 | 000,000,290 | ---- | C] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2014/08/04 19:00:18 | 000,000,272 | ---- | C] () -- C:\Users\Lilan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2014/08/04 19:00:18 | 000,000,020 | -HS- | C] () -- C:\Users\Lilan\ntuser.ini

 

========== ZeroAccess Check ==========

 

[2009/07/14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:00:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:16:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/08/04 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Lilan\AppData\Roaming\DAEMON Tools Lite

[2014/08/21 13:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lilan\AppData\Roaming\DAEMON Tools Pro

[2014/08/13 10:31:26 | 000,000,000 | ---D | M] -- C:\Users\Lilan\AppData\Roaming\GameSave Manager 3

[2014/08/13 09:32:04 | 000,000,000 | ---D | M] -- C:\Users\Lilan\AppData\Roaming\TuneUp Software

[2014/08/21 21:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lilan\AppData\Roaming\uTorrent

 

========== Purity Check ==========

 

 

 

< End of report >



#13 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 22 August 2014 - 03:21 AM

Hello pathirage,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 pathirage

pathirage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 22 August 2014 - 04:39 AM

Hi I use malwarebytes and the results show nothing ill upload the eset log jo could you please let me know whether im infected or not.if im infected how? Did i get the virus from dongle?

Edited by pathirage, 22 August 2014 - 04:41 AM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 22 August 2014 - 04:47 AM

please run the scans with Malwarebytes' Anti-Malware and ESET and post the logs.
Then we can say if your pc looks clean.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users