Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have one very difficult hack or virus to remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 2nd, 2013, 9:00 pm

Hi I am not sure whether this is the right place to post as the infection
seems more bios hack related than virus related.

I am posting the dds logs as per the rules anyway.

In short I have tried numerous ways to fix the problems that my computer has been having. About 3 mths ago I noted my antivirus picked up on shadow copy malware which I presumed it had deleted as my settings were such that on any file that is suspicious the file should be deleted completely from the system. Since that time My computer has been doing all sorts of strange things.. ie when doing netstat to connections it seems as if I am being connected to myself first then a channel and then to the https connections.. On going through my computer I noticed space missing that shouldn't be missing and found areas on the hard drive that are inaccessible nor deleteable. I thought maybe just put another drive in . and did so but noticed that even after crossing the cmos jumpers and resetting the bios that at the beginning of the start up there was a vista boot up and I was using windows 7.. I then paid particular attention to the bios by trying to re flash it with the proper asus flash utility. the flash would not take as it it showed there was a block in the bios that was stopping it from finishing completely.

ie the flash gets to 3 quarters done and appears to finish but goes no further up the graph than 3 quarters,

there are a number of other anomalies in the whole thing as all 3 of my computers suffer the same problems. I am hoping to get just this one clean as I believe I will be able to resolve the others once I get to the bottom of what ails this one.

I am a bit hamstrung to give examples of what happens when using netstat commands because I seem to have lost the ability to copy anything in the command window using normal methods. I now take screen shots of the netstat searches ..instead.

I have a little knowledge on how to get rid of virus's and have always been able to clean my own ( which has been a very rare occurrence ) but this one has defeated the Norton virus team and I think malware bytes.

Anyway I will wait and see what you folk have to say on the logs before I post any further.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Peter at 20:04:30 on 2013-01-31
#Option Extended Search is enabled.
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.61.2057.18.8191.6705 [GMT 10.5:30]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\SpecialBroadcastingServic.SBSOnDemand_1.2.0.86_x64__tkrs5w3k6x932\SBSOnDemand.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ninemsn.com.au/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{05DA4901-6120-4717-A92F-EBD067461CCE} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-RunOnce: [131_1730627354005] "C:\Users\Peter\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xcp5jq3b.default\
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-26 21:46; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xcp5jq3b.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\Drivers\NBVol.sys [2013-1-26 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\Drivers\NBVolUp.sys [2013-1-26 15920]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R3 athur;Qualcomm Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\Drivers\athuw8x.sys [2013-1-26 3744256]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-1-30 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-1-30 9800]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-1-29 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-1-29 12384]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 60 ================
.
2013-01-31 07:02:09 -------- d-----w- C:\Users\Peter\AppData\Local\LogMeIn Rescue Applet
2013-01-31 07:02:06 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4957EDFA-2F06-48C6-8F44-74F508023E89}\offreg.dll
2013-01-31 02:49:21 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2013-01-31 02:34:58 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-01-31 02:34:53 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-01-31 02:22:20 -------- d-----w- C:\Program Files\PlayReady
2013-01-31 02:21:48 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-31 02:21:36 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-31 02:21:34 710992 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-31 01:33:54 -------- d-----w- C:\Windows\ehome
2013-01-31 00:06:00 -------- d-----w- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2013-01-30 22:16:00 35712 ----a-w- C:\Windows\SysWow64\drivers\8JI3fFXX.sys
2013-01-30 19:21:30 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4957EDFA-2F06-48C6-8F44-74F508023E89}\mpengine.dll
2013-01-30 17:41:41 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-30 16:12:02 -------- d-----w- C:\Users\Peter\AppData\Roaming\GHISLER
2013-01-30 16:12:02 -------- d-----w- C:\totalcmd
2013-01-30 15:42:50 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-30 10:06:58 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2013-01-30 10:06:58 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2013-01-30 10:06:58 3376640 ----a-w- C:\Windows\System32\BootMan.exe
2013-01-30 10:06:58 3316736 ----a-w- C:\Windows\System32\¸´¼þ BootMan.exe
2013-01-30 10:06:58 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe
2013-01-30 10:06:58 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2013-01-30 10:06:58 17480 ----a-w- C:\Windows\System32\epmntdrv.sys
2013-01-30 10:06:58 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2013-01-30 10:06:58 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2013-01-30 10:06:57 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2013-01-30 10:06:57 14920 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2013-01-30 10:06:49 -------- d-----w- C:\Program Files (x86)\EaseUS
2013-01-30 09:09:15 -------- d-----w- C:\Users\Peter\AppData\Local\Macromedia
2013-01-30 01:30:49 -------- d-----w- C:\Users\Peter\AppData\Local\CrashDumps
2013-01-30 00:32:07 35712 ----a-w- C:\Windows\SysWow64\drivers\2Acu24A8.sys
2013-01-30 00:18:14 -------- d-----w- C:\Users\Peter\AppData\Local\NPE
2013-01-30 00:18:14 -------- d-----w- C:\ProgramData\Norton
2013-01-29 22:48:55 -------- d-----w- C:\Users\Peter\AppData\Roaming\abelhadigital.com
2013-01-29 22:48:55 -------- d-----w- C:\ProgramData\abelhadigital.com
2013-01-29 22:48:51 -------- d-----w- C:\Program Files (x86)\HostsMan
2013-01-29 21:19:42 210624 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10191.bin
2013-01-29 11:24:27 -------- d-sh--w- C:\Boot
2013-01-29 03:11:41 -------- d-----w- C:\Temp
2013-01-28 13:58:34 3055808 ----a-w- C:\Windows\System32\pwNative.exe
2013-01-28 13:58:34 19032 ------w- C:\Windows\System32\pwdrvio.sys
2013-01-28 13:58:34 12384 ------w- C:\Windows\System32\pwdspio.sys
2013-01-27 22:53:59 77824 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-27 22:52:59 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-01-27 22:51:58 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
2013-01-27 22:50:59 3964416 ----a-w- C:\Windows\System32\WinSAT.exe
2013-01-27 22:49:59 92672 ----a-w- C:\Windows\System32\drvinst.exe
2013-01-27 14:20:00 -------- d-----w- C:\Windows\System32\appmgmt
2013-01-27 12:20:49 -------- d-----w- C:\Users\Peter\AppData\Roaming\Ashampoo
2013-01-27 12:20:40 -------- d-----w- C:\Users\Peter\AppData\Local\ashampoo
2013-01-27 12:20:38 -------- d-----w- C:\ProgramData\Ashampoo
2013-01-27 12:20:34 -------- d-----w- C:\Program Files (x86)\Ashampoo
2013-01-27 12:19:56 -------- d-----w- C:\Users\Peter\AppData\Local\Programs
2013-01-27 11:30:04 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-01-27 11:30:03 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-01-27 11:20:11 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-01-27 11:20:10 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-01-27 11:03:47 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-01-27 11:03:36 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-01-27 10:58:40 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-01-27 10:58:39 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-01-27 10:58:39 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-01-27 10:58:39 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-01-27 10:58:37 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-01-27 10:58:37 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-01-27 10:58:34 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-01-27 10:58:34 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-01-27 10:58:33 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-01-27 10:58:33 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-01-27 10:58:05 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-27 10:58:04 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-26 18:37:13 -------- d-----w- C:\Windows\en
2013-01-26 18:36:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-26 18:36:43 -------- d-----w- C:\Windows\PCHEALTH
2013-01-26 18:34:55 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-01-26 12:52:30 -------- d-----w- C:\Users\Peter\AppData\Roaming\simplitec
2013-01-26 12:10:28 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-26 11:10:43 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-01-26 11:10:29 63336 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-26 11:10:29 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-26 11:10:28 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-26 11:10:28 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-26 11:10:28 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-26 11:10:28 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-26 11:10:05 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2013-01-26 11:10:05 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-01-26 11:09:50 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-01-26 11:09:44 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-01-26 10:59:04 3744256 ----a-w- C:\Windows\System32\drivers\athuw8x.sys
2013-01-26 10:52:05 -------- d-----w- C:\Users\Peter\AppData\Roaming\MAGIX
2013-01-26 10:52:05 -------- d-----w- C:\ProgramData\MAGIX
2013-01-26 10:37:04 -------- d-----r- C:\Users\Peter\Searches
2013-01-26 10:36:30 -------- d-----w- C:\Users\Peter\AppData\Local\VirtualStore
2013-01-26 10:36:24 -------- d-----w- C:\Users\Peter\AppData\Local\Packages
2013-01-26 10:36:24 -------- d-----w- C:\ProgramData\PRICache
2013-01-26 10:22:22 -------- d--h--w- C:\Users\Peter\AppData
2013-01-26 10:22:22 -------- d-----w- C:\Users\Peter\AppData\Local\Temp
2013-01-26 10:22:22 -------- d-----w- C:\Users\Peter\AppData\Local\Microsoft
2013-01-26 10:18:41 -------- d-----w- C:\Windows.old
2013-01-26 05:32:21 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys
2013-01-26 05:32:20 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys
2013-01-26 05:32:20 -------- d-----w- C:\Program Files (x86)\Nero
2013-01-26 05:28:01 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2013-01-26 05:28:01 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2013-01-26 05:28:01 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-01-26 05:28:00 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2013-01-26 05:28:00 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-01-26 05:28:00 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2013-01-26 04:58:12 -------- d-----w- C:\Program Files (x86)\Verbatim
2013-01-26 04:07:23 -------- d-----w- C:\Users\Peter\AppData\Local\Adobe
2013-01-26 03:28:47 -------- d-----w- C:\Program Files (x86)\MAGIX
2013-01-26 03:28:44 -------- d-----w- C:\ProgramData\simplitec
2013-01-26 03:28:39 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-01-26 03:28:35 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2013-01-25 23:22:18 -------- d-----w- C:\Windows\Panther
2013-01-25 01:48:02 -------- d-----w- C:\NVIDIA
2013-01-18 23:15:15 -------- d-----r- C:\Users\Peter\Contacts
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Videos
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Saved Games
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Pictures
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Music
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Links
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Downloads
2013-01-18 23:14:35 -------- d-----r- C:\Users\Peter\Documents
2013-01-15 08:51:22 -------- d-sh--w- C:\Recovery
.
==================== Find6M ====================
.
2013-01-26 03:29:55 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2012-12-18 23:32:58 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 23:32:58 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
2012-11-27 04:18:25 1146880 ----a-w- C:\Windows\System32\mcmde.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-11-08 00:59:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll
2012-11-06 04:17:42 785920 ----a-w- C:\Windows\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2012-11-06 04:17:32 212992 ----a-w- C:\Windows\System32\bthprops.cpl
2012-11-06 04:00:44 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2012-11-06 04:00:17 16384 ----a-w- C:\Windows\System32\iscsilog.dll
.
============= FINISH: 20:05:04.56 ===============
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am
Advertisement
Register to Remove

Re: I have one very difficult hack or virus to remove

Unread postby Gary R » February 4th, 2013, 9:29 am

The chances that someone has remotely hacked your BIOS are pretty much non-existant. Although in theory people have been able to hack a BIOS, in fact this was usually accomplished in very specific laboratory conditions and was done by someone with hands on access, as far as I'm aware no one has been able to accomplish a remote hack "in the wild". Is there any reason that you would expect that you would be the target of such an uncommon means of attack ?

I notice you say your machine is a Windows 7 machine, yet your DDS log indicates that you are using Windows 8 Pro.

If you have recently updated from W7 to W8, it is much more likely that your problems have been created by a failed update than by anything else.

If your machine is a recent W8 purchase, then it should still be under warranty, and your simplest resolution to your problems would be to return it to the manufacturers.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 12:29 pm

I believe I have been targeted because I do a large amount of photography that I upload to face book. The work that I do is of a fairly high standard but I do not copy write as I want the people who cant afford to pay for good pictures to have them for free.I have a reasonable following of people a large proportion of which are not even on my friends list because they have access to the pics publicly. I have people who are going physically blind wanting to see as many pictures as they can before they are unable to see any more.

I do this all at my own expense in time and travel. I am a home user that basically spends all his time trying to give others less fortunate a smile on their face.

The machine I am on at the moment is an upgraded windows 7 ultimate to windows 8 pro machine the other machine i have is a windows 7 laptop... and I also have an acer with the same hacks. But according to the rules I can only work on one so I will pick the easiest access one which is windows 8 asus pqr/se motherboard with 8 gig of ram 512 pcie nvidia graphics card .It its a desk top so I have easy access to both cmos and hard drive .......Its a little more difficult to pull the battery in the laptop :)

I know it is definately a bios hack in all of the machines. The bios is un flashable and is changed in such a way on at least the laptop that i have lost access to a number of its functions where as normally you can set in all of them.

It appears as if they have had a modded flash applied and no matter how I try I have been unable to clear the blocks.. The hackes are pretty much watching everything I do even to the point of killing my machine when trying to talk to you. It also seems as if they ban me from getting to certain self help sites like asus support. I am a member there but it seems I can never get to the support site any more. I think everything is compromised . They even tried nailing my phone but I do not have a net connection so the message only messed the phone a little resulting in a factory reset to get it going again.

I first cottoned onto what was going on when my pictures were disappearing from my desktop and when editing I was being asked by windows if I wanted to use .jxr files.. I had no idea what .jxr was so I researched and found it to be a unix picture file type . On trying to load some pictures to FB I noticed a number never actually made it so I tried again only this time I ran netstat at the same time. I then tracked the ip adresses which led to Paste bin and the print cloud neither of which i knew anything about. I could tell by netstat at the time that I had been bumped from a https to a number of http adresses. So I guess someone is taking the pictures i was donating to the world for themselves to make money from.

I actually feel like I have been taken over by a botnet...and that any changes I try to make to kill the hacks are picked up by their servers and are thwarted because they already have access. I also believe there are a large number of people on Facebook suffering the same but dont even realise that they are just the botnets workstation.

What ever they have done to the bios has to be the key to their removal because even when putting in a new hard drive after clearing the cmos and leaving the battery out the problem still exists in all machines I have tried.

I have done the best i can to explain why I am here now I guess its up to your advice as to what I do or even if my problem fits the criteria for your help. I have worked my way through life on the net always cleaning my own virus's which have been very rare since the time of windows 95 but this one is way beyond my knowledge.
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby Gary R » February 4th, 2013, 1:12 pm

If you have actually got a BIOS hack, then I do not expect we can help you, however before we go down that avenue I'd like you to run a couple of scans for me.

The first is run from Recovery Environment, so Windows will not be running and any infection active within Windows will not interfere with the scan results.

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

  • Hold down your Shift key, and keep it held down while you Restart your computer.
  • You should now see the screen below ...

Image

  • Select Troubleshoot to see the screen below ...

Image

  • Select Advanced Options to see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.

Next

Please boot up as normal and run the following scan for me ...

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • FRST.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 5:34 pm

As Requested and I must stress that even though it says that the app was not run in the safe mode environment it surely was.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by Peter at 05-02-2013 07:23:24
Running from G:\
(X64) OS Language: English(UK)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-05 07:16 - 2013-02-05 07:16 - 00000611 ____A C:\Users\Peter\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
2013-02-05 07:10 - 2013-02-05 07:10 - 02195061 ____A C:\Users\Peter\Downloads\tdsskiller.zip
2013-02-05 03:52 - 2013-02-05 03:52 - 02567396 ____A C:\Users\Peter\Documents\tonights forbidden zone5.2.2013.bmp
2013-02-05 03:47 - 2013-02-05 03:47 - 00001463 ____A C:\Users\Peter\Desktop\RKreport[9]_S_02052013_02d0347.txt
2013-02-05 03:43 - 2013-02-05 03:43 - 00000000 ____D C:\CCE_Quarantine
2013-02-05 01:38 - 2013-02-05 01:38 - 00000000 ____D C:\Users\Peter\Downloads\cce_2.5.242177.201_x64
2013-02-05 01:35 - 2013-02-05 01:36 - 25543261 ____A C:\Users\Peter\Downloads\cce_2.5.242177.201_x64.zip
2013-02-05 01:29 - 2013-02-05 02:02 - 00002259 ____A C:\Users\Peter\Desktop\Google Chrome.lnk
2013-02-05 01:27 - 2013-02-05 07:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-05 01:27 - 2013-02-05 03:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-05 01:27 - 2013-02-05 01:29 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
2013-02-05 01:27 - 2013-02-05 01:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-05 01:27 - 2013-02-05 01:27 - 32353488 ____A C:\Users\Peter\Downloads\GoogleChromeStandaloneEnterprise.msi
2013-02-05 00:47 - 2013-02-05 00:48 - 00000000 ____D C:\Users\Peter\AppData\Local\eSupport.com
2013-02-05 00:47 - 2013-02-05 00:47 - 00630360 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Peter\Desktop\biosagentplus_755.exe
2013-02-05 00:47 - 2013-02-05 00:47 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-02-05 00:47 - 2013-02-05 00:47 - 00001061 ____A C:\Users\Peter\Desktop\BiosAgent Plus.lnk
2013-02-05 00:42 - 2013-02-05 00:42 - 00483840 ____A C:\Users\Peter\Desktop\bit.exe
2013-02-05 00:42 - 2013-02-05 00:42 - 00000349 ____A C:\Users\Peter\Downloads\report1.dat
2013-02-05 00:42 - 2013-02-05 00:42 - 00000349 ____A C:\Users\Peter\Desktop\report1.dat
2013-02-04 15:35 - 2013-02-04 15:35 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-02-04 15:34 - 2013-02-04 15:35 - 00000000 ____D C:\Users\Peter\AppData\Local\Paint.NET
2013-02-04 15:34 - 2013-02-04 15:35 - 00000000 ____D C:\Program Files\Paint.NET
2013-02-04 11:16 - 2013-02-04 11:16 - 00001033 ____A C:\Users\Peter\Desktop\RKreport[8]_S_02042013_02d1116.txt
2013-02-04 11:15 - 2013-02-04 11:15 - 00001384 ____A C:\Users\Peter\Desktop\RKreport[7]_D_02042013_02d1115.txt
2013-02-04 11:13 - 2013-02-04 11:13 - 00001345 ____A C:\Users\Peter\Desktop\RKreport[6]_S_02042013_02d1113.txt
2013-02-04 11:12 - 2013-02-04 11:12 - 00001313 ____A C:\Users\Peter\Desktop\RKreport[5]_S_02042013_02d1112.txt
2013-02-04 11:11 - 2013-02-04 11:11 - 00761856 ____A C:\Users\Peter\Desktop\RogueKillerX64(1).exe
2013-02-03 15:27 - 2013-02-03 15:27 - 01574868 ____A C:\Users\Peter\Documents\full netstat.bmp
2013-02-03 10:53 - 2013-02-03 10:53 - 00647528 ____A C:\Users\Peter\Documents\netstat and host gator.bmp
2013-02-03 10:37 - 2013-02-03 10:37 - 00647528 ____A C:\Users\Peter\Documents\ip to host gator.bmp
2013-02-02 10:13 - 2013-02-02 10:14 - 00296208 ____A C:\Windows\Minidump\020213-21372-01.dmp
2013-02-02 08:43 - 2013-02-02 08:43 - 04544132 ____A C:\Users\Peter\Documents\netstat cap ture invalid fb connections when not connected.bmp
2013-02-02 08:33 - 2013-02-02 08:33 - 05351868 ____A C:\Users\Peter\Desktop\AutoScreenRecorder_01 Feb. 02 08.33.avi
2013-02-02 07:20 - 2013-02-02 07:20 - 00046833 ____A C:\Users\Peter\Documents\2012 - 2013 a nice day.wlmp
2013-02-02 06:00 - 2013-02-02 06:24 - 00000000 ____D C:\Users\Peter\Desktop\fb movie
2013-02-01 21:42 - 2013-02-01 21:42 - 03559897 ____A (Igor Pavlov) C:\Users\Peter\Desktop\sl670_bios_w230.exe
2013-02-01 20:44 - 2013-02-01 20:44 - 00000085 ____A C:\Users\Peter\Desktop\BingSiteAuth.xml
2013-02-01 12:54 - 2013-02-01 12:54 - 01111572 ____A C:\Users\Peter\Documents\netstat on fb.bmp
2013-02-01 12:52 - 2013-02-01 12:52 - 00001000 ____A C:\Users\UpdatusUser\Desktop\Quick Screen Capture.lnk
2013-02-01 12:52 - 2013-02-01 12:52 - 00001000 ____A C:\Users\Peter\Desktop\Quick Screen Capture.lnk
2013-02-01 12:52 - 2013-02-01 12:52 - 00000000 ____D C:\Program Files (x86)\Quick Screen Capture
2013-02-01 12:52 - 2013-02-01 12:52 - 00000000 ____D C:\MyCaptures
2013-02-01 12:51 - 2013-02-01 12:51 - 01074244 ____A (Etru Software Development ) C:\Users\Peter\Downloads\capture.exe
2013-02-01 12:43 - 2013-02-01 12:44 - 01322266 ____A C:\Users\Peter\Desktop\AutoScreenRecorder_02 Feb. 01 12.44.avi
2013-02-01 12:40 - 2013-02-01 12:40 - 00002060 ____A C:\Users\UpdatusUser\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-02-01 12:40 - 2013-02-01 12:40 - 00002060 ____A C:\Users\Peter\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-02-01 12:40 - 2013-02-01 12:40 - 00000000 ____D C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
2013-02-01 12:38 - 2013-02-01 12:39 - 03943287 ____A C:\Users\Peter\Downloads\setupautoscreenrecorderfree.exe
2013-02-01 10:21 - 2013-02-01 10:21 - 00000000 ____D C:\Program Files (x86)\MustBeRandomlyNamed
2013-01-31 20:18 - 2013-01-31 20:18 - 00021986 ____A C:\Users\Peter\Desktop\DDS the one to post.txt
2013-01-31 20:03 - 2013-01-31 20:03 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.com
2013-01-31 17:32 - 2013-02-01 01:15 - 00000000 ____D C:\Users\Peter\AppData\Local\LogMeIn Rescue Applet
2013-01-31 17:32 - 2013-01-31 17:32 - 01244000 ____A (LogMeIn, Inc.) C:\Users\Peter\Downloads\Support-LogMeInRescue.exe
2013-01-31 13:06 - 2013-02-02 10:13 - 436282774 ____A C:\Windows\MEMORY.DMP
2013-01-31 13:06 - 2013-02-02 10:13 - 00000000 ____D C:\Windows\Minidump
2013-01-31 13:06 - 2013-01-31 13:06 - 00296248 ____A C:\Windows\Minidump\013113-33228-01.dmp
2013-01-31 12:52 - 2013-01-31 12:52 - 00000000 ____D C:\Program Files\PlayReady
2013-01-31 12:47 - 2013-01-31 12:47 - 00000000 ____D C:\Users\Peter\Desktop\New folder (2)
2013-01-31 12:43 - 2009-12-11 09:29 - 00647762 ____A C:\Users\Peter\Downloads\PCTV_340e_801e_(2.3.3.32).zip
2013-01-31 12:22 - 2013-01-31 12:22 - 00001285 ____A C:\Users\Peter\Desktop\RKreport[4]_D_01312013_02d1222.txt
2013-01-31 12:21 - 2013-01-31 12:21 - 00001246 ____A C:\Users\Peter\Desktop\RKreport[3]_S_01312013_02d1221.txt
2013-01-31 12:17 - 2013-01-31 12:17 - 00001202 ____A C:\Users\Peter\Desktop\RKreport[2]_S_01312013_02d1217.txt
2013-01-31 12:01 - 2012-07-26 06:45 - 00031841 ____A C:\Windows\ProfessionalWMC.xml
2013-01-31 11:40 - 2013-01-31 11:40 - 00000030 ____A C:\Users\Peter\Desktop\ppppppp.txt
2013-01-31 09:05 - 2013-01-31 09:06 - 04732416 ____A (AVAST Software) C:\Users\Peter\Downloads\aswMBR (1).exe
2013-01-31 08:59 - 2013-01-31 20:05 - 00021986 ____A C:\Users\Peter\Desktop\dds.txt
2013-01-31 08:59 - 2013-01-31 20:05 - 00005019 ____A C:\Users\Peter\Desktop\attach.txt
2013-01-31 08:53 - 2013-01-31 08:54 - 04732416 ____A (AVAST Software) C:\Users\Peter\Downloads\aswMBR.exe
2013-01-31 08:46 - 2013-01-31 08:46 - 00035712 ____A C:\Windows\SysWOW64\Drivers\8JI3fFXX.sys
2013-01-31 08:43 - 2013-01-31 08:43 - 00001165 ____A C:\Users\Peter\Desktop\RKreport[1]_S_01312013_02d0843.txt
2013-01-31 02:42 - 2013-01-31 02:42 - 00000646 ____A C:\Users\Peter\Desktop\Total Commander 64 bit.lnk
2013-01-31 02:42 - 2013-01-31 02:42 - 00000632 ____A C:\Users\Peter\Desktop\Total Commander.lnk
2013-01-31 02:42 - 2013-01-31 02:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\GHISLER
2013-01-31 02:42 - 2013-01-31 02:42 - 00000000 ____D C:\totalcmd
2013-01-31 02:41 - 2013-01-31 02:41 - 05896408 ____A (Ghisler Software GmbH) C:\Users\Peter\Downloads\tcm801x32_64.exe
2013-01-31 02:12 - 2013-01-31 02:12 - 00000000 ____D C:\Users\Peter\Downloads\mbar-1.01.0.1017
2013-01-31 02:12 - 2013-01-31 02:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-31 02:11 - 2013-01-28 11:17 - 13562257 ____A C:\Users\Peter\Downloads\mbar-1.01.0.1017.zip
2013-01-30 20:37 - 2013-01-30 20:37 - 00001488 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
2013-01-30 20:36 - 2013-01-30 20:36 - 00000000 ____D C:\Program Files (x86)\EaseUS
2013-01-30 20:36 - 2012-12-21 17:20 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe
2013-01-30 20:36 - 2012-12-21 13:54 - 00014920 ____A C:\Windows\SysWOW64\epmntdrv.sys
2013-01-30 20:36 - 2012-12-21 13:53 - 00100936 ____A C:\Windows\System32\setupempdrvx64.exe
2013-01-30 20:36 - 2012-12-21 13:53 - 00087112 ____A C:\Windows\SysWOW64\setupempdrv03.exe
2013-01-30 20:36 - 2012-12-21 13:53 - 00017480 ____A C:\Windows\System32\epmntdrv.sys
2013-01-30 20:36 - 2012-12-21 13:53 - 00009800 ____A C:\Windows\System32\EuGdiDrv.sys
2013-01-30 20:36 - 2012-12-21 13:53 - 00009160 ____A C:\Windows\SysWOW64\EuGdiDrv.sys
2013-01-30 20:36 - 2012-12-20 14:46 - 03376640 ____A C:\Windows\System32\BootMan.exe
2013-01-30 20:36 - 2012-05-15 11:13 - 03316736 ____A C:\Windows\System32\¸´¼þ BootMan.exe
2013-01-30 20:36 - 2011-07-29 13:54 - 00019840 ____A C:\Windows\SysWOW64\EuEpmGdi.dll
2013-01-30 20:36 - 2011-07-29 13:54 - 00016256 ____A C:\Windows\System32\EuEpmGdi.dll
2013-01-30 20:27 - 2012-12-24 18:25 - 20711680 ____A (EaseUS ) C:\Users\Peter\Downloads\epm.exe
2013-01-30 19:49 - 2013-01-30 19:49 - 00000000 ____D C:\Users\Peter\Documents\New folder
2013-01-30 19:39 - 2013-01-30 19:39 - 00000000 ____D C:\Users\Peter\AppData\Local\Macromedia
2013-01-30 12:00 - 2013-02-05 03:22 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2013-01-30 11:02 - 2013-01-31 08:45 - 00035712 ____A C:\Windows\SysWOW64\Drivers\2Acu24A8.sys
2013-01-30 10:48 - 2013-01-30 19:34 - 00000000 ____D C:\Users\Peter\AppData\Local\NPE
2013-01-30 10:48 - 2013-01-30 10:48 - 00000000 ____D C:\Users\All Users\Norton
2013-01-30 10:47 - 2013-01-30 10:47 - 00912040 ____A (Symantec Corporation) C:\Users\Peter\Downloads\NBRT-Retail-Downloader.exe
2013-01-30 10:46 - 2013-01-30 10:46 - 02957840 ____A (Symantec Corporation) C:\Users\Peter\Downloads\NPE.exe
2013-01-30 09:18 - 2013-01-30 09:18 - 00000975 ____A C:\Users\Public\Desktop\HostsMan.lnk
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\Peter\AppData\Roaming\abelhadigital.com
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\All Users\abelhadigital.com
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Program Files (x86)\HostsMan
2013-01-30 09:16 - 2013-01-30 09:16 - 02641210 ____A C:\Users\Peter\Downloads\HostsMan_4.0.90_beta10_installer.zip
2013-01-30 07:37 - 2013-01-30 07:38 - 00002758 ____A C:\Users\Peter\Downloads\Result.txt
2013-01-30 07:37 - 2013-01-30 07:37 - 00307865 ____A (Farbar) C:\Users\Peter\Downloads\ListParts.exe
2013-01-30 03:04 - 2013-01-30 06:04 - 00000000 ____D C:\Users\Peter\Desktop\Hexprobe
2013-01-30 03:02 - 2013-01-30 03:03 - 03164942 ____A (Hexprobe System ) C:\Users\Peter\Downloads\hprob431.exe
2013-01-29 22:02 - 2012-07-26 14:14 - 00398156 _RASH C:\bootmgr
2013-01-29 21:33 - 2013-01-30 03:52 - 00082529 ____A C:\Users\Peter\Documents\My Movie.wlmp
2013-01-29 09:27 - 2013-01-31 12:07 - 00361896 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-29 06:34 - 2013-01-29 06:34 - 00000117 ____A C:\Windows\System32\netcfg-10878136.txt
2013-01-29 06:14 - 2013-01-29 06:14 - 00000117 ____A C:\Windows\System32\netcfg-9707333.txt
2013-01-29 06:06 - 2013-01-29 06:06 - 00000117 ____A C:\Windows\System32\netcfg-9202888.txt
2013-01-29 05:53 - 2013-01-29 05:53 - 00000117 ____A C:\Windows\System32\netcfg-8453506.txt
2013-01-29 05:53 - 2013-01-29 05:53 - 00000117 ____A C:\Windows\System32\netcfg-8410528.txt
2013-01-29 03:56 - 2013-01-29 03:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-01-29 03:35 - 2013-01-29 03:35 - 00000117 ____A C:\Windows\System32\netcfg-149932.txt
2013-01-29 03:33 - 2013-01-29 03:33 - 00000117 ____A C:\Windows\System32\netcfg-41137.txt
2013-01-29 01:57 - 2013-01-29 01:57 - 00000117 ____A C:\Windows\System32\netcfg-90630840.txt
2013-01-29 01:21 - 2013-01-29 01:21 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.scr
2013-01-29 01:03 - 2013-01-30 03:08 - 00000000 ____D C:\Users\Peter\Desktop\RK_Quarantine
2013-01-29 01:03 - 2013-01-26 19:30 - 00724443 ____A (UG North ) C:\Users\Peter\Desktop\RkU3.8.389.593.exe
2013-01-29 00:28 - 2013-01-11 11:52 - 03055808 ____A C:\Windows\System32\pwNative.exe
2013-01-29 00:28 - 2013-01-11 11:52 - 00019032 ____N C:\Windows\System32\pwdrvio.sys
2013-01-29 00:28 - 2013-01-11 11:52 - 00012384 ____N C:\Windows\System32\pwdspio.sys
2013-01-28 23:14 - 2013-01-28 23:14 - 00000117 ____A C:\Windows\System32\netcfg-80843961.txt
2013-01-28 23:12 - 2013-01-28 23:12 - 00000117 ____A C:\Windows\System32\netcfg-80717756.txt
2013-01-28 15:20 - 2013-01-28 15:20 - 00000117 ____A C:\Windows\System32\netcfg-52405025.txt
2013-01-28 15:20 - 2013-01-28 15:20 - 00000117 ____A C:\Windows\System32\netcfg-52398707.txt
2013-01-28 14:18 - 2013-01-28 14:23 - 398151680 ____A C:\Users\Peter\Downloads\bitdefender-rescue-cd.iso
2013-01-28 10:26 - 2013-01-28 10:27 - 15090880 ____A (MiniTool Solution Ltd. ) C:\Users\Peter\Downloads\pwhe77.exe
2013-01-28 09:24 - 2012-11-20 18:30 - 06971624 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-01-28 09:24 - 2012-11-20 15:54 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-01-28 09:24 - 2012-11-20 15:54 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-01-28 09:24 - 2012-11-20 15:47 - 01184256 ____A (Microsoft Corporation) C:\Windows\System32\Display.dll
2013-01-28 09:24 - 2012-11-20 15:47 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2013-01-28 09:24 - 2012-11-20 15:32 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2013-01-28 09:24 - 2012-11-20 15:29 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDKURD.DLL
2013-01-28 09:24 - 2012-11-20 15:26 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-01-28 09:24 - 2012-11-20 15:26 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-01-28 09:24 - 2012-11-20 15:24 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2013-01-28 09:24 - 2012-11-13 14:50 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\msctf.dll
2013-01-28 09:24 - 2012-11-13 14:49 - 00890880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-01-28 09:24 - 2012-11-08 14:55 - 00523776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-01-28 09:24 - 2012-11-08 14:55 - 00143872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-01-28 09:24 - 2012-11-08 14:55 - 00124928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-01-28 09:24 - 2012-11-08 14:52 - 00641536 ____A (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2013-01-28 09:24 - 2012-11-08 14:52 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2013-01-28 09:24 - 2012-11-08 14:52 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-01-28 09:24 - 2012-11-06 18:22 - 00445160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-01-28 09:24 - 2012-11-06 18:22 - 00277736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2013-01-28 09:24 - 2012-11-06 18:06 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-01-28 09:24 - 2012-11-06 18:03 - 01566432 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2013-01-28 09:24 - 2012-11-06 18:03 - 00522640 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2013-01-28 09:24 - 2012-11-06 18:03 - 00490064 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-01-28 09:24 - 2012-11-06 18:03 - 00447792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-01-28 09:24 - 2012-11-06 18:03 - 00253512 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-01-28 09:24 - 2012-11-06 15:30 - 00463768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2013-01-28 09:24 - 2012-11-06 15:30 - 00427568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-01-28 09:24 - 2012-11-06 15:30 - 00324344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-01-28 09:24 - 2012-11-06 15:18 - 01150160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 08856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00883712 ____A (Microsoft Corporation) C:\Windows\HelpPane.exe
2013-01-28 09:24 - 2012-11-06 14:50 - 00767488 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00516608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00386560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00195072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
2013-01-28 09:24 - 2012-11-06 14:50 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-01-28 09:24 - 2012-11-06 14:50 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 19789824 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 10096640 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 08552448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 01451520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 01386496 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00710656 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00470016 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00446464 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00318464 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00291328 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-01-28 09:24 - 2012-11-06 14:49 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 11459584 ____A (Microsoft Corporation) C:\Windows\System32\glcndFilter.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 01526784 ____A (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00976384 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00753664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00549376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-01-28 09:24 - 2012-11-06 14:48 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
2013-01-28 09:24 - 2012-11-06 14:47 - 00785920 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-01-28 09:24 - 2012-11-06 14:47 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2013-01-28 09:24 - 2012-11-06 14:47 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\dafWCN.dll
2013-01-28 09:24 - 2012-11-06 14:25 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-01-28 09:24 - 2012-11-06 14:24 - 00859136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-01-28 09:24 - 2012-11-06 14:23 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-01-28 09:24 - 2012-11-06 14:22 - 00366080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-01-28 09:24 - 2012-11-06 14:21 - 00665600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-28 09:24 - 2012-11-03 10:35 - 00385604 ____A C:\Windows\System32\ApnDatabase.xml
2013-01-28 09:24 - 2012-10-02 18:04 - 00446976 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-01-28 09:24 - 2012-10-02 18:04 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-01-28 09:24 - 2012-09-27 17:47 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\newdev.exe
2013-01-28 09:24 - 2012-09-27 17:47 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\ndadmin.exe
2013-01-28 09:24 - 2012-09-27 17:45 - 00301568 ____A (Microsoft Corporation) C:\Windows\System32\newdev.dll
2013-01-28 09:24 - 2012-09-27 17:05 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\newdev.exe
2013-01-28 09:24 - 2012-09-27 17:05 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ndadmin.exe
2013-01-28 09:24 - 2012-09-27 17:04 - 00275968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2013-01-28 09:24 - 2012-09-20 18:25 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-01-28 09:24 - 2012-09-20 18:25 - 00488168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-01-28 09:24 - 2012-09-20 18:25 - 00079080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-01-28 09:24 - 2012-09-20 18:25 - 00021736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-01-28 09:24 - 2012-09-20 16:39 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-01-28 09:23 - 2012-11-06 14:50 - 00375296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\rdpclip.exe
2013-01-28 09:23 - 2012-11-06 14:50 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00093696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-28 09:23 - 2012-11-06 14:50 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-01-28 09:23 - 2012-11-06 14:50 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-01-28 09:23 - 2012-11-06 14:50 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2013-01-28 09:23 - 2012-11-06 14:50 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00466944 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00126464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\wfdprov.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapPeerProxy.dll
2013-01-28 09:23 - 2012-11-06 14:49 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapAuthProxy.dll
2013-01-28 09:23 - 2012-11-06 14:48 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-01-28 09:23 - 2012-11-06 14:48 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-01-28 09:23 - 2012-11-06 14:48 - 00267264 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2013-01-28 09:23 - 2012-11-06 14:48 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-01-28 09:23 - 2012-11-06 14:48 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\fdWCN.dll
2013-01-28 09:23 - 2012-11-06 14:48 - 00084992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2013-01-28 09:23 - 2012-11-06 14:47 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-01-28 09:23 - 2012-11-06 14:47 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-01-28 09:23 - 2012-11-06 14:30 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\wushareduxresources.dll
2013-01-28 09:23 - 2012-11-06 14:30 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\iscsilog.dll
2013-01-28 09:23 - 2012-11-06 14:28 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2013-01-28 09:23 - 2012-11-06 14:26 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2013-01-28 09:23 - 2012-11-06 14:25 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2013-01-28 09:23 - 2012-11-06 14:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2013-01-28 09:23 - 2012-11-06 14:25 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2013-01-28 09:23 - 2012-11-06 14:25 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2013-01-28 09:23 - 2012-11-06 14:25 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fxppm.sys
2013-01-28 09:23 - 2012-10-24 15:24 - 00396008 ____A (Microsoft Corporation) C:\Windows\System32\hal.dll
2013-01-28 09:23 - 2012-10-17 15:02 - 01172992 ____A (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2013-01-28 09:23 - 2012-10-17 15:02 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-01-28 09:23 - 2012-10-17 15:02 - 00677888 ____A (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2013-01-28 09:23 - 2012-10-17 15:02 - 00673280 ____A (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2013-01-28 09:23 - 2012-10-17 14:27 - 00929792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2013-01-28 09:23 - 2012-10-17 14:27 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-01-28 09:23 - 2012-10-17 14:27 - 00568832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2013-01-28 09:23 - 2012-10-17 14:27 - 00513024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 01347072 ____A (Microsoft Corporation) C:\Windows\System32\srmclient.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00652800 ____A (Microsoft Corporation) C:\Windows\System32\srmscan.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\srm.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\srmstormod.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\srmshell.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\adrclient.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\srmtrace.dll
2013-01-28 09:23 - 2012-10-12 16:44 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\srm_ps.dll
2013-01-28 09:23 - 2012-10-12 16:43 - 00109568 ____A (Microsoft Corporation) C:\Windows\System32\dskquota.dll
2013-01-28 09:23 - 2012-10-12 16:16 - 00618496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-01-28 09:23 - 2012-10-12 16:11 - 00987648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00487936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00128000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00104448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00068096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2013-01-28 09:23 - 2012-10-12 16:11 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2013-01-28 09:23 - 2012-10-12 16:09 - 00082944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dskquota.dll
2013-01-28 09:23 - 2012-10-11 18:05 - 02380944 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2013-01-28 09:23 - 2012-10-11 16:26 - 02115952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-01-28 09:23 - 2012-10-11 16:16 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2013-01-28 09:23 - 2012-10-11 16:15 - 03554304 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-01-28 09:23 - 2012-10-11 16:15 - 00590848 ____A (Microsoft Corporation) C:\Windows\System32\SHCore.dll
2013-01-28 09:23 - 2012-10-11 16:15 - 00579584 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2013-01-28 09:23 - 2012-10-11 16:14 - 02116096 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-01-28 09:23 - 2012-10-11 16:14 - 01265152 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-28 09:23 - 2012-10-11 16:13 - 02206208 ____A (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-01-28 09:23 - 2012-10-11 15:37 - 02764288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-01-28 09:23 - 2012-10-11 15:37 - 01226752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2013-01-28 09:23 - 2012-10-11 15:36 - 01841152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-01-28 09:23 - 2012-10-11 15:36 - 01610240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-01-28 09:22 - 2012-12-06 14:53 - 00170496 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
2013-01-28 09:22 - 2012-12-06 14:52 - 00178176 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2013-01-28 09:22 - 2012-11-29 15:35 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-01-28 09:22 - 2012-11-29 15:35 - 00707584 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-01-28 09:22 - 2012-11-27 17:09 - 01122768 ____A (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
2013-01-28 09:22 - 2012-11-27 14:50 - 00680960 ____A (Microsoft Corporation) C:\Windows\System32\vds.exe
2013-01-28 09:22 - 2012-11-27 14:49 - 05088256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-28 09:22 - 2012-11-27 14:49 - 03345920 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-01-28 09:22 - 2012-11-27 14:49 - 03245568 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-28 09:22 - 2012-11-27 14:49 - 01145856 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll
2013-01-28 09:22 - 2012-11-27 14:49 - 01096704 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-01-28 09:22 - 2012-11-27 14:48 - 05974528 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-28 09:22 - 2012-11-27 14:48 - 01146880 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2013-01-28 09:22 - 2012-11-27 14:48 - 01071104 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-01-28 09:22 - 2012-11-27 14:47 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-01-28 09:22 - 2012-10-11 18:17 - 00793200 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2013-01-28 09:22 - 2012-10-11 17:56 - 00336104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2013-01-28 09:22 - 2012-10-11 17:55 - 00056552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdstor.sys
2013-01-28 09:22 - 2012-10-11 17:53 - 01001192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-28 09:22 - 2012-10-11 17:53 - 00441576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-28 09:22 - 2012-10-11 17:48 - 00172264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-28 09:22 - 2012-10-11 17:46 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-01-28 09:22 - 2012-10-11 17:46 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-01-28 09:22 - 2012-10-11 17:46 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-01-28 09:22 - 2012-10-11 17:46 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-01-28 09:22 - 2012-10-11 17:43 - 00058088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dam.sys
2013-01-28 09:22 - 2012-10-11 17:43 - 00033512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2013-01-28 09:22 - 2012-10-11 17:38 - 00562392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-28 09:22 - 2012-10-11 17:31 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-01-28 09:22 - 2012-10-11 16:16 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-01-28 09:22 - 2012-10-11 16:16 - 00594944 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-01-28 09:22 - 2012-10-11 16:16 - 00517120 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2013-01-28 09:22 - 2012-10-11 16:16 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-01-28 09:22 - 2012-10-11 16:16 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-01-28 09:22 - 2012-10-11 16:16 - 00154112 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Storage.Compression.dll
2013-01-28 09:22 - 2012-10-11 16:16 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\BdeUISrv.exe
2013-01-28 09:22 - 2012-10-11 16:16 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\wfapigp.dll
2013-01-28 09:22 - 2012-10-11 16:15 - 01045504 ____A (Microsoft Corporation) C:\Windows\System32\usercpl.dll
2013-01-28 09:22 - 2012-10-11 16:15 - 00505344 ____A (Microsoft Corporation) C:\Windows\System32\SpaceControl.dll
2013-01-28 09:22 - 2012-10-11 16:15 - 00370176 ____A (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2013-01-28 09:22 - 2012-10-11 16:15 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\PCPKsp.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00904192 ____A (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00561152 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00355328 ____A (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00264704 ____A (Microsoft Corporation) C:\Windows\System32\ListSvc.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00259584 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\icfupgd.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-01-28 09:22 - 2012-10-11 16:14 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 01836032 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 01294336 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 01280000 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00757760 ____A (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00244224 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\AppxSip.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2013-01-28 09:22 - 2012-10-11 16:13 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-01-28 09:22 - 2012-10-11 16:12 - 00612416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2013-01-28 09:22 - 2012-10-11 15:53 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\microsoft-windows-pdc.dll
2013-01-28 09:22 - 2012-10-11 15:53 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\kbdhebl3.dll
2013-01-28 09:22 - 2012-10-11 15:49 - 00005632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2013-01-28 09:22 - 2012-10-11 15:48 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-01-28 09:22 - 2012-10-11 15:46 - 00286208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-01-28 09:22 - 2012-10-11 15:45 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2013-01-28 09:22 - 2012-10-11 15:38 - 00671232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-01-28 09:22 - 2012-10-11 15:38 - 00303104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-01-28 09:22 - 2012-10-11 15:38 - 00170496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-01-28 09:22 - 2012-10-11 15:37 - 00962560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00460800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00414720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00116224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Compression.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00047616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2013-01-28 09:22 - 2012-10-11 15:37 - 00019968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 01420800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00658432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00653824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00408064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00289280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00094208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00060416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00051712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-01-28 09:22 - 2012-10-11 15:36 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-01-28 09:22 - 2012-10-11 15:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2013-01-28 09:22 - 2012-10-11 15:12 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kbdhebl3.dll
2013-01-28 09:22 - 2012-10-11 13:41 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-01-28 09:22 - 2012-10-11 11:15 - 00478424 ____A C:\Windows\SysWOW64\locale.nls
2013-01-28 09:22 - 2012-10-11 11:14 - 00478424 ____A C:\Windows\System32\locale.nls
2013-01-28 09:21 - 2012-12-04 14:51 - 00368640 ____A (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2013-01-28 09:21 - 2012-12-04 14:29 - 04055552 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-28 09:21 - 2012-11-27 17:30 - 00194280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-01-28 09:21 - 2012-11-27 17:30 - 00124648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-01-28 09:21 - 2012-11-27 17:29 - 00329960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-01-28 09:21 - 2012-11-27 16:57 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-01-28 09:21 - 2012-11-27 15:19 - 01027152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2013-01-28 09:21 - 2012-11-27 14:50 - 01217536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-28 09:21 - 2012-11-27 14:50 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-28 09:21 - 2012-11-27 14:50 - 00891904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 00798208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 00702464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 00560128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 00179200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2013-01-28 09:21 - 2012-11-27 14:50 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vds_ps.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 01536512 ____A (Microsoft Corporation) C:\Windows\System32\storagewmi.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00955904 ____A (Microsoft Corporation) C:\Windows\System32\WebcamUi.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00631808 ____A (Microsoft Corporation) C:\Windows\System32\UserLanguagesCpl.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\WSDMon.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00245248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-01-28 09:21 - 2012-11-27 14:49 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00244736 ____A (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2013-01-28 09:21 - 2012-11-27 14:49 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-01-28 09:21 - 2012-11-27 14:48 - 00888832 ____A (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-01-28 09:21 - 2012-11-27 14:48 - 00378880 ____A (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-01-28 09:21 - 2012-11-27 14:47 - 00718848 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-01-28 09:21 - 2012-11-27 14:27 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2013-01-28 09:21 - 2012-11-27 14:26 - 00031104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-01-28 09:21 - 2012-11-27 14:25 - 00029952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
2013-01-28 09:21 - 2012-11-02 15:50 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-01-28 09:21 - 2012-10-12 18:38 - 00027880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-28 09:21 - 2012-10-12 16:44 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll
2013-01-28 09:21 - 2012-10-12 16:20 - 00235520 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-28 09:21 - 2012-09-20 19:40 - 02367528 ____A (Microsoft Corporation) C:\Windows\System32\WSService.dll
2013-01-28 09:21 - 2012-09-20 18:25 - 03265256 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2013-01-28 09:21 - 2012-09-20 17:03 - 14259712 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-01-28 09:21 - 2012-09-20 17:03 - 13640704 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-01-28 09:21 - 2012-09-20 17:03 - 02397184 ____A (Microsoft Corporation) C:\Windows\System32\WpcMon.exe
2013-01-28 09:21 - 2012-09-20 17:00 - 03847168 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-01-28 09:21 - 2012-09-20 16:25 - 10791936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-01-28 09:21 - 2012-09-11 15:58 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\vdsldr.exe
2013-01-28 09:21 - 2012-09-11 15:57 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
2013-01-28 09:21 - 2012-09-11 15:57 - 00120832 ____A (Microsoft Corporation) C:\Windows\System32\vds_ps.dll
2013-01-28 09:20 - 2012-09-20 19:38 - 00027280 ____A (Microsoft Corporation) C:\Windows\System32\avrt.dll
2013-01-28 09:20 - 2012-09-20 19:35 - 01448168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-01-28 09:20 - 2012-09-20 19:35 - 00303848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-01-28 09:20 - 2012-09-20 19:10 - 00389360 ____A (Microsoft Corporation) C:\Windows\System32\MMDevAPI.dll
2013-01-28 09:20 - 2012-09-20 19:01 - 00425192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2013-01-28 09:20 - 2012-09-20 18:58 - 01825208 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-01-28 09:20 - 2012-09-20 18:34 - 02225896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-28 09:20 - 2012-09-20 18:34 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-28 09:20 - 2012-09-20 18:34 - 00100072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-01-28 09:20 - 2012-09-20 18:25 - 00533224 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2013-01-28 09:20 - 2012-09-20 18:25 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-01-28 09:20 - 2012-09-20 18:25 - 00212200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-01-28 09:20 - 2012-09-20 18:25 - 00120040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpioclx.sys
2013-01-28 09:20 - 2012-09-20 18:25 - 00028392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
2013-01-28 09:20 - 2012-09-20 17:33 - 00465128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-01-28 09:20 - 2012-09-20 17:33 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-01-28 09:20 - 2012-09-20 17:18 - 00062488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2013-01-28 09:20 - 2012-09-20 17:17 - 00307192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 03964416 ____A (Microsoft Corporation) C:\Windows\System32\WinSAT.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 01590272 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 01513984 ____A (Microsoft Corporation) C:\Windows\System32\vssapi.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 01342464 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 01304064 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00866304 ____A (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00757248 ____A (Microsoft Corporation) C:\Windows\System32\uDWM.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00699392 ____A (Microsoft Corporation) C:\Windows\System32\twinapi.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\lpksetup.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\WinSATAPI.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00545280 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\VAN.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00420352 ____A (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00410624 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00390144 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 5:36 pm

part 2

2013-01-28 09:20 - 2012-09-20 17:03 - 00344064 ____A (Microsoft Corporation) C:\Windows\System32\wlidcredprov.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00332800 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\wpnprv.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\WSClient.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\WSSync.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00117760 ____A (Microsoft Corporation) C:\Windows\System32\dwm.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00107008 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\TpmTasks.dll
2013-01-28 09:20 - 2012-09-20 17:03 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-01-28 09:20 - 2012-09-20 17:03 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\svchost.exe
2013-01-28 09:20 - 2012-09-20 17:02 - 01739264 ____A (Microsoft Corporation) C:\Windows\System32\RacEngn.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\propsys.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 01019392 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\provcore.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00256512 ____A (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\ProximityService.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\rascfg.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00112128 ____A (Microsoft Corporation) C:\Windows\System32\PackageStateRoaming.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\perfdisk.dll
2013-01-28 09:20 - 2012-09-20 17:02 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\perfnet.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00755200 ____A (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00617984 ____A (Microsoft Corporation) C:\Windows\System32\mfsrcsnk.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00437760 ____A (Microsoft Corporation) C:\Windows\System32\mfh264enc.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00355328 ____A (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fveapibase.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\MFPlay.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\IPHLPAPI.DLL
2013-01-28 09:20 - 2012-09-20 17:01 - 00118272 ____A (Microsoft Corporation) C:\Windows\System32\DevPropMgr.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\mmcss.dll
2013-01-28 09:20 - 2012-09-20 17:01 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fhevents.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 02219008 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 02016256 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 01743872 ____A (Microsoft Corporation) C:\Windows\System32\combase.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\appwiz.cpl
2013-01-28 09:20 - 2012-09-20 17:00 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\bcdsrv.dll
2013-01-28 09:20 - 2012-09-20 17:00 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-01-28 09:20 - 2012-09-20 16:56 - 01409376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-01-28 09:20 - 2012-09-20 16:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\microsoft-windows-kernel-power-events.dll
2013-01-28 09:20 - 2012-09-20 16:43 - 00023656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avrt.dll
2013-01-28 09:20 - 2012-09-20 16:38 - 00571392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys
2013-01-28 09:20 - 2012-09-20 16:25 - 11875328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 01319424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00995328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00465920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00333824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2013-01-28 09:20 - 2012-09-20 16:25 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00267776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00265216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00263168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00239616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-01-28 09:20 - 2012-09-20 16:25 - 00166912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-01-28 09:20 - 2012-09-20 16:25 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2013-01-28 09:20 - 2012-09-20 16:25 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-01-28 09:20 - 2012-09-20 16:25 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-01-28 09:20 - 2012-09-20 16:24 - 01369600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 01196032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 01137152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00709632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00533504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\provcore.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00509952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00480768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00449024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00413184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00325632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00108544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00089088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2013-01-28 09:20 - 2012-09-20 16:24 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfdisk.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 03296256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 02007040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 01247232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 00675840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2013-01-28 09:20 - 2012-09-20 16:23 - 00461824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-01-28 09:20 - 2012-09-20 16:23 - 00119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2013-01-28 09:19 - 2012-09-20 19:26 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-01-28 09:19 - 2012-09-20 17:03 - 00588800 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-01-28 09:19 - 2012-09-20 17:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\fhmanagew.exe
2013-01-28 09:19 - 2012-09-20 17:03 - 00110592 ____A C:\Windows\System32\OEMLicense.dll
2013-01-28 09:19 - 2012-09-20 17:03 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\drvinst.exe
2013-01-28 09:19 - 2012-09-20 17:03 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\lpremove.exe
2013-01-28 09:19 - 2012-09-20 17:03 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2013-01-28 09:19 - 2012-09-20 17:03 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\vsstrace.dll
2013-01-28 09:19 - 2012-09-20 17:03 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ndptsp.tsp
2013-01-28 09:19 - 2012-09-20 17:03 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\kmddsp.tsp
2013-01-28 09:19 - 2012-09-20 17:03 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
2013-01-28 09:19 - 2012-09-20 17:02 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\perfos.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\RpcEpMap.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\rasdiag.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\perfctrs.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\rasmxs.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\perfproc.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\rasser.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\MUILanguageCleanup.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
2013-01-28 09:19 - 2012-09-20 17:02 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2013-01-28 09:19 - 2012-09-20 17:02 - 00006144 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00459776 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00315392 ____A (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00280576 ____A (Microsoft Corporation) C:\Windows\System32\fhcat.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00137728 ____A (Microsoft Corporation) C:\Windows\System32\fhshl.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00116736 ____A (Microsoft Corporation) C:\Windows\System32\fhsvc.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchapi.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\fhsrchph.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhlisten.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\fhautoplay.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\fhcleanup.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\fhtask.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\LangCleanupSysprepAction.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\fhsvcctl.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\eventcls.dll
2013-01-28 09:19 - 2012-09-20 17:01 - 00008704 ____A (Microsoft Corporation) C:\Windows\System32\lpksetupproxyserv.dll
2013-01-28 09:19 - 2012-09-20 17:00 - 02066432 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-01-28 09:19 - 2012-09-20 17:00 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\DAFWSD.dll
2013-01-28 09:19 - 2012-09-20 17:00 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\CscMig.dll
2013-01-28 09:19 - 2012-09-20 17:00 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-01-28 09:19 - 2012-09-20 16:42 - 09374208 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-01-28 09:19 - 2012-09-20 16:39 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2013-01-28 09:19 - 2012-09-20 16:39 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2013-01-28 09:19 - 2012-09-20 16:38 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2013-01-28 09:19 - 2012-09-20 16:38 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-01-28 09:19 - 2012-09-20 16:35 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-01-28 09:19 - 2012-09-20 16:25 - 00417280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-01-28 09:19 - 2012-09-20 16:25 - 00083968 ____A C:\Windows\SysWOW64\OEMLicense.dll
2013-01-28 09:19 - 2012-09-20 16:25 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2013-01-28 09:19 - 2012-09-20 16:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2013-01-28 09:19 - 2012-09-20 16:25 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2013-01-28 09:19 - 2012-09-20 16:24 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfctrs.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfos.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00005632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2013-01-28 09:19 - 2012-09-20 16:24 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-01-28 09:19 - 2012-09-20 16:24 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-01-28 09:19 - 2012-09-20 16:23 - 01701376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-01-28 09:19 - 2012-09-20 16:23 - 00366080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-01-28 09:19 - 2012-09-20 16:23 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-01-28 09:19 - 2012-09-20 16:23 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2013-01-28 09:19 - 2012-09-20 16:02 - 09374208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-01-28 09:19 - 2012-09-20 14:43 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-28 09:19 - 2012-09-20 14:40 - 01126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-01-28 07:41 - 2013-01-28 07:41 - 00000117 ____A C:\Windows\System32\netcfg-24890645.txt
2013-01-28 06:05 - 2013-01-28 06:05 - 00000117 ____A C:\Windows\System32\netcfg-19095629.txt
2013-01-28 03:32 - 2013-01-28 03:32 - 00756224 ____A C:\Users\Peter\Downloads\RogueKillerX64.exe
2013-01-28 01:05 - 2013-01-28 01:08 - 00000000 ____D C:\Users\Peter\Downloads\Kaspersky Rescue2Usb
2013-01-28 01:04 - 2013-01-28 01:04 - 00387584 ____A C:\Users\Peter\Downloads\rescue2usb.exe
2013-01-28 00:51 - 2013-01-28 00:51 - 00000117 ____A C:\Windows\System32\netcfg-250553.txt
2013-01-28 00:50 - 2013-01-28 00:50 - 00000000 ____D C:\Windows\System32\appmgmt
2013-01-28 00:19 - 2013-01-28 00:19 - 00000117 ____A C:\Windows\System32\netcfg-63097755.txt
2013-01-27 22:50 - 2013-01-28 07:42 - 00000000 ____D C:\Users\All Users\Ashampoo
2013-01-27 22:50 - 2013-01-27 22:50 - 00001321 ____A C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Ashampoo
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Users\Peter\AppData\Local\ashampoo
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-01-27 22:45 - 2013-01-27 22:45 - 10443504 ____A (Ashampoo GmbH & Co. KG ) C:\Users\Peter\Downloads\ashampoo_burning_studio_6_free_6.82_4312.exe
2013-01-27 21:46 - 2012-12-16 17:31 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-27 21:43 - 2013-01-27 21:43 - 00267132 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-01-27 21:38 - 2013-01-27 22:06 - 296022016 ____A C:\Users\Peter\Downloads\kav_rescue_10.iso
2013-01-27 21:34 - 2013-01-27 21:34 - 00000117 ____A C:\Windows\System32\netcfg-53237634.txt
2013-01-27 21:33 - 2013-01-27 21:33 - 00000117 ____A C:\Windows\System32\netcfg-53126546.txt
2013-01-27 21:33 - 2012-08-31 11:23 - 00017888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2013-01-27 21:33 - 2012-08-31 11:22 - 00017888 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100_clr0400.dll
2013-01-27 21:28 - 2012-11-26 14:51 - 00071168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2013-01-27 21:28 - 2012-11-26 14:50 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll
2013-01-27 21:28 - 2012-11-10 14:53 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-01-27 21:28 - 2012-11-10 14:53 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-01-27 21:28 - 2012-11-10 14:52 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-01-27 21:28 - 2012-11-10 14:52 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\RDWebAI.dll
2013-01-27 21:28 - 2012-11-10 14:52 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\VmHostAI.dll
2013-01-27 21:28 - 2012-11-10 14:50 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\appserverai.dll
2013-01-27 21:28 - 2012-10-10 17:34 - 00094208 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-01-27 21:28 - 2012-10-10 17:01 - 00072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-01-27 21:28 - 2012-10-06 15:23 - 02893824 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-01-27 21:28 - 2012-10-06 14:45 - 02400256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-01-27 21:27 - 2012-12-16 18:58 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-27 21:27 - 2012-12-16 18:50 - 00035328 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-01-27 21:27 - 2012-12-16 18:38 - 00362496 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-27 21:27 - 2012-12-16 18:27 - 00300032 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-01-27 21:27 - 2012-11-28 14:51 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-01-27 21:27 - 2012-11-28 14:50 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-01-27 21:27 - 2012-11-15 16:56 - 19439616 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-27 21:27 - 2012-11-15 16:56 - 14324224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-01-27 21:27 - 2012-11-15 16:38 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-27 21:27 - 2012-11-15 16:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-01-27 21:27 - 2012-11-09 15:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-01-27 21:27 - 2012-11-09 14:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-01-27 21:27 - 2012-11-08 14:55 - 01775104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-01-27 21:27 - 2012-11-08 14:55 - 01138688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 13740032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 02881536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 01684992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-01-27 21:27 - 2012-11-08 14:54 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-01-27 21:27 - 2012-11-08 14:52 - 02246656 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-27 21:27 - 2012-11-08 14:52 - 01352704 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-27 21:27 - 2012-11-08 14:52 - 00907776 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-01-27 21:27 - 2012-11-08 14:52 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-01-27 21:27 - 2012-11-08 14:51 - 03966464 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-27 21:27 - 2012-11-08 14:51 - 00854528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-27 21:27 - 2012-11-08 14:51 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-27 21:27 - 2012-11-08 14:51 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 15416832 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 02162176 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-01-27 21:27 - 2012-11-08 14:50 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-01-27 21:27 - 2012-11-08 14:32 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-01-27 21:27 - 2012-11-08 14:31 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-01-27 21:27 - 2012-11-08 12:26 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-01-27 21:27 - 2012-11-03 15:56 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\sysreset.exe
2013-01-27 21:27 - 2012-11-03 15:56 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-01-27 21:27 - 2012-11-03 15:56 - 00032256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2013-01-27 21:27 - 2012-11-03 15:55 - 01009664 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2013-01-27 21:27 - 2012-11-03 15:55 - 00945152 ____A (Microsoft Corporation) C:\Windows\System32\resetengmig.dll
2013-01-27 21:27 - 2012-11-03 15:55 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2013-01-27 21:27 - 2012-11-03 15:55 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00463872 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00058880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2013-01-27 21:27 - 2012-11-03 15:54 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2013-01-27 21:27 - 2012-11-03 15:34 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dpnlobby.dll
2013-01-27 21:27 - 2012-11-03 15:34 - 00003584 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2013-01-27 21:27 - 2012-11-03 15:30 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2013-01-27 21:27 - 2012-11-03 15:30 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-01-27 21:27 - 2012-11-01 15:11 - 01802240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-27 21:27 - 2012-11-01 15:11 - 01438720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-27 21:27 - 2012-11-01 15:10 - 02361344 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-27 21:27 - 2012-11-01 15:10 - 01836032 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-27 21:27 - 2012-11-01 14:51 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2013-01-27 21:27 - 2012-11-01 14:51 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-01-27 21:27 - 2012-11-01 14:50 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2013-01-27 21:27 - 2012-11-01 14:50 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-01-27 21:27 - 2012-10-24 13:55 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ReAgentc.exe
2013-01-27 21:27 - 2012-10-24 13:55 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2013-01-27 21:27 - 2012-10-24 13:54 - 00405504 ____A (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2013-01-27 21:27 - 2012-10-24 13:54 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2013-01-27 21:27 - 2012-10-24 13:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2013-01-27 21:27 - 2012-10-24 13:18 - 00024064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-01-27 21:22 - 2013-01-27 21:22 - 00000117 ____A C:\Windows\System32\netcfg-52523368.txt
2013-01-27 21:22 - 2013-01-27 21:22 - 00000117 ____A C:\Windows\System32\netcfg-52522822.txt
2013-01-27 11:44 - 2013-01-27 11:44 - 00000117 ____A C:\Windows\System32\netcfg-17812100.txt
2013-01-27 11:44 - 2013-01-27 11:44 - 00000117 ____A C:\Windows\System32\netcfg-17811398.txt
2013-01-27 06:56 - 2013-01-27 06:56 - 00000117 ____A C:\Windows\System32\netcfg-527361.txt
2013-01-27 06:48 - 2013-01-27 06:48 - 00000117 ____A C:\Windows\System32\netcfg-52899.txt
2013-01-27 05:54 - 2013-01-27 05:54 - 00000000 ____D C:\Users\Peter\Desktop\fbups
2013-01-27 05:11 - 2013-01-27 05:11 - 00000706 ____A C:\Users\Peter\Desktop\birthday sunrise Jan 18 2013 - Shortcut.lnk
2013-01-27 05:10 - 2013-01-27 05:55 - 00000000 ____D C:\Users\Peter\Desktop\2013-01-18 2013
2013-01-27 05:08 - 2013-01-27 05:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-01-27 05:07 - 2013-01-27 05:07 - 00000000 ____D C:\Windows\en
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Windows\PCHEALTH
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-27 05:05 - 2013-02-02 06:14 - 00000000 ____D C:\Users\Peter\AppData\Local\Windows Live
2013-01-27 05:05 - 2013-01-27 05:05 - 00000196 ____A C:\Windows\DirectX.log
2013-01-27 05:05 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-01-27 05:05 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-01-27 05:05 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-01-27 05:05 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-01-27 05:05 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-01-27 05:05 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-01-27 05:05 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-01-27 05:05 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-01-27 05:05 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-01-27 05:05 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-01-27 05:05 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2013-01-27 05:05 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-01-27 05:04 - 2013-01-27 05:04 - 01239552 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\wlsetup-web_001.exe
2013-01-27 05:03 - 2013-01-27 05:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\wlsetup-web.exe
2013-01-27 04:54 - 2013-01-27 04:54 - 00000117 ____A C:\Windows\System32\netcfg-66697447.txt
2013-01-27 04:54 - 2013-01-27 04:54 - 00000117 ____A C:\Windows\System32\netcfg-66696995.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000117 ____A C:\Windows\System32\netcfg-46761674.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000117 ____A C:\Windows\System32\netcfg-46759770.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\simplitec
2013-01-26 22:40 - 2013-01-30 21:23 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-26 22:29 - 2013-01-26 22:29 - 04164448 ____A (MAGIX AG) C:\Users\Peter\Downloads\musicmaker2013premium_dlm (1).exe
2013-01-26 22:16 - 2011-09-24 20:36 - 2398253781 ____A C:\Users\Peter\Downloads\Best of Soundpool Collection Vol. 1.zip
2013-01-26 21:48 - 2013-02-05 07:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-26 21:44 - 2013-01-26 21:44 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\Peter\AppData\Local\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\All Users\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-26 21:43 - 2013-01-26 21:43 - 20296664 ____A (Mozilla) C:\Users\Peter\Downloads\Firefox Setup 18.0.1.exe
2013-01-26 21:41 - 2013-01-26 21:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-01-26 21:40 - 2013-01-28 07:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-26 21:40 - 2013-01-28 00:47 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-26 21:40 - 2012-10-19 10:32 - 00060776 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-01-26 21:40 - 2012-10-19 10:32 - 00052584 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-01-26 21:40 - 2012-10-03 06:21 - 06200680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-01-26 21:40 - 2012-10-03 06:21 - 03293544 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-01-26 21:40 - 2012-10-03 06:20 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-01-26 21:40 - 2012-10-03 06:20 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-01-26 21:40 - 2012-10-03 06:20 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-01-26 21:40 - 2012-10-03 06:20 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-01-26 21:39 - 2013-01-26 21:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-26 21:39 - 2013-01-26 21:39 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-26 21:31 - 2013-01-26 21:31 - 00000117 ____A C:\Windows\System32\netcfg-2267802.txt
2013-01-26 21:31 - 2013-01-26 21:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Macromedia
2013-01-26 21:30 - 2013-01-26 21:31 - 00000117 ____A C:\Windows\System32\netcfg-2264713.txt
2013-01-26 21:30 - 2013-01-26 21:30 - 00000117 ____A C:\Windows\System32\netcfg-2264666.txt
2013-01-26 21:30 - 2013-01-26 21:30 - 00000117 ____A C:\Windows\System32\netcfg-2258504.txt
2013-01-26 21:29 - 2013-01-26 21:29 - 00001203 ____A C:\Windows\System32\netcfg-2153344.txt
2013-01-26 21:29 - 2013-01-26 21:29 - 00000264 ____A C:\Windows\System32\netcfg-2154951.txt
2013-01-26 21:29 - 2012-11-22 04:11 - 03744256 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athuw8x.sys
2013-01-26 21:22 - 2013-01-26 14:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MAGIX
2013-01-26 21:22 - 2013-01-26 14:00 - 00000000 ____D C:\Users\All Users\MAGIX
2013-01-26 21:07 - 2013-01-26 14:37 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Adobe
2013-01-26 21:06 - 2013-01-30 09:18 - 00000000 ____D C:\Users\Peter\AppData\Local\Packages
2013-01-26 21:06 - 2013-01-30 03:32 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2013-01-26 21:06 - 2013-01-26 21:07 - 00000000 ____D C:\Users\All Users\PRICache
2013-01-26 21:06 - 2013-01-26 21:06 - 00000020 ___SH C:\Users\Peter\ntuser.ini
2013-01-26 20:54 - 2013-02-04 17:30 - 01464175 ____A C:\Windows\WindowsUpdate.log
2013-01-26 20:54 - 2013-01-26 20:54 - 00000000 ____D C:\Windows\CSC
2013-01-26 20:52 - 2013-01-26 21:07 - 00000000 ____D C:\users\Peter
2013-01-26 20:52 - 2013-01-26 20:54 - 00026673 ____A C:\Windows\diagwrn.xml
2013-01-26 20:52 - 2013-01-26 20:54 - 00026673 ____A C:\Windows\diagerr.xml
2013-01-26 20:50 - 2013-01-26 20:50 - 00001135 ____A C:\Windows\System32\netcfg-68936.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000185 ____A C:\Windows\System32\netcfg-67018.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000164 ____A C:\Windows\System32\netcfg-64927.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000161 ____A C:\Windows\System32\netcfg-66706.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-66378.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-65910.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-60107.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000159 ____A C:\Windows\System32\netcfg-65286.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000157 ____A C:\Windows\System32\netcfg-66097.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000157 ____A C:\Windows\System32\netcfg-57829.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000150 ____A C:\Windows\System32\netcfg-65645.txt
2013-01-26 20:49 - 2013-02-05 02:02 - 00004852 ____A C:\Windows\PFRO.log
2013-01-26 20:48 - 2013-01-26 20:48 - 00000000 ____D C:\Windows.old
2013-01-26 19:14 - 2013-01-26 19:14 - 00634925 ____A C:\Users\Peter\Downloads\RkU3.8.389.593.rar
2013-01-26 17:47 - 2013-01-26 17:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-01-26 17:05 - 2013-01-26 17:06 - 00000000 ____D C:\Users\Peter\Desktop\New folder
2013-01-26 16:47 - 2013-01-26 16:47 - 00000117 ____A C:\Windows\System32\netcfg-23063858.txt
2013-01-26 16:46 - 2013-01-26 16:46 - 00000117 ____A C:\Windows\System32\netcfg-23014749.txt
2013-01-26 16:02 - 2013-01-26 16:02 - 00000000 ____D C:\Program Files (x86)\Nero
2013-01-26 16:02 - 2011-12-01 11:42 - 00072240 ____A (Nero AG) C:\Windows\System32\Drivers\NBVol.sys
2013-01-26 16:02 - 2011-12-01 11:42 - 00015920 ____A (Nero AG) C:\Windows\System32\Drivers\NBVolUp.sys
2013-01-26 16:00 - 2013-01-26 16:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-01-26 16:00 - 2013-01-26 16:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-01-26 15:59 - 2013-01-26 15:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-01-26 15:59 - 2013-01-26 15:59 - 00000000 ____D C:\Program Files\MSBuild
2013-01-26 15:58 - 2012-07-06 12:32 - 01166440 ____A (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
2013-01-26 15:58 - 2012-07-06 12:32 - 00778856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2013-01-26 15:58 - 2012-07-06 12:32 - 00124040 ____A (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-01-26 15:58 - 2012-07-06 12:32 - 00102528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-01-26 15:58 - 2012-07-06 12:32 - 00035400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2013-01-26 15:58 - 2012-07-06 12:32 - 00035400 ____A (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2013-01-26 15:34 - 2013-01-26 15:35 - 00001300 ___RA C:\Users\Peter\Documents\BitLocker Recovery Key 8BE1BB26-4B6D-4AC3-B3B9-40822926FE5A.txt
2013-01-26 15:28 - 2013-01-26 15:28 - 00001246 ____A C:\Users\Peter\Desktop\Verbatim Hard Drive Formatter.lnk
2013-01-26 15:28 - 2013-01-26 15:28 - 00000000 ____D C:\Program Files (x86)\Verbatim
2013-01-26 15:17 - 2013-01-26 15:17 - 00000000 ____D C:\Users\Peter\Documents\x64
2013-01-26 14:37 - 2013-01-26 14:37 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-26 13:58 - 2013-01-26 13:59 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-01-26 13:58 - 2013-01-26 13:58 - 00000000 ____D C:\Users\All Users\simplitec
2013-01-26 13:58 - 2013-01-26 13:58 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-01-26 10:15 - 2013-01-26 10:15 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-01-26 09:52 - 2013-01-27 07:03 - 00000000 ____D C:\Windows\Panther
2013-01-26 09:47 - 2013-01-26 09:47 - 00000085 ____A C:\Users\Peter\Documents\win id.txt
2013-01-26 09:44 - 2013-01-26 09:44 - 05442160 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\Windows8-UpgradeAssistant.exe
2013-01-26 08:41 - 2013-01-31 12:50 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-01-25 23:03 - 2013-01-25 23:03 - 00602112 ____A (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe
2013-01-25 15:09 - 2013-01-25 15:09 - 00013194 ____A C:\Users\Peter\Documents\todays netstat2.txt
2013-01-25 12:18 - 2013-01-25 12:18 - 00000000 ____D C:\NVIDIA
2013-01-25 12:15 - 2013-01-25 12:17 - 221611224 ____A (NVIDIA Corporation) C:\Users\Peter\Downloads\310.90-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-01-25 11:36 - 2013-01-25 11:40 - 00012094 ____A C:\Users\Peter\Documents\todays netstat during down load.txt
2013-01-25 00:56 - 2013-01-25 00:56 - 00000000 ____D C:\Users\Peter\Documents\Music Maker 2013 Premium
2013-01-25 00:56 - 2013-01-25 00:56 - 00000000 ____D C:\Users\Peter\Documents\MAGIX
2013-01-25 00:50 - 2013-01-26 13:59 - 00001165 ____A C:\Users\Public\Desktop\MAGIX Music Maker 2013 Premium.lnk
2013-01-25 00:50 - 2013-01-25 00:50 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-01-25 00:50 - 2013-01-25 00:50 - 00000000 ____D C:\Users\Peter\Documents\MAGIX_MusicEditor
2013-01-24 23:49 - 2013-01-24 23:49 - 00000000 ____D C:\Users\Peter\Desktop\mbar-1.01.0.1016
2013-01-24 23:11 - 2013-01-24 23:13 - 04164448 ____A (MAGIX AG) C:\Users\Peter\Downloads\musicmaker2013premium_dlm.exe
2013-01-24 12:27 - 2013-01-24 12:14 - 13462931 ____A C:\Users\Peter\Desktop\mbar-1.01.0.1016.zip
2013-01-24 12:27 - 2013-01-24 11:54 - 05026296 ____A (Swearware) C:\Users\Peter\Desktop\ComboFix.exe
2013-01-24 12:14 - 2013-01-24 12:14 - 13462931 ____A C:\Users\Peter\Downloads\mbar-1.01.0.1016.zip
2013-01-24 11:54 - 2013-01-24 11:54 - 05026296 ____A (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2013-01-15 19:21 - 2013-01-29 04:33 - 00000000 __SHD C:\Recovery


==================== One Month Modified Files and Folders =======

2013-02-05 07:22 - 2012-07-26 17:58 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-05 07:16 - 2013-02-05 07:16 - 00000611 ____A C:\Users\Peter\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
2013-02-05 07:11 - 2012-10-31 21:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Peter\Desktop\TDSSKiller.exe
2013-02-05 07:10 - 2013-02-05 07:10 - 02195061 ____A C:\Users\Peter\Downloads\tdsskiller.zip
2013-02-05 07:06 - 2013-01-26 21:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-05 07:01 - 2013-02-05 01:27 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-05 07:01 - 2012-07-26 17:52 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-05 03:52 - 2013-02-05 03:52 - 02567396 ____A C:\Users\Peter\Documents\tonights forbidden zone5.2.2013.bmp
2013-02-05 03:47 - 2013-02-05 03:47 - 00001463 ____A C:\Users\Peter\Desktop\RKreport[9]_S_02052013_02d0347.txt
2013-02-05 03:43 - 2013-02-05 03:43 - 00000000 ____D C:\CCE_Quarantine
2013-02-05 03:39 - 2013-02-05 01:27 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-05 03:32 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\System32\sru
2013-02-05 03:22 - 2013-01-30 12:00 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2013-02-05 02:02 - 2013-02-05 01:29 - 00002259 ____A C:\Users\Peter\Desktop\Google Chrome.lnk
2013-02-05 02:02 - 2013-01-26 20:49 - 00004852 ____A C:\Windows\PFRO.log
2013-02-05 01:38 - 2013-02-05 01:38 - 00000000 ____D C:\Users\Peter\Downloads\cce_2.5.242177.201_x64
2013-02-05 01:36 - 2013-02-05 01:35 - 25543261 ____A C:\Users\Peter\Downloads\cce_2.5.242177.201_x64.zip
2013-02-05 01:29 - 2013-02-05 01:27 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
2013-02-05 01:28 - 2013-02-05 01:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-05 01:27 - 2013-02-05 01:27 - 32353488 ____A C:\Users\Peter\Downloads\GoogleChromeStandaloneEnterprise.msi
2013-02-05 01:03 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\System32\NDF
2013-02-05 00:48 - 2013-02-05 00:47 - 00000000 ____D C:\Users\Peter\AppData\Local\eSupport.com
2013-02-05 00:47 - 2013-02-05 00:47 - 00630360 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Peter\Desktop\biosagentplus_755.exe
2013-02-05 00:47 - 2013-02-05 00:47 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-02-05 00:47 - 2013-02-05 00:47 - 00001061 ____A C:\Users\Peter\Desktop\BiosAgent Plus.lnk
2013-02-05 00:42 - 2013-02-05 00:42 - 00483840 ____A C:\Users\Peter\Desktop\bit.exe
2013-02-05 00:42 - 2013-02-05 00:42 - 00000349 ____A C:\Users\Peter\Downloads\report1.dat
2013-02-05 00:42 - 2013-02-05 00:42 - 00000349 ____A C:\Users\Peter\Desktop\report1.dat
2013-02-04 17:30 - 2013-01-26 20:54 - 01464175 ____A C:\Windows\WindowsUpdate.log
2013-02-04 15:35 - 2013-02-04 15:35 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-02-04 15:35 - 2013-02-04 15:34 - 00000000 ____D C:\Users\Peter\AppData\Local\Paint.NET
2013-02-04 15:35 - 2013-02-04 15:34 - 00000000 ____D C:\Program Files\Paint.NET
2013-02-04 11:16 - 2013-02-04 11:16 - 00001033 ____A C:\Users\Peter\Desktop\RKreport[8]_S_02042013_02d1116.txt
2013-02-04 11:15 - 2013-02-04 11:15 - 00001384 ____A C:\Users\Peter\Desktop\RKreport[7]_D_02042013_02d1115.txt
2013-02-04 11:13 - 2013-02-04 11:13 - 00001345 ____A C:\Users\Peter\Desktop\RKreport[6]_S_02042013_02d1113.txt
2013-02-04 11:12 - 2013-02-04 11:12 - 00001313 ____A C:\Users\Peter\Desktop\RKreport[5]_S_02042013_02d1112.txt
2013-02-04 11:11 - 2013-02-04 11:11 - 00761856 ____A C:\Users\Peter\Desktop\RogueKillerX64(1).exe
2013-02-03 15:28 - 2012-07-26 15:56 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-02-03 15:27 - 2013-02-03 15:27 - 01574868 ____A C:\Users\Peter\Documents\full netstat.bmp
2013-02-03 10:53 - 2013-02-03 10:53 - 00647528 ____A C:\Users\Peter\Documents\netstat and host gator.bmp
2013-02-03 10:37 - 2013-02-03 10:37 - 00647528 ____A C:\Users\Peter\Documents\ip to host gator.bmp
2013-02-02 10:14 - 2013-02-02 10:13 - 00296208 ____A C:\Windows\Minidump\020213-21372-01.dmp
2013-02-02 10:13 - 2013-01-31 13:06 - 436282774 ____A C:\Windows\MEMORY.DMP
2013-02-02 10:13 - 2013-01-31 13:06 - 00000000 ____D C:\Windows\Minidump
2013-02-02 08:43 - 2013-02-02 08:43 - 04544132 ____A C:\Users\Peter\Documents\netstat cap ture invalid fb connections when not connected.bmp
2013-02-02 08:33 - 2013-02-02 08:33 - 05351868 ____A C:\Users\Peter\Desktop\AutoScreenRecorder_01 Feb. 02 08.33.avi
2013-02-02 07:20 - 2013-02-02 07:20 - 00046833 ____A C:\Users\Peter\Documents\2012 - 2013 a nice day.wlmp
2013-02-02 06:24 - 2013-02-02 06:00 - 00000000 ____D C:\Users\Peter\Desktop\fb movie
2013-02-02 06:14 - 2013-01-27 05:05 - 00000000 ____D C:\Users\Peter\AppData\Local\Windows Live
2013-02-01 21:42 - 2013-02-01 21:42 - 03559897 ____A (Igor Pavlov) C:\Users\Peter\Desktop\sl670_bios_w230.exe
2013-02-01 20:44 - 2013-02-01 20:44 - 00000085 ____A C:\Users\Peter\Desktop\BingSiteAuth.xml
2013-02-01 12:54 - 2013-02-01 12:54 - 01111572 ____A C:\Users\Peter\Documents\netstat on fb.bmp
2013-02-01 12:52 - 2013-02-01 12:52 - 00001000 ____A C:\Users\UpdatusUser\Desktop\Quick Screen Capture.lnk
2013-02-01 12:52 - 2013-02-01 12:52 - 00001000 ____A C:\Users\Peter\Desktop\Quick Screen Capture.lnk
2013-02-01 12:52 - 2013-02-01 12:52 - 00000000 ____D C:\Program Files (x86)\Quick Screen Capture
2013-02-01 12:52 - 2013-02-01 12:52 - 00000000 ____D C:\MyCaptures
2013-02-01 12:51 - 2013-02-01 12:51 - 01074244 ____A (Etru Software Development ) C:\Users\Peter\Downloads\capture.exe
2013-02-01 12:44 - 2013-02-01 12:43 - 01322266 ____A C:\Users\Peter\Desktop\AutoScreenRecorder_02 Feb. 01 12.44.avi
2013-02-01 12:40 - 2013-02-01 12:40 - 00002060 ____A C:\Users\UpdatusUser\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-02-01 12:40 - 2013-02-01 12:40 - 00002060 ____A C:\Users\Peter\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-02-01 12:40 - 2013-02-01 12:40 - 00000000 ____D C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
2013-02-01 12:39 - 2013-02-01 12:38 - 03943287 ____A C:\Users\Peter\Downloads\setupautoscreenrecorderfree.exe
2013-02-01 10:21 - 2013-02-01 10:21 - 00000000 ____D C:\Program Files (x86)\MustBeRandomlyNamed
2013-02-01 01:15 - 2013-01-31 17:32 - 00000000 ____D C:\Users\Peter\AppData\Local\LogMeIn Rescue Applet
2013-01-31 20:18 - 2013-01-31 20:18 - 00021986 ____A C:\Users\Peter\Desktop\DDS the one to post.txt
2013-01-31 20:05 - 2013-01-31 08:59 - 00021986 ____A C:\Users\Peter\Desktop\dds.txt
2013-01-31 20:05 - 2013-01-31 08:59 - 00005019 ____A C:\Users\Peter\Desktop\attach.txt
2013-01-31 20:03 - 2013-01-31 20:03 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.com
2013-01-31 17:32 - 2013-01-31 17:32 - 01244000 ____A (LogMeIn, Inc.) C:\Users\Peter\Downloads\Support-LogMeInRescue.exe
2013-01-31 17:03 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\rescache
2013-01-31 13:06 - 2013-01-31 13:06 - 00296248 ____A C:\Windows\Minidump\013113-33228-01.dmp
2013-01-31 12:52 - 2013-01-31 12:52 - 00000000 ____D C:\Program Files\PlayReady
2013-01-31 12:50 - 2013-01-26 08:41 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-01-31 12:48 - 2012-07-26 17:51 - 00030460 ____A C:\Windows\setupact.log
2013-01-31 12:47 - 2013-01-31 12:47 - 00000000 ____D C:\Users\Peter\Desktop\New folder (2)
2013-01-31 12:22 - 2013-01-31 12:22 - 00001285 ____A C:\Users\Peter\Desktop\RKreport[4]_D_01312013_02d1222.txt
2013-01-31 12:21 - 2013-01-31 12:21 - 00001246 ____A C:\Users\Peter\Desktop\RKreport[3]_S_01312013_02d1221.txt
2013-01-31 12:17 - 2013-01-31 12:17 - 00001202 ____A C:\Users\Peter\Desktop\RKreport[2]_S_01312013_02d1217.txt
2013-01-31 12:07 - 2013-01-29 09:27 - 00361896 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-31 12:03 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\System32\restore
2013-01-31 12:03 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\System32\en-GB
2013-01-31 11:40 - 2013-01-31 11:40 - 00000030 ____A C:\Users\Peter\Desktop\ppppppp.txt
2013-01-31 09:06 - 2013-01-31 09:05 - 04732416 ____A (AVAST Software) C:\Users\Peter\Downloads\aswMBR (1).exe
2013-01-31 08:54 - 2013-01-31 08:53 - 04732416 ____A (AVAST Software) C:\Users\Peter\Downloads\aswMBR.exe
2013-01-31 08:51 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\AUInstallAgent
2013-01-31 08:46 - 2013-01-31 08:46 - 00035712 ____A C:\Windows\SysWOW64\Drivers\8JI3fFXX.sys
2013-01-31 08:45 - 2013-01-30 11:02 - 00035712 ____A C:\Windows\SysWOW64\Drivers\2Acu24A8.sys
2013-01-31 08:43 - 2013-01-31 08:43 - 00001165 ____A C:\Users\Peter\Desktop\RKreport[1]_S_01312013_02d0843.txt
2013-01-31 02:42 - 2013-01-31 02:42 - 00000646 ____A C:\Users\Peter\Desktop\Total Commander 64 bit.lnk
2013-01-31 02:42 - 2013-01-31 02:42 - 00000632 ____A C:\Users\Peter\Desktop\Total Commander.lnk
2013-01-31 02:42 - 2013-01-31 02:42 - 00000000 ____D C:\Users\Peter\AppData\Roaming\GHISLER
2013-01-31 02:42 - 2013-01-31 02:42 - 00000000 ____D C:\totalcmd
2013-01-31 02:41 - 2013-01-31 02:41 - 05896408 ____A (Ghisler Software GmbH) C:\Users\Peter\Downloads\tcm801x32_64.exe
2013-01-31 02:12 - 2013-01-31 02:12 - 00000000 ____D C:\Users\Peter\Downloads\mbar-1.01.0.1017
2013-01-31 02:12 - 2013-01-31 02:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-30 21:23 - 2013-01-26 22:40 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-30 20:37 - 2013-01-30 20:37 - 00001488 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk
2013-01-30 20:36 - 2013-01-30 20:36 - 00000000 ____D C:\Program Files (x86)\EaseUS
2013-01-30 19:49 - 2013-01-30 19:49 - 00000000 ____D C:\Users\Peter\Documents\New folder
2013-01-30 19:39 - 2013-01-30 19:39 - 00000000 ____D C:\Users\Peter\AppData\Local\Macromedia
2013-01-30 19:34 - 2013-01-30 10:48 - 00000000 ____D C:\Users\Peter\AppData\Local\NPE
2013-01-30 10:48 - 2013-01-30 10:48 - 00000000 ____D C:\Users\All Users\Norton
2013-01-30 10:47 - 2013-01-30 10:47 - 00912040 ____A (Symantec Corporation) C:\Users\Peter\Downloads\NBRT-Retail-Downloader.exe
2013-01-30 10:46 - 2013-01-30 10:46 - 02957840 ____A (Symantec Corporation) C:\Users\Peter\Downloads\NPE.exe
2013-01-30 09:18 - 2013-01-30 09:18 - 00000975 ____A C:\Users\Public\Desktop\HostsMan.lnk
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\Peter\AppData\Roaming\abelhadigital.com
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Users\All Users\abelhadigital.com
2013-01-30 09:18 - 2013-01-30 09:18 - 00000000 ____D C:\Program Files (x86)\HostsMan
2013-01-30 09:18 - 2013-01-26 21:06 - 00000000 ____D C:\Users\Peter\AppData\Local\Packages
2013-01-30 09:16 - 2013-01-30 09:16 - 02641210 ____A C:\Users\Peter\Downloads\HostsMan_4.0.90_beta10_installer.zip
2013-01-30 07:38 - 2013-01-30 07:37 - 00002758 ____A C:\Users\Peter\Downloads\Result.txt
2013-01-30 07:37 - 2013-01-30 07:37 - 00307865 ____A (Farbar) C:\Users\Peter\Downloads\ListParts.exe
2013-01-30 06:04 - 2013-01-30 03:04 - 00000000 ____D C:\Users\Peter\Desktop\Hexprobe
2013-01-30 03:52 - 2013-01-29 21:33 - 00082529 ____A C:\Users\Peter\Documents\My Movie.wlmp
2013-01-30 03:32 - 2013-01-26 21:06 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2013-01-30 03:08 - 2013-01-29 01:03 - 00000000 ____D C:\Users\Peter\Desktop\RK_Quarantine
2013-01-30 03:03 - 2013-01-30 03:02 - 03164942 ____A (Hexprobe System ) C:\Users\Peter\Downloads\hprob431.exe
2013-01-29 06:35 - 2012-07-26 18:42 - 00000000 ___RD C:\Windows\ToastData
2013-01-29 06:35 - 2012-07-26 18:42 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-01-29 06:35 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\WinStore
2013-01-29 06:35 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-01-29 06:35 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-29 06:35 - 2012-07-26 16:08 - 00000000 ____D C:\Windows\System32\oobe
2013-01-29 06:34 - 2013-01-29 06:34 - 00000117 ____A C:\Windows\System32\netcfg-10878136.txt
2013-01-29 06:14 - 2013-01-29 06:14 - 00000117 ____A C:\Windows\System32\netcfg-9707333.txt
2013-01-29 06:06 - 2013-01-29 06:06 - 00000117 ____A C:\Windows\System32\netcfg-9202888.txt
2013-01-29 05:53 - 2013-01-29 05:53 - 00000117 ____A C:\Windows\System32\netcfg-8453506.txt
2013-01-29 05:53 - 2013-01-29 05:53 - 00000117 ____A C:\Windows\System32\netcfg-8410528.txt
2013-01-29 04:33 - 2013-01-15 19:21 - 00000000 __SHD C:\Recovery
2013-01-29 04:33 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\System32\Recovery
2013-01-29 03:56 - 2013-01-29 03:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-01-29 03:35 - 2013-01-29 03:35 - 00000117 ____A C:\Windows\System32\netcfg-149932.txt
2013-01-29 03:33 - 2013-01-29 03:33 - 00000117 ____A C:\Windows\System32\netcfg-41137.txt
2013-01-29 01:57 - 2013-01-29 01:57 - 00000117 ____A C:\Windows\System32\netcfg-90630840.txt
2013-01-29 01:21 - 2013-01-29 01:21 - 00688992 ____R (Swearware) C:\Users\Peter\Downloads\dds.scr
2013-01-28 23:14 - 2013-01-28 23:14 - 00000117 ____A C:\Windows\System32\netcfg-80843961.txt
2013-01-28 23:12 - 2013-01-28 23:12 - 00000117 ____A C:\Windows\System32\netcfg-80717756.txt
2013-01-28 15:20 - 2013-01-28 15:20 - 00000117 ____A C:\Windows\System32\netcfg-52405025.txt
2013-01-28 15:20 - 2013-01-28 15:20 - 00000117 ____A C:\Windows\System32\netcfg-52398707.txt
2013-01-28 14:23 - 2013-01-28 14:18 - 398151680 ____A C:\Users\Peter\Downloads\bitdefender-rescue-cd.iso
2013-01-28 11:17 - 2013-01-31 02:11 - 13562257 ____A C:\Users\Peter\Downloads\mbar-1.01.0.1017.zip
2013-01-28 10:27 - 2013-01-28 10:26 - 15090880 ____A (MiniTool Solution Ltd. ) C:\Users\Peter\Downloads\pwhe77.exe
2013-01-28 07:43 - 2013-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-28 07:42 - 2013-01-27 22:50 - 00000000 ____D C:\Users\All Users\Ashampoo
2013-01-28 07:41 - 2013-01-28 07:41 - 00000117 ____A C:\Windows\System32\netcfg-24890645.txt
2013-01-28 06:05 - 2013-01-28 06:05 - 00000117 ____A C:\Windows\System32\netcfg-19095629.txt
2013-01-28 03:32 - 2013-01-28 03:32 - 00756224 ____A C:\Users\Peter\Downloads\RogueKillerX64.exe
2013-01-28 01:08 - 2013-01-28 01:05 - 00000000 ____D C:\Users\Peter\Downloads\Kaspersky Rescue2Usb
2013-01-28 01:04 - 2013-01-28 01:04 - 00387584 ____A C:\Users\Peter\Downloads\rescue2usb.exe
2013-01-28 00:51 - 2013-01-28 00:51 - 00000117 ____A C:\Windows\System32\netcfg-250553.txt
2013-01-28 00:50 - 2013-01-28 00:50 - 00000000 ____D C:\Windows\System32\appmgmt
2013-01-28 00:47 - 2013-01-26 21:40 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-28 00:45 - 2012-07-26 18:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-01-28 00:19 - 2013-01-28 00:19 - 00000117 ____A C:\Windows\System32\netcfg-63097755.txt
2013-01-27 22:50 - 2013-01-27 22:50 - 00001321 ____A C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Ashampoo
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Users\Peter\AppData\Local\ashampoo
2013-01-27 22:50 - 2013-01-27 22:50 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-01-27 22:45 - 2013-01-27 22:45 - 10443504 ____A (Ashampoo GmbH & Co. KG ) C:\Users\Peter\Downloads\ashampoo_burning_studio_6_free_6.82_4312.exe
2013-01-27 22:06 - 2013-01-27 21:38 - 296022016 ____A C:\Users\Peter\Downloads\kav_rescue_10.iso
2013-01-27 21:43 - 2013-01-27 21:43 - 00267132 ____A C:\Windows\msxml4-KB2758694-enu.LOG
2013-01-27 21:34 - 2013-01-27 21:34 - 00000117 ____A C:\Windows\System32\netcfg-53237634.txt
2013-01-27 21:33 - 2013-01-27 21:33 - 00000117 ____A C:\Windows\System32\netcfg-53126546.txt
2013-01-27 21:22 - 2013-01-27 21:22 - 00000117 ____A C:\Windows\System32\netcfg-52523368.txt
2013-01-27 21:22 - 2013-01-27 21:22 - 00000117 ____A C:\Windows\System32\netcfg-52522822.txt
2013-01-27 11:44 - 2013-01-27 11:44 - 00000117 ____A C:\Windows\System32\netcfg-17812100.txt
2013-01-27 11:44 - 2013-01-27 11:44 - 00000117 ____A C:\Windows\System32\netcfg-17811398.txt
2013-01-27 07:03 - 2013-01-26 09:52 - 00000000 ____D C:\Windows\Panther
2013-01-27 06:56 - 2013-01-27 06:56 - 00000117 ____A C:\Windows\System32\netcfg-527361.txt
2013-01-27 06:48 - 2013-01-27 06:48 - 00000117 ____A C:\Windows\System32\netcfg-52899.txt
2013-01-27 05:55 - 2013-01-27 05:10 - 00000000 ____D C:\Users\Peter\Desktop\2013-01-18 2013
2013-01-27 05:54 - 2013-01-27 05:54 - 00000000 ____D C:\Users\Peter\Desktop\fbups
2013-01-27 05:11 - 2013-01-27 05:11 - 00000706 ____A C:\Users\Peter\Desktop\birthday sunrise Jan 18 2013 - Shortcut.lnk
2013-01-27 05:08 - 2013-01-27 05:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-01-27 05:07 - 2013-01-27 05:07 - 00000000 ____D C:\Windows\en
2013-01-27 05:07 - 2012-07-26 20:13 - 00000000 ____D C:\Windows\en-GB
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Windows\PCHEALTH
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-01-27 05:06 - 2013-01-27 05:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-27 05:05 - 2013-01-27 05:05 - 00000196 ____A C:\Windows\DirectX.log
2013-01-27 05:04 - 2013-01-27 05:04 - 01239552 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\wlsetup-web_001.exe
2013-01-27 05:03 - 2013-01-27 05:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\wlsetup-web.exe
2013-01-27 04:54 - 2013-01-27 04:54 - 00000117 ____A C:\Windows\System32\netcfg-66697447.txt
2013-01-27 04:54 - 2013-01-27 04:54 - 00000117 ____A C:\Windows\System32\netcfg-66696995.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000117 ____A C:\Windows\System32\netcfg-46761674.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000117 ____A C:\Windows\System32\netcfg-46759770.txt
2013-01-26 23:22 - 2013-01-26 23:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\simplitec
2013-01-26 22:29 - 2013-01-26 22:29 - 04164448 ____A (MAGIX AG) C:\Users\Peter\Downloads\musicmaker2013premium_dlm (1).exe
2013-01-26 21:44 - 2013-01-26 21:44 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\Peter\AppData\Local\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Users\All Users\Mozilla
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-26 21:44 - 2013-01-26 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-26 21:43 - 2013-01-26 21:43 - 20296664 ____A (Mozilla) C:\Users\Peter\Downloads\Firefox Setup 18.0.1.exe
2013-01-26 21:41 - 2013-01-26 21:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-01-26 21:41 - 2013-01-26 21:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-26 21:39 - 2013-01-26 21:39 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-26 21:31 - 2013-01-26 21:31 - 00000117 ____A C:\Windows\System32\netcfg-2267802.txt
2013-01-26 21:31 - 2013-01-26 21:31 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Macromedia
2013-01-26 21:31 - 2013-01-26 21:30 - 00000117 ____A C:\Windows\System32\netcfg-2264713.txt
2013-01-26 21:30 - 2013-01-26 21:30 - 00000117 ____A C:\Windows\System32\netcfg-2264666.txt
2013-01-26 21:30 - 2013-01-26 21:30 - 00000117 ____A C:\Windows\System32\netcfg-2258504.txt
2013-01-26 21:29 - 2013-01-26 21:29 - 00001203 ____A C:\Windows\System32\netcfg-2153344.txt
2013-01-26 21:29 - 2013-01-26 21:29 - 00000264 ____A C:\Windows\System32\netcfg-2154951.txt
2013-01-26 21:07 - 2013-01-26 21:06 - 00000000 ____D C:\Users\All Users\PRICache
2013-01-26 21:07 - 2013-01-26 20:52 - 00000000 ____D C:\users\Peter
2013-01-26 21:06 - 2013-01-26 21:06 - 00000020 ___SH C:\Users\Peter\ntuser.ini
2013-01-26 20:54 - 2013-01-26 20:54 - 00000000 ____D C:\Windows\CSC
2013-01-26 20:54 - 2013-01-26 20:52 - 00026673 ____A C:\Windows\diagwrn.xml
2013-01-26 20:54 - 2013-01-26 20:52 - 00026673 ____A C:\Windows\diagerr.xml
2013-01-26 20:52 - 2012-07-26 18:43 - 00001720 ____A C:\Windows\DtcInstall.log
2013-01-26 20:52 - 2012-07-26 18:42 - 00000000 __RHD C:\Users\Public\Libraries
2013-01-26 20:51 - 2012-07-26 16:08 - 00000000 ____D C:\Windows\System32\Sysprep
2013-01-26 20:50 - 2013-01-26 20:50 - 00001135 ____A C:\Windows\System32\netcfg-68936.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000185 ____A C:\Windows\System32\netcfg-67018.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000164 ____A C:\Windows\System32\netcfg-64927.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000161 ____A C:\Windows\System32\netcfg-66706.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-66378.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-65910.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000160 ____A C:\Windows\System32\netcfg-60107.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000159 ____A C:\Windows\System32\netcfg-65286.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000157 ____A C:\Windows\System32\netcfg-66097.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000157 ____A C:\Windows\System32\netcfg-57829.txt
2013-01-26 20:50 - 2013-01-26 20:50 - 00000150 ____A C:\Windows\System32\netcfg-65645.txt
2013-01-26 20:48 - 2013-01-26 20:48 - 00000000 ____D C:\Windows.old
2013-01-26 20:48 - 2012-07-26 18:43 - 00262144 ____A C:\Windows\System32\config\BCD-Template
2013-01-26 20:46 - 2012-07-26 15:56 - 00000000 ___HD C:\$WINDOWS.~BT
2013-01-26 19:30 - 2013-01-29 01:03 - 00724443 ____A (UG North ) C:\Users\Peter\Desktop\RkU3.8.389.593.exe
2013-01-26 19:14 - 2013-01-26 19:14 - 00634925 ____A C:\Users\Peter\Downloads\RkU3.8.389.593.rar
2013-01-26 17:47 - 2013-01-26 17:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-01-26 17:06 - 2013-01-26 17:05 - 00000000 ____D C:\Users\Peter\Desktop\New folder
2013-01-26 16:47 - 2013-01-26 16:47 - 00000117 ____A C:\Windows\System32\netcfg-23063858.txt
2013-01-26 16:46 - 2013-01-26 16:46 - 00000117 ____A C:\Windows\System32\netcfg-23014749.txt
2013-01-26 16:02 - 2013-01-26 16:02 - 00000000 ____D C:\Program Files (x86)\Nero
2013-01-26 16:00 - 2013-01-26 16:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-01-26 16:00 - 2013-01-26 16:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-01-26 15:59 - 2013-01-26 15:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-01-26 15:59 - 2013-01-26 15:59 - 00000000 ____D C:\Program Files\MSBuild
2013-01-26 15:35 - 2013-01-26 15:34 - 00001300 ___RA C:\Users\Peter\Documents\BitLocker Recovery Key 8BE1BB26-4B6D-4AC3-B3B9-40822926FE5A.txt
2013-01-26 15:28 - 2013-01-26 15:28 - 00001246 ____A C:\Users\Peter\Desktop\Verbatim Hard Drive Formatter.lnk
2013-01-26 15:28 - 2013-01-26 15:28 - 00000000 ____D C:\Program Files (x86)\Verbatim
2013-01-26 15:17 - 2013-01-26 15:17 - 00000000 ____D C:\Users\Peter\Documents\x64
2013-01-26 14:37 - 2013-01-26 21:07 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Adobe
2013-01-26 14:37 - 2013-01-26 14:37 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-26 14:37 - 2013-01-26 14:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-26 14:00 - 2013-01-26 21:22 - 00000000 ____D C:\Users\Peter\AppData\Roaming\MAGIX
2013-01-26 14:00 - 2013-01-26 21:22 - 00000000 ____D C:\Users\All Users\MAGIX
2013-01-26 13:59 - 2013-01-26 13:58 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-01-26 13:59 - 2013-01-25 00:50 - 00001165 ____A C:\Users\Public\Desktop\MAGIX Music Maker 2013 Premium.lnk
2013-01-26 13:59 - 2007-04-27 10:43 - 00120200 ____A () C:\Windows\SysWOW64\DLLDEV32i.dll
2013-01-26 13:58 - 2013-01-26 13:58 - 00000000 ____D C:\Users\All Users\simplitec
2013-01-26 13:58 - 2013-01-26 13:58 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-01-26 13:58 - 2012-07-26 18:42 - 00000000 ____D C:\Windows\Help
2013-01-26 10:15 - 2013-01-26 10:15 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-01-26 09:47 - 2013-01-26 09:47 - 00000085 ____A C:\Users\Peter\Documents\win id.txt
2013-01-26 09:44 - 2013-01-26 09:44 - 05442160 ____A (Microsoft Corporation) C:\Users\Peter\Downloads\Windows8-UpgradeAssistant.exe
2013-01-25 23:03 - 2013-01-25 23:03 - 00602112 ____A (OldTimer Tools) C:\Users\Peter\Downloads\OTL.exe
2013-01-25 15:09 - 2013-01-25 15:09 - 00013194 ____A C:\Users\Peter\Documents\todays netstat2.txt
2013-01-25 12:18 - 2013-01-25 12:18 - 00000000 ____D C:\NVIDIA
2013-01-25 12:17 - 2013-01-25 12:15 - 221611224 ____A (NVIDIA Corporation) C:\Users\Peter\Downloads\310.90-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-01-25 11:40 - 2013-01-25 11:36 - 00012094 ____A C:\Users\Peter\Documents\todays netstat during down load.txt
2013-01-25 00:56 - 2013-01-25 00:56 - 00000000 ____D C:\Users\Peter\Documents\Music Maker 2013 Premium
2013-01-25 00:56 - 2013-01-25 00:56 - 00000000 ____D C:\Users\Peter\Documents\MAGIX
2013-01-25 00:50 - 2013-01-25 00:50 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-01-25 00:50 - 2013-01-25 00:50 - 00000000 ____D C:\Users\Peter\Documents\MAGIX_MusicEditor
2013-01-24 23:49 - 2013-01-24 23:49 - 00000000 ____D C:\Users\Peter\Desktop\mbar-1.01.0.1016
2013-01-24 23:13 - 2013-01-24 23:11 - 04164448 ____A (MAGIX AG) C:\Users\Peter\Downloads\musicmaker2013premium_dlm.exe
2013-01-24 12:14 - 2013-01-24 12:27 - 13462931 ____A C:\Users\Peter\Desktop\mbar-1.01.0.1016.zip
2013-01-24 12:14 - 2013-01-24 12:14 - 13462931 ____A C:\Users\Peter\Downloads\mbar-1.01.0.1016.zip
2013-01-24 11:54 - 2013-01-24 12:27 - 05026296 ____A (Swearware) C:\Users\Peter\Desktop\ComboFix.exe
2013-01-24 11:54 - 2013-01-24 11:54 - 05026296 ____A (Swearware) C:\Users\Peter\Downloads\ComboFix.exe
2013-01-11 11:52 - 2013-01-29 00:28 - 03055808 ____A C:\Windows\System32\pwNative.exe
2013-01-11 11:52 - 2013-01-29 00:28 - 00019032 ____N C:\Windows\System32\pwdrvio.sys
2013-01-11 11:52 - 2013-01-29 00:28 - 00012384 ____N C:\Windows\System32\pwdspio.sys


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2013-01-28 09:22] - [2012-10-11 16:16] - 0517120 ____A (Microsoft Corporation) BCF2036A0DD579E47C008C133550283E

C:\Windows\System32\wininit.exe
[2012-07-26 10:33] - [2012-07-26 13:38] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2013-01-28 09:23] - [2012-10-11 18:05] - 2380944 ____A (Microsoft Corporation) E13A31D5254C25406A7946BDD9B06364

C:\Windows\SysWOW64\explorer.exe
[2013-01-28 09:23] - [2012-10-11 16:26] - 2115952 ____A (Microsoft Corporation) 953ADECFF08202A01EFC6110214FDE02

C:\Windows\System32\svchost.exe
[2013-01-28 09:20] - [2012-09-20 17:03] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\SysWOW64\svchost.exe
[2013-01-28 09:20] - [2012-09-20 16:25] - 0023040 ____A (Microsoft Corporation) A46DC432F81473F526E3994AA483E366

C:\Windows\System32\services.exe
[2013-01-28 09:20] - [2012-09-20 17:03] - 0410624 ____A (Microsoft Corporation) 8F226143046435C75C033B0C52E90FFE

C:\Windows\System32\User32.dll
[2013-01-28 09:20] - [2012-09-20 17:03] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\SysWOW64\User32.dll
[2013-01-28 09:19] - [2012-09-20 14:40] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\System32\userinit.exe
[2012-07-26 10:36] - [2012-07-26 13:38] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe
[2012-07-26 10:38] - [2012-07-26 13:51] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys
[2012-07-26 13:00] - [2012-07-26 15:27] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE


==================== Restore Points =========================

Restore point made on: 2013-01-29 06:11:15
Restore point made on: 2013-01-29 06:32:32
Restore point made on: 2013-01-31 11:59:28
Restore point made on: 2013-01-31 11:59:49
Restore point made on: 2013-01-31 12:52:14
Restore point made on: 2013-02-04 15:34:38

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 8191.05 MB
Available physical RAM: 7460.64 MB
Total Pagefile: 16383.05 MB
Available Pagefile: 15680.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:297.89 GB) (Free:209.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
5 Drive g: () (Removable) (Total:0.95 GB) (Free:0.51 GB) FAT32


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 979 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 18BF2597

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 297 GB 201 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RAW Partition 200 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy System (partition with boot components)

=========================================================

Partitions of Disk 1:
===============

Disk ID: CDD04F8A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 979 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT32 Removable 979 MB Healthy

=========================================================

Last Boot: 2013-01-26 20:49

==================== End Of Log =============================
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 5:38 pm

TDSS killer log
07:40:36.0961 0332 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:40:37.0008 0332 ============================================================
07:40:37.0008 0332 Current date / time: 2013/02/05 07:40:37.0008
07:40:37.0008 0332 SystemInfo:
07:40:37.0008 0332
07:40:37.0008 0332 OS Version: 6.2.9200 ServicePack: 0.0
07:40:37.0008 0332 Product type: Workstation
07:40:37.0008 0332 ComputerName: P8
07:40:37.0008 0332 UserName: Peter
07:40:37.0008 0332 Windows directory: C:\Windows
07:40:37.0008 0332 System windows directory: C:\Windows
07:40:37.0008 0332 Running under WOW64
07:40:37.0008 0332 Processor architecture: Intel x64
07:40:37.0008 0332 Number of processors: 4
07:40:37.0008 0332 Page size: 0x1000
07:40:37.0008 0332 Boot type: Safe boot
07:40:37.0008 0332 ============================================================
07:40:37.0632 0332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x377575, SectorsPerTrack: 0x2, TracksPerCylinder: 0x56, Type 'K0', Flags 0x00000040
07:40:37.0632 0332 Drive \Device\Harddisk1\DR1 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:40:37.0632 0332 ============================================================
07:40:37.0632 0332 \Device\Harddisk0\DR0:
07:40:37.0632 0332 MBR partitions:
07:40:37.0632 0332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
07:40:37.0632 0332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x253CA2B0
07:40:37.0632 0332 \Device\Harddisk1\DR1:
07:40:37.0632 0332 MBR partitions:
07:40:37.0632 0332 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E9E52
07:40:37.0632 0332 ============================================================
07:40:37.0663 0332 C: <-> \Device\Harddisk0\DR0\Partition2
07:40:37.0663 0332 ============================================================
07:40:37.0663 0332 Initialize success
07:40:37.0663 0332 ============================================================
07:41:00.0611 1120 ============================================================
07:41:00.0611 1120 Scan started
07:41:00.0611 1120 Mode: Manual; SigCheck; TDLFS;
07:41:00.0611 1120 ============================================================
07:41:00.0799 1120 ================ Scan system memory ========================
07:41:00.0799 1120 System memory - ok
07:41:00.0799 1120 ================ Scan services =============================
07:41:00.0923 1120 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
07:41:01.0157 1120 1394ohci - ok
07:41:01.0173 1120 2Acu24A8 - ok
07:41:01.0189 1120 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
07:41:01.0189 1120 3ware - ok
07:41:01.0204 1120 8JI3fFXX - ok
07:41:01.0235 1120 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:41:01.0251 1120 ACPI - ok
07:41:01.0267 1120 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
07:41:01.0267 1120 acpiex - ok
07:41:01.0282 1120 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
07:41:01.0313 1120 acpipagr - ok
07:41:01.0329 1120 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
07:41:01.0376 1120 AcpiPmi - ok
07:41:01.0376 1120 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
07:41:01.0407 1120 acpitime - ok
07:41:01.0485 1120 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:41:01.0485 1120 AdobeFlashPlayerUpdateSvc - ok
07:41:01.0516 1120 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:41:01.0532 1120 adp94xx - ok
07:41:01.0563 1120 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:41:01.0579 1120 adpahci - ok
07:41:01.0594 1120 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:41:01.0594 1120 adpu320 - ok
07:41:01.0625 1120 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:41:01.0688 1120 AeLookupSvc - ok
07:41:01.0719 1120 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
07:41:01.0781 1120 AFD - ok
07:41:01.0781 1120 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:41:01.0797 1120 agp440 - ok
07:41:01.0813 1120 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
07:41:01.0875 1120 ALG - ok
07:41:01.0906 1120 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
07:41:01.0953 1120 AllUserInstallAgent - ok
07:41:02.0000 1120 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
07:41:02.0031 1120 AmdK8 - ok
07:41:02.0062 1120 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
07:41:02.0078 1120 AmdPPM - ok
07:41:02.0093 1120 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:41:02.0093 1120 amdsata - ok
07:41:02.0109 1120 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:41:02.0125 1120 amdsbs - ok
07:41:02.0125 1120 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:41:02.0140 1120 amdxata - ok
07:41:02.0156 1120 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
07:41:02.0203 1120 AppID - ok
07:41:02.0218 1120 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:41:02.0234 1120 AppIDSvc - ok
07:41:02.0249 1120 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
07:41:02.0265 1120 Appinfo - ok
07:41:02.0281 1120 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll
07:41:02.0343 1120 AppMgmt - ok
07:41:02.0359 1120 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
07:41:02.0374 1120 arc - ok
07:41:02.0374 1120 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:41:02.0390 1120 arcsas - ok
07:41:02.0390 1120 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:41:02.0405 1120 AsyncMac - ok
07:41:02.0421 1120 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
07:41:02.0437 1120 atapi - ok
07:41:02.0530 1120 [ 8DAB5A93FAFC89852545471D3F2486CE ] athur C:\Windows\system32\DRIVERS\athuw8x.sys
07:41:02.0624 1120 athur - ok
07:41:02.0639 1120 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
07:41:02.0686 1120 AudioEndpointBuilder - ok
07:41:02.0717 1120 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:41:02.0749 1120 Audiosrv - ok
07:41:02.0780 1120 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:41:02.0811 1120 AxInstSV - ok
07:41:02.0842 1120 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:41:02.0858 1120 b06bdrv - ok
07:41:02.0873 1120 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
07:41:02.0920 1120 BasicDisplay - ok
07:41:02.0936 1120 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
07:41:02.0951 1120 BasicRender - ok
07:41:02.0983 1120 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
07:41:03.0029 1120 BDESVC - ok
07:41:03.0045 1120 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
07:41:03.0092 1120 Beep - ok
07:41:03.0139 1120 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
07:41:03.0201 1120 BFE - ok
07:41:03.0232 1120 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
07:41:03.0310 1120 BITS - ok
07:41:03.0326 1120 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:41:03.0357 1120 bowser - ok
07:41:03.0388 1120 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
07:41:03.0435 1120 BrokerInfrastructure - ok
07:41:03.0451 1120 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
07:41:03.0482 1120 Browser - ok
07:41:03.0513 1120 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
07:41:03.0544 1120 BthAvrcpTg - ok
07:41:03.0560 1120 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
07:41:03.0638 1120 BthHFEnum - ok
07:41:03.0669 1120 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
07:41:03.0685 1120 bthhfhid - ok
07:41:03.0700 1120 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
07:41:03.0731 1120 BTHMODEM - ok
07:41:03.0763 1120 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
07:41:03.0778 1120 bthserv - ok
07:41:03.0794 1120 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:41:03.0825 1120 cdfs - ok
07:41:03.0841 1120 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
07:41:03.0887 1120 cdrom - ok
07:41:03.0903 1120 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
07:41:03.0934 1120 CertPropSvc - ok
07:41:03.0950 1120 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
07:41:03.0997 1120 circlass - ok
07:41:04.0043 1120 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
07:41:04.0075 1120 CLFS - ok
07:41:04.0106 1120 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
07:41:04.0199 1120 CmBatt - ok
07:41:04.0262 1120 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
07:41:04.0293 1120 CNG - ok
07:41:04.0309 1120 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
07:41:04.0340 1120 CompositeBus - ok
07:41:04.0340 1120 COMSysApp - ok
07:41:04.0402 1120 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
07:41:04.0465 1120 condrv - ok
07:41:04.0496 1120 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:41:04.0511 1120 CryptSvc - ok
07:41:04.0574 1120 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys
07:41:04.0636 1120 CSC - ok
07:41:04.0730 1120 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll
07:41:04.0792 1120 CscService - ok
07:41:04.0823 1120 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
07:41:04.0839 1120 dam - ok
07:41:04.0886 1120 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
07:41:04.0933 1120 DcomLaunch - ok
07:41:04.0979 1120 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:41:05.0026 1120 defragsvc - ok
07:41:05.0057 1120 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
07:41:05.0089 1120 DeviceAssociationService - ok
07:41:05.0135 1120 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
07:41:05.0151 1120 DeviceInstall - ok
07:41:05.0182 1120 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
07:41:05.0198 1120 Dfsc - ok
07:41:05.0229 1120 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:41:05.0291 1120 Dhcp - ok
07:41:05.0307 1120 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
07:41:05.0323 1120 discache - ok
07:41:05.0338 1120 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
07:41:05.0354 1120 disk - ok
07:41:05.0354 1120 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
07:41:05.0416 1120 dmvsc - ok
07:41:05.0432 1120 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:41:05.0463 1120 Dnscache - ok
07:41:05.0510 1120 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
07:41:05.0541 1120 dot3svc - ok
07:41:05.0557 1120 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
07:41:05.0572 1120 DPS - ok
07:41:05.0603 1120 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:41:05.0619 1120 drmkaud - ok
07:41:05.0681 1120 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
07:41:05.0759 1120 DrvAgent64 - ok
07:41:05.0775 1120 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
07:41:05.0822 1120 DsmSvc - ok
07:41:05.0869 1120 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:41:05.0915 1120 DXGKrnl - ok
07:41:05.0931 1120 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
07:41:05.0947 1120 Eaphost - ok
07:41:06.0025 1120 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:41:06.0103 1120 ebdrv - ok
07:41:06.0134 1120 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
07:41:06.0181 1120 EFS - ok
07:41:06.0243 1120 [ 4B84E647C934EDFF7F28C4B91A5C0864 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:41:06.0290 1120 ehRecvr - ok
07:41:06.0321 1120 [ 72781EC7A97E44B9651550D7A83D1B96 ] ehSched C:\Windows\ehome\ehsched.exe
07:41:06.0337 1120 ehSched - ok
07:41:06.0368 1120 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
07:41:06.0383 1120 EhStorClass - ok
07:41:06.0399 1120 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
07:41:06.0399 1120 EhStorTcgDrv - ok
07:41:06.0430 1120 [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv C:\Windows\system32\epmntdrv.sys
07:41:06.0446 1120 epmntdrv - ok
07:41:06.0461 1120 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
07:41:06.0477 1120 ErrDev - ok
07:41:06.0493 1120 [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
07:41:06.0493 1120 EuGdiDrv - ok
07:41:06.0524 1120 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
07:41:06.0571 1120 EventSystem - ok
07:41:06.0586 1120 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
07:41:06.0602 1120 exfat - ok
07:41:06.0664 1120 Fabs - ok
07:41:06.0680 1120 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:41:06.0695 1120 fastfat - ok
07:41:06.0727 1120 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
07:41:06.0789 1120 Fax - ok
07:41:06.0805 1120 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
07:41:06.0820 1120 fdc - ok
07:41:06.0836 1120 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
07:41:06.0867 1120 fdPHost - ok
07:41:06.0883 1120 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
07:41:06.0914 1120 FDResPub - ok
07:41:06.0929 1120 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
07:41:06.0992 1120 fhsvc - ok
07:41:06.0992 1120 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:41:07.0007 1120 FileInfo - ok
07:41:07.0023 1120 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:41:07.0039 1120 Filetrace - ok
07:41:07.0101 1120 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
07:41:07.0195 1120 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
07:41:07.0195 1120 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
07:41:07.0210 1120 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
07:41:07.0226 1120 flpydisk - ok
07:41:07.0241 1120 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:41:07.0257 1120 FltMgr - ok
07:41:07.0304 1120 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
07:41:07.0366 1120 FontCache - ok
07:41:07.0460 1120 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:41:07.0475 1120 FontCache3.0.0.0 - ok
07:41:07.0491 1120 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:41:07.0491 1120 FsDepends - ok
07:41:07.0507 1120 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:41:07.0507 1120 Fs_Rec - ok
07:41:07.0538 1120 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:41:07.0553 1120 fvevol - ok
07:41:07.0569 1120 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
07:41:07.0600 1120 FxPPM - ok
07:41:07.0616 1120 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:41:07.0631 1120 gagp30kx - ok
07:41:07.0647 1120 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
07:41:07.0663 1120 gencounter - ok
07:41:07.0678 1120 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
07:41:07.0694 1120 GPIOClx0101 - ok
07:41:07.0725 1120 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
07:41:07.0772 1120 gpsvc - ok
07:41:07.0819 1120 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:41:07.0834 1120 gupdate - ok
07:41:07.0834 1120 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:41:07.0834 1120 gupdatem - ok
07:41:07.0865 1120 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:41:07.0897 1120 HdAudAddService - ok
07:41:07.0928 1120 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
07:41:07.0959 1120 HDAudBus - ok
07:41:07.0959 1120 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
07:41:07.0990 1120 HidBatt - ok
07:41:08.0006 1120 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
07:41:08.0037 1120 HidBth - ok
07:41:08.0053 1120 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
07:41:08.0099 1120 hidi2c - ok
07:41:08.0115 1120 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
07:41:08.0131 1120 HidIr - ok
07:41:08.0162 1120 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
07:41:08.0177 1120 hidserv - ok
07:41:08.0193 1120 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
07:41:08.0209 1120 HidUsb - ok
07:41:08.0224 1120 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:41:08.0240 1120 hkmsvc - ok
07:41:08.0287 1120 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:41:08.0318 1120 HomeGroupListener - ok
07:41:08.0349 1120 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:41:08.0396 1120 HomeGroupProvider - ok
07:41:08.0411 1120 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:41:08.0411 1120 HpSAMD - ok
07:41:08.0443 1120 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:41:08.0505 1120 HTTP - ok
07:41:08.0521 1120 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:41:08.0521 1120 hwpolicy - ok
07:41:08.0536 1120 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
07:41:08.0552 1120 hyperkbd - ok
07:41:08.0567 1120 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
07:41:08.0583 1120 HyperVideo - ok
07:41:08.0599 1120 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
07:41:08.0599 1120 i8042prt - ok
07:41:08.0630 1120 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:41:08.0645 1120 iaStorV - ok
07:41:08.0645 1120 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:41:08.0661 1120 iirsp - ok
07:41:08.0708 1120 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
07:41:08.0723 1120 IKEEXT - ok
07:41:08.0723 1120 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
07:41:08.0739 1120 intelide - ok
07:41:08.0770 1120 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
07:41:08.0770 1120 intelppm - ok
07:41:08.0801 1120 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:41:08.0817 1120 IpFilterDriver - ok
07:41:08.0864 1120 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:41:08.0879 1120 iphlpsvc - ok
07:41:08.0895 1120 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
07:41:08.0926 1120 IPMIDRV - ok
07:41:08.0942 1120 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:41:08.0957 1120 IPNAT - ok
07:41:08.0957 1120 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:41:08.0989 1120 IRENUM - ok
07:41:09.0004 1120 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:41:09.0004 1120 isapnp - ok
07:41:09.0020 1120 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
07:41:09.0035 1120 iScsiPrt - ok
07:41:09.0051 1120 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
07:41:09.0051 1120 kbdclass - ok
07:41:09.0067 1120 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
07:41:09.0082 1120 kbdhid - ok
07:41:09.0098 1120 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
07:41:09.0129 1120 kdnic - ok
07:41:09.0145 1120 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
07:41:09.0160 1120 KeyIso - ok
07:41:09.0191 1120 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:41:09.0191 1120 KSecDD - ok
07:41:09.0223 1120 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:41:09.0238 1120 KSecPkg - ok
07:41:09.0254 1120 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:41:09.0269 1120 ksthunk - ok
07:41:09.0301 1120 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:41:09.0332 1120 KtmRm - ok
07:41:09.0363 1120 [ 028F31A7CC8231661A3C9C1F7EE7160D ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
07:41:09.0379 1120 L1E - ok
07:41:09.0410 1120 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
07:41:09.0441 1120 LanmanServer - ok
07:41:09.0472 1120 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:41:09.0488 1120 LanmanWorkstation - ok
07:41:09.0503 1120 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:41:09.0519 1120 lltdio - ok
07:41:09.0550 1120 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:41:09.0566 1120 lltdsvc - ok
07:41:09.0581 1120 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:41:09.0613 1120 lmhosts - ok
07:41:09.0628 1120 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:41:09.0628 1120 LSI_SAS - ok
07:41:09.0644 1120 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:41:09.0644 1120 LSI_SAS2 - ok
07:41:09.0659 1120 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:41:09.0659 1120 LSI_SCSI - ok
07:41:09.0675 1120 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
07:41:09.0675 1120 LSI_SSS - ok
07:41:09.0706 1120 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\Windows\System32\lsm.dll
07:41:09.0722 1120 LSM - ok
07:41:09.0737 1120 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
07:41:09.0769 1120 luafv - ok
07:41:09.0800 1120 [ 4448CCEA974F0B15A00EA33FCEDFC062 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:41:09.0815 1120 Mcx2Svc - ok
07:41:09.0831 1120 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
07:41:09.0831 1120 megasas - ok
07:41:09.0862 1120 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:41:09.0878 1120 MegaSR - ok
07:41:09.0893 1120 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
07:41:09.0925 1120 MMCSS - ok
07:41:09.0971 1120 [ 5289F0F94D6FE072D3DC72EA17DF57E9 ] mod7700 C:\Windows\System32\Drivers\dvb7700all.sys
07:41:10.0034 1120 mod7700 - ok
07:41:10.0034 1120 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
07:41:10.0065 1120 Modem - ok
07:41:10.0065 1120 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:41:10.0081 1120 monitor - ok
07:41:10.0081 1120 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
07:41:10.0096 1120 mouclass - ok
07:41:10.0112 1120 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
07:41:10.0143 1120 mouhid - ok
07:41:10.0159 1120 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:41:10.0174 1120 mountmgr - ok
07:41:10.0205 1120 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:41:10.0221 1120 MozillaMaintenance - ok
07:41:10.0252 1120 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:41:10.0283 1120 mpsdrv - ok
07:41:10.0315 1120 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:41:10.0346 1120 MpsSvc - ok
07:41:10.0361 1120 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:41:10.0393 1120 MRxDAV - ok
07:41:10.0408 1120 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:41:10.0455 1120 mrxsmb - ok
07:41:10.0471 1120 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:41:10.0486 1120 mrxsmb10 - ok
07:41:10.0502 1120 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:41:10.0517 1120 mrxsmb20 - ok
07:41:10.0533 1120 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
07:41:10.0549 1120 MsBridge - ok
07:41:10.0580 1120 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
07:41:10.0595 1120 MSDTC - ok
07:41:10.0611 1120 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:41:10.0642 1120 Msfs - ok
07:41:10.0658 1120 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
07:41:10.0658 1120 msgpiowin32 - ok
07:41:10.0673 1120 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:41:10.0705 1120 mshidkmdf - ok
07:41:10.0720 1120 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
07:41:10.0720 1120 mshidumdf - ok
07:41:10.0736 1120 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:41:10.0736 1120 msisadrv - ok
07:41:10.0783 1120 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:41:10.0798 1120 MSiSCSI - ok
07:41:10.0798 1120 msiserver - ok
07:41:10.0829 1120 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:41:10.0829 1120 MSKSSRV - ok
07:41:10.0845 1120 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
07:41:10.0876 1120 MsLldp - ok
07:41:10.0876 1120 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:41:10.0892 1120 MSPCLOCK - ok
07:41:10.0907 1120 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:41:10.0907 1120 MSPQM - ok
07:41:10.0923 1120 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:41:10.0939 1120 MsRPC - ok
07:41:10.0954 1120 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
07:41:10.0970 1120 mssmbios - ok
07:41:10.0970 1120 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:41:11.0001 1120 MSTEE - ok
07:41:11.0001 1120 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
07:41:11.0017 1120 MTConfig - ok
07:41:11.0032 1120 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
07:41:11.0063 1120 MTsensor - ok
07:41:11.0079 1120 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
07:41:11.0095 1120 Mup - ok
07:41:11.0110 1120 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
07:41:11.0126 1120 mvumis - ok
07:41:11.0141 1120 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
07:41:11.0173 1120 napagent - ok
07:41:11.0188 1120 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:41:11.0204 1120 NativeWifiP - ok
07:41:11.0235 1120 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
07:41:11.0251 1120 NBVol - ok
07:41:11.0251 1120 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
07:41:11.0266 1120 NBVolUp - ok
07:41:11.0297 1120 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
07:41:11.0313 1120 NcaSvc - ok
07:41:11.0344 1120 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
07:41:11.0375 1120 NcdAutoSetup - ok
07:41:11.0407 1120 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:41:11.0438 1120 NDIS - ok
07:41:11.0453 1120 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:41:11.0469 1120 NdisCap - ok
07:41:11.0485 1120 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
07:41:11.0516 1120 NdisImPlatform - ok
07:41:11.0531 1120 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:41:11.0547 1120 NdisTapi - ok
07:41:11.0563 1120 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:41:11.0594 1120 Ndisuio - ok
07:41:11.0609 1120 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:41:11.0609 1120 NdisWan - ok
07:41:11.0625 1120 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
07:41:11.0625 1120 NDISWANLEGACY - ok
07:41:11.0641 1120 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:41:11.0656 1120 NDProxy - ok
07:41:11.0656 1120 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
07:41:11.0672 1120 Ndu - ok
07:41:11.0703 1120 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:41:11.0719 1120 NetBIOS - ok
07:41:11.0734 1120 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:41:11.0765 1120 NetBT - ok
07:41:11.0797 1120 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
07:41:11.0797 1120 Netlogon - ok
07:41:11.0828 1120 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
07:41:11.0859 1120 Netman - ok
07:41:11.0890 1120 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\Windows\System32\netprofmsvc.dll
07:41:11.0921 1120 netprofm - ok
07:41:11.0953 1120 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:41:11.0984 1120 NetTcpPortSharing - ok
07:41:11.0999 1120 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:41:12.0015 1120 nfrd960 - ok
07:41:12.0046 1120 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:41:12.0093 1120 NlaSvc - ok
07:41:12.0109 1120 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:41:12.0124 1120 Npfs - ok
07:41:12.0140 1120 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
07:41:12.0140 1120 npsvctrig - ok
07:41:12.0171 1120 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
07:41:12.0187 1120 nsi - ok
07:41:12.0202 1120 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:41:12.0202 1120 nsiproxy - ok
07:41:12.0265 1120 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:41:12.0311 1120 Ntfs - ok
07:41:12.0327 1120 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
07:41:12.0343 1120 Null - ok
07:41:12.0623 1120 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:41:13.0013 1120 nvlddmkm - ok
07:41:13.0029 1120 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:41:13.0045 1120 nvraid - ok
07:41:13.0076 1120 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:41:13.0076 1120 nvstor - ok
07:41:13.0123 1120 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
07:41:13.0138 1120 nvsvc - ok
07:41:13.0201 1120 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:41:13.0232 1120 nvUpdatusService - ok
07:41:13.0232 1120 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:41:13.0232 1120 nv_agp - ok
07:41:13.0263 1120 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:41:13.0310 1120 p2pimsvc - ok
07:41:13.0341 1120 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
07:41:13.0357 1120 p2psvc - ok
07:41:13.0372 1120 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
07:41:13.0388 1120 Parport - ok
07:41:13.0403 1120 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:41:13.0419 1120 partmgr - ok
07:41:13.0435 1120 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:41:13.0481 1120 PcaSvc - ok
07:41:13.0497 1120 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
07:41:13.0513 1120 pci - ok
07:41:13.0528 1120 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
07:41:13.0528 1120 pciide - ok
07:41:13.0544 1120 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:41:13.0560 1120 pcmcia - ok
07:41:13.0575 1120 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
07:41:13.0591 1120 pcw - ok
07:41:13.0606 1120 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
07:41:13.0606 1120 pdc - ok
07:41:13.0638 1120 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:41:13.0653 1120 PEAUTH - ok
07:41:13.0700 1120 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:41:13.0762 1120 PeerDistSvc - ok
07:41:13.0840 1120 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:41:13.0856 1120 PerfHost - ok
07:41:13.0887 1120 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
07:41:13.0934 1120 pla - ok
07:41:13.0965 1120 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:41:13.0965 1120 PlugPlay - ok
07:41:13.0996 1120 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:41:14.0012 1120 PNRPAutoReg - ok
07:41:14.0028 1120 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:41:14.0043 1120 PNRPsvc - ok
07:41:14.0074 1120 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:41:14.0090 1120 PolicyAgent - ok
07:41:14.0121 1120 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
07:41:14.0168 1120 Power - ok
07:41:14.0199 1120 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:41:14.0199 1120 PptpMiniport - ok
07:41:14.0402 1120 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
07:41:14.0480 1120 PrintNotify - ok
07:41:14.0511 1120 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
07:41:14.0542 1120 Processor - ok
07:41:14.0558 1120 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
07:41:14.0589 1120 ProfSvc - ok
07:41:14.0605 1120 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:41:14.0620 1120 Psched - ok
07:41:14.0652 1120 [ 3DF18A193C758BE8E610B01331C237FB ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
07:41:14.0652 1120 pwdrvio - ok
07:41:14.0683 1120 [ 1EBD98FB3B567C552C9C85AB73729AEC ] pwdspio C:\WINDOWS\system32\pwdspio.sys
07:41:14.0683 1120 pwdspio - ok
07:41:14.0714 1120 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
07:41:14.0745 1120 QWAVE - ok
07:41:14.0761 1120 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:41:14.0761 1120 QWAVEdrv - ok
07:41:14.0761 1120 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:41:14.0792 1120 RasAcd - ok
07:41:14.0808 1120 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:41:14.0823 1120 RasAgileVpn - ok
07:41:14.0839 1120 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
07:41:14.0854 1120 RasAuto - ok
07:41:14.0870 1120 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:41:14.0886 1120 Rasl2tp - ok
07:41:14.0901 1120 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
07:41:14.0932 1120 RasMan - ok
07:41:14.0948 1120 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:41:14.0979 1120 RasPppoe - ok
07:41:14.0995 1120 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:41:15.0026 1120 RasSstp - ok
07:41:15.0042 1120 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:41:15.0057 1120 rdbss - ok
07:41:15.0057 1120 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
07:41:15.0073 1120 rdpbus - ok
07:41:15.0104 1120 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:41:15.0135 1120 RDPDR - ok
07:41:15.0166 1120 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:41:15.0166 1120 RdpVideoMiniport - ok
07:41:15.0182 1120 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:41:15.0198 1120 RDPWD - ok
07:41:15.0213 1120 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:41:15.0229 1120 rdyboost - ok
07:41:15.0244 1120 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:41:15.0276 1120 RemoteAccess - ok
07:41:15.0291 1120 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:41:15.0322 1120 RemoteRegistry - ok
07:41:15.0354 1120 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:41:15.0369 1120 RpcEptMapper - ok
07:41:15.0400 1120 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
07:41:15.0416 1120 RpcLocator - ok
07:41:15.0447 1120 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
07:41:15.0463 1120 RpcSs - ok
07:41:15.0478 1120 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:41:15.0494 1120 rspndr - ok
07:41:15.0510 1120 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
07:41:15.0525 1120 s3cap - ok
07:41:15.0541 1120 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
07:41:15.0541 1120 SamSs - ok
07:41:15.0541 1120 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:41:15.0556 1120 sbp2port - ok
07:41:15.0572 1120 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:41:15.0603 1120 SCardSvr - ok
07:41:15.0603 1120 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:41:15.0619 1120 scfilter - ok
07:41:15.0666 1120 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
07:41:15.0697 1120 Schedule - ok
07:41:15.0728 1120 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:41:15.0728 1120 SCPolicySvc - ok
07:41:15.0759 1120 [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus C:\Windows\System32\drivers\sdbus.sys
07:41:15.0775 1120 sdbus - ok
07:41:15.0790 1120 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:41:15.0837 1120 SDRSVC - ok
07:41:15.0837 1120 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
07:41:15.0853 1120 sdstor - ok
07:41:15.0868 1120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:41:15.0868 1120 secdrv - ok
07:41:15.0884 1120 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
07:41:15.0915 1120 seclogon - ok
07:41:15.0931 1120 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
07:41:15.0946 1120 SENS - ok
07:41:15.0946 1120 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:41:15.0993 1120 SensrSvc - ok
07:41:16.0009 1120 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
07:41:16.0024 1120 SerCx - ok
07:41:16.0040 1120 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
07:41:16.0071 1120 Serenum - ok
07:41:16.0087 1120 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
07:41:16.0102 1120 Serial - ok
07:41:16.0118 1120 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
07:41:16.0118 1120 sermouse - ok
07:41:16.0149 1120 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
07:41:16.0165 1120 SessionEnv - ok
07:41:16.0180 1120 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
07:41:16.0196 1120 sfloppy - ok
07:41:16.0227 1120 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:41:16.0258 1120 SharedAccess - ok
07:41:16.0274 1120 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:41:16.0352 1120 ShellHWDetection - ok
07:41:16.0352 1120 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:41:16.0352 1120 SiSRaid2 - ok
07:41:16.0368 1120 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:41:16.0383 1120 SiSRaid4 - ok
07:41:16.0399 1120 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:41:16.0414 1120 SNMPTRAP - ok
07:41:16.0446 1120 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
07:41:16.0461 1120 spaceport - ok
07:41:16.0461 1120 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
07:41:16.0461 1120 SpbCx - ok
07:41:16.0492 1120 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
07:41:16.0539 1120 Spooler - ok
07:41:16.0633 1120 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
07:41:16.0726 1120 sppsvc - ok
07:41:16.0742 1120 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:41:16.0758 1120 srv - ok
07:41:16.0789 1120 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:41:16.0836 1120 srv2 - ok
07:41:16.0851 1120 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:41:16.0851 1120 srvnet - ok
07:41:16.0882 1120 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:41:16.0914 1120 SSDPSRV - ok
07:41:16.0929 1120 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:41:16.0960 1120 SstpSvc - ok
07:41:16.0976 1120 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:41:16.0992 1120 stexstor - ok
07:41:17.0007 1120 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
07:41:17.0070 1120 stisvc - ok
07:41:17.0085 1120 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
07:41:17.0101 1120 storahci - ok
07:41:17.0116 1120 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
07:41:17.0116 1120 storflt - ok
07:41:17.0132 1120 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
07:41:17.0148 1120 StorSvc - ok
07:41:17.0163 1120 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
07:41:17.0163 1120 storvsc - ok
07:41:17.0163 1120 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys
07:41:17.0210 1120 storvsp - ok
07:41:17.0226 1120 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
07:41:17.0226 1120 svsvc - ok
07:41:17.0241 1120 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
07:41:17.0257 1120 swenum - ok
07:41:17.0272 1120 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
07:41:17.0288 1120 swprv - ok
07:41:17.0319 1120 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
07:41:17.0366 1120 SysMain - ok
07:41:17.0397 1120 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
07:41:17.0444 1120 SystemEventsBroker - ok
07:41:17.0460 1120 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
07:41:17.0475 1120 TabletInputService - ok
07:41:17.0491 1120 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
07:41:17.0522 1120 TapiSrv - ok
07:41:17.0569 1120 [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:41:17.0631 1120 Tcpip - ok
07:41:17.0647 1120 [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:41:17.0694 1120 TCPIP6 - ok
07:41:17.0709 1120 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:41:17.0725 1120 tcpipreg - ok
07:41:17.0740 1120 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:41:17.0772 1120 tdx - ok
07:41:17.0787 1120 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
07:41:17.0803 1120 terminpt - ok
07:41:17.0818 1120 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
07:41:17.0850 1120 TermService - ok
07:41:17.0865 1120 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
07:41:17.0896 1120 Themes - ok
07:41:17.0912 1120 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
07:41:17.0928 1120 THREADORDER - ok
07:41:17.0943 1120 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
07:41:17.0974 1120 TimeBroker - ok
07:41:17.0990 1120 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
07:41:18.0006 1120 TPM - ok
07:41:18.0021 1120 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
07:41:18.0037 1120 TrkWks - ok
07:41:18.0068 1120 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:41:18.0099 1120 TrustedInstaller - ok
07:41:18.0115 1120 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:41:18.0162 1120 TsUsbFlt - ok
07:41:18.0162 1120 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
07:41:18.0177 1120 TsUsbGD - ok
07:41:18.0193 1120 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:41:18.0224 1120 tunnel - ok
07:41:18.0224 1120 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:41:18.0240 1120 uagp35 - ok
07:41:18.0240 1120 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
07:41:18.0255 1120 UASPStor - ok
07:41:18.0286 1120 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
07:41:18.0302 1120 UCX01000 - ok
07:41:18.0318 1120 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:41:18.0333 1120 udfs - ok
07:41:18.0364 1120 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:41:18.0364 1120 UI0Detect - ok
07:41:18.0380 1120 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:41:18.0380 1120 uliagpkx - ok
07:41:18.0396 1120 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
07:41:18.0411 1120 umbus - ok
07:41:18.0427 1120 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
07:41:18.0442 1120 UmPass - ok
07:41:18.0458 1120 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
07:41:18.0474 1120 UmRdpService - ok
07:41:18.0505 1120 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
07:41:18.0520 1120 upnphost - ok
07:41:18.0536 1120 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
07:41:18.0552 1120 usbccgp - ok
07:41:18.0567 1120 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
07:41:18.0583 1120 usbcir - ok
07:41:18.0598 1120 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
07:41:18.0598 1120 usbehci - ok
07:41:18.0630 1120 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
07:41:18.0645 1120 usbhub - ok
07:41:18.0676 1120 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
07:41:18.0692 1120 USBHUB3 - ok
07:41:18.0708 1120 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
07:41:18.0754 1120 usbohci - ok
07:41:18.0770 1120 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
07:41:18.0801 1120 usbprint - ok
07:41:18.0817 1120 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
07:41:18.0832 1120 USBSTOR - ok
07:41:18.0832 1120 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
07:41:18.0848 1120 usbuhci - ok
07:41:18.0879 1120 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
07:41:18.0895 1120 USBXHCI - ok
07:41:18.0910 1120 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
07:41:18.0910 1120 VaultSvc - ok
07:41:18.0926 1120 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:41:18.0942 1120 vdrvroot - ok
07:41:18.0973 1120 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
07:41:19.0020 1120 vds - ok
07:41:19.0035 1120 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
07:41:19.0051 1120 VerifierExt - ok
07:41:19.0066 1120 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
07:41:19.0082 1120 vhdmp - ok
07:41:19.0098 1120 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
07:41:19.0113 1120 viaide - ok
07:41:19.0129 1120 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys
07:41:19.0129 1120 Vid - ok
07:41:19.0144 1120 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
07:41:19.0160 1120 vmbus - ok
07:41:19.0160 1120 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
07:41:19.0176 1120 VMBusHID - ok
07:41:19.0191 1120 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
07:41:19.0207 1120 vmbusr - ok
07:41:19.0238 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
07:41:19.0254 1120 vmicheartbeat - ok
07:41:19.0254 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
07:41:19.0269 1120 vmickvpexchange - ok
07:41:19.0269 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
07:41:19.0285 1120 vmicrdv - ok
07:41:19.0285 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
07:41:19.0300 1120 vmicshutdown - ok
07:41:19.0300 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
07:41:19.0316 1120 vmictimesync - ok
07:41:19.0316 1120 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
07:41:19.0332 1120 vmicvss - ok
07:41:19.0347 1120 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:41:19.0363 1120 volmgr - ok
07:41:19.0378 1120 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:41:19.0394 1120 volmgrx - ok
07:41:19.0410 1120 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:41:19.0425 1120 volsnap - ok
07:41:19.0425 1120 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
07:41:19.0441 1120 vpci - ok
07:41:19.0441 1120 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
07:41:19.0441 1120 vpcivsp - ok
07:41:19.0472 1120 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:41:19.0472 1120 vsmraid - ok
07:41:19.0519 1120 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
07:41:19.0550 1120 VSS - ok
07:41:19.0581 1120 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
07:41:19.0597 1120 VSTXRAID - ok
07:41:19.0612 1120 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:41:19.0628 1120 vwifibus - ok
07:41:19.0644 1120 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:41:19.0644 1120 vwififlt - ok
07:41:19.0675 1120 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
07:41:19.0706 1120 W32Time - ok
07:41:19.0722 1120 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
07:41:19.0722 1120 WacomPen - ok
07:41:19.0753 1120 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
07:41:19.0753 1120 Wanarp - ok
07:41:19.0753 1120 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:41:19.0768 1120 Wanarpv6 - ok
07:41:19.0800 1120 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
07:41:19.0862 1120 wbengine - ok
07:41:19.0878 1120 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:41:19.0893 1120 WbioSrvc - ok
07:41:19.0924 1120 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
07:41:19.0940 1120 Wcmsvc - ok
07:41:19.0971 1120 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:41:20.0002 1120 wcncsvc - ok
07:41:20.0018 1120 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:41:20.0065 1120 WcsPlugInService - ok
07:41:20.0080 1120 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
07:41:20.0080 1120 Wd - ok
07:41:20.0096 1120 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
07:41:20.0112 1120 WdBoot - ok
07:41:20.0143 1120 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:41:20.0174 1120 Wdf01000 - ok
07:41:20.0190 1120 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
07:41:20.0205 1120 WdFilter - ok
07:41:20.0221 1120 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:41:20.0236 1120 WdiServiceHost - ok
07:41:20.0236 1120 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:41:20.0252 1120 WdiSystemHost - ok
07:41:20.0268 1120 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
07:41:20.0299 1120 WebClient - ok
07:41:20.0314 1120 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:41:20.0330 1120 Wecsvc - ok
07:41:20.0346 1120 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:41:20.0408 1120 wercplsupport - ok
07:41:20.0408 1120 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
07:41:20.0439 1120 WerSvc - ok
07:41:20.0470 1120 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
07:41:20.0470 1120 WFPLWFS - ok
07:41:20.0486 1120 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
07:41:20.0517 1120 WiaRpc - ok
07:41:20.0533 1120 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:41:20.0533 1120 WIMMount - ok
07:41:20.0580 1120 WinDefend - ok
07:41:20.0611 1120 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
07:41:20.0642 1120 WinHttpAutoProxySvc - ok
07:41:20.0689 1120 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:41:20.0704 1120 Winmgmt - ok
07:41:20.0767 1120 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
07:41:20.0829 1120 WinRM - ok
07:41:20.0845 1120 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:41:20.0860 1120 WinUsb - ok
07:41:20.0907 1120 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
07:41:20.0954 1120 WlanSvc - ok
07:41:21.0001 1120 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
07:41:21.0048 1120 wlidsvc - ok
07:41:21.0063 1120 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
07:41:21.0094 1120 WmiAcpi - ok
07:41:21.0110 1120 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:41:21.0126 1120 wmiApSrv - ok
07:41:21.0141 1120 WMPNetworkSvc - ok
07:41:21.0157 1120 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
07:41:21.0188 1120 wpcfltr - ok
07:41:21.0204 1120 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:41:21.0219 1120 WPCSvc - ok
07:41:21.0235 1120 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:41:21.0282 1120 WPDBusEnum - ok
07:41:21.0297 1120 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
07:41:21.0313 1120 WpdUpFltr - ok
07:41:21.0328 1120 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:41:21.0344 1120 ws2ifsl - ok
07:41:21.0360 1120 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
07:41:21.0375 1120 wscsvc - ok
07:41:21.0391 1120 WSearch - ok
07:41:21.0453 1120 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
07:41:21.0516 1120 WSService - ok
07:41:21.0609 1120 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
07:41:21.0703 1120 wuauserv - ok
07:41:21.0734 1120 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:41:21.0750 1120 WudfPf - ok
07:41:21.0765 1120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
07:41:21.0781 1120 WUDFRd - ok
07:41:21.0781 1120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
07:41:21.0796 1120 WUDFSensorLP - ok
07:41:21.0812 1120 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:41:21.0828 1120 wudfsvc - ok
07:41:21.0828 1120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
07:41:21.0843 1120 WUDFWpdFs - ok
07:41:21.0843 1120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
07:41:21.0859 1120 WUDFWpdMtp - ok
07:41:21.0890 1120 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:41:21.0921 1120 WwanSvc - ok
07:41:21.0937 1120 ================ Scan global ===============================
07:41:21.0968 1120 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
07:41:21.0999 1120 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
07:41:22.0015 1120 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
07:41:22.0046 1120 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
07:41:22.0046 1120 [Global] - ok
07:41:22.0046 1120 ================ Scan MBR ==================================
07:41:22.0062 1120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:41:22.0311 1120 \Device\Harddisk0\DR0 - ok
07:41:22.0311 1120 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
07:41:22.0483 1120 \Device\Harddisk1\DR1 - ok
07:41:22.0483 1120 ================ Scan VBR ==================================
07:41:22.0545 1120 [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition1
07:41:22.0545 1120 \Device\Harddisk0\DR0\Partition1 - ok
07:41:22.0561 1120 [ 4062CFEFD9CF57B79F1B76F72A846615 ] \Device\Harddisk0\DR0\Partition2
07:41:22.0576 1120 \Device\Harddisk0\DR0\Partition2 - ok
07:41:22.0576 1120 [ 691E502FC7CEB1BEA6E73FDCF0D884B4 ] \Device\Harddisk1\DR1\Partition1
07:41:22.0576 1120 \Device\Harddisk1\DR1\Partition1 - ok
07:41:22.0576 1120 ============================================================
07:41:22.0576 1120 Scan finished
07:41:22.0576 1120 ============================================================
07:41:22.0592 1320 Detected object count: 1
07:41:22.0592 1320 Actual detected object count: 1
07:41:54.0229 1320 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe - copied to quarantine
07:41:54.0229 1320 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby Gary R » February 4th, 2013, 7:24 pm

As Requested and I must stress that even though it says that the app was not run in the safe mode environment it surely was.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by Peter at 05-02-2013 07:23:24
Running from G:\
(X64) OS Language: English(UK)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


Safe Mode is not where I asked you to run the tool, it is Recovery Environment, which is an entirely different thing.

Did you mean Recovery Environment, or did you actually try to run it from Safe Mode ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 7:42 pm

Sorry for the misunderstanding I ran it from safe mode which I guess I used to consider the windows recovery console.. Will run it again in the recovery area as you said.
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 4th, 2013, 7:56 pm

I am not getting the ability to run it as you have asked I followed your instructions to the letter but I am not getting the same screens as in your posts above. I will try switching the power on and of a few times to see if I can get it to go to the win 8 recovery mode failing that I guess I will have to do another full disk wipe :) number 10 for the month :)
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby Gary R » February 4th, 2013, 8:16 pm

Since you're using a Windows 8 install on a W7 machine, it's possible that you may still need to get into RE in the same way as a W7 user would ....

Please try the following instructions instead of the ones I posted earlier ...

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 5th, 2013, 2:18 am

I did the upgrade from windows vista to 8pr0 and it worked using the shift key as in your first set of instructions.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by SYSTEM at 05-02-2013 16:33:12
Running from D:\
Windows 8 Pro (X64) OS Language: English(UK)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================


==================== Services (Whitelisted) ===================

3 AllUserInstallAgent; C:\Windows\System32\AUInstallAgent.dll [122368 2012-07-26] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [169472 2012-07-26] (Microsoft Corporation)
2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [174080 2012-07-26] (Microsoft Corporation)
3 DeviceAssociationService; C:\Windows\System32\das.dll [342016 2012-07-26] (Microsoft Corporation)
3 DeviceInstall; C:\Windows\System32\umpnpmgr.dll [107008 2012-07-26] (Microsoft Corporation)
3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [207872 2012-07-26] (Microsoft Corporation)
3 EFS; C:\Windows\System32\efssvc.dll [37376 2012-07-26] (Microsoft Corporation)
3 fhsvc; C:\Windows\System32\fhsvc.dll [116736 2012-07-26] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\keyiso.dll [59904 2012-07-26] (Microsoft Corporation)
3 KeyIso; C:\Windows\SysWow64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
2 LSM; C:\Windows\System32\lsm.dll [438272 2012-07-26] (Microsoft Corporation)
3 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-26] (Microsoft Corporation)
3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-26] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\netlogon.dll [743936 2012-07-26] (Microsoft Corporation)
3 Netlogon; C:\Windows\SysWow64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofmsvc.dll [463872 2012-07-26] (Microsoft Corporation)
3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675200 2012-07-26] (Microsoft Corporation)
3 StorSvc; C:\Windows\SysWow64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
3 svsvc; C:\Windows\System32\svsvc.dll [12800 2012-07-26] (Microsoft Corporation)
3 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [178176 2012-07-26] (Microsoft Corporation)
3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [169984 2012-07-26] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-26] (Microsoft Corporation)
3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [263680 2012-07-26] (Microsoft Corporation)
3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-26] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\SysWow64\winhttp.dll [521728 2012-07-26] (Microsoft Corporation)
3 wlidsvc; C:\Windows\System32\wlidsvc.dll [1968128 2012-07-26] (Microsoft Corporation)
3 WSService; C:\Windows\System32\WSService.dll [2366984 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

0 3ware; C:\Windows\System32\Drivers\3ware.sys [106736 2012-07-26] (LSI)
0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-26] (Microsoft Corporation)
3 acpipagr; C:\Windows\System32\Drivers\acpipagr.sys [10240 2012-07-26] (Microsoft Corporation)
3 acpitime; C:\Windows\System32\Drivers\acpitime.sys [10752 2012-07-26] (Microsoft Corporation)
0 arc; C:\Windows\System32\Drivers\arc.sys [104688 2012-07-26] (PMC-Sierra, Inc.)
0 arcsas; C:\Windows\System32\Drivers\arcsas.sys [108272 2012-07-26] (PMC-Sierra, Inc.)
3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-21] (Qualcomm Atheros Communications, Inc.)
1 BasicDisplay; C:\Windows\System32\Drivers\BasicDisplay.sys [48640 2012-07-26] (Microsoft Corporation)
1 BasicRender; C:\Windows\System32\Drivers\BasicRender.sys [29696 2012-07-26] (Microsoft Corporation)
3 BthAvrcpTg; C:\Windows\System32\Drivers\BthAvrcpTg.sys [31104 2012-07-26] (Microsoft Corporation)
3 BthHFEnum; C:\Windows\System32\Drivers\BthHFEnum.sys [51200 2012-07-26] (Microsoft Corporation)
3 bthhfhid; C:\Windows\System32\Drivers\bthhfhid.sys [29952 2012-07-26] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\Drivers\CLFS.sys [361200 2012-07-26] (Microsoft Corporation)
3 condrv; C:\Windows\System32\Drivers\condrv.sys [33792 2012-07-26] (Microsoft Corporation)
1 dam; C:\Windows\System32\Drivers\dam.sys [55024 2012-07-26] (Microsoft Corporation)
0 EhStorClass; C:\Windows\System32\Drivers\EhStorClass.sys [81136 2012-07-26] (Microsoft Corporation)
0 EhStorTcgDrv; C:\Windows\System32\Drivers\EhStorTcgDrv.sys [113904 2012-07-26] (Microsoft Corporation)
3 FxPPM; C:\Windows\System32\Drivers\FxPPM.sys [22528 2012-07-26] (Microsoft Corporation)
3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-26] (Microsoft Corporation)
3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [120048 2012-07-26] (Microsoft Corporation)
3 hidi2c; C:\Windows\System32\Drivers\hidi2c.sys [38400 2012-07-26] (Microsoft Corporation)
3 hyperkbd; C:\Windows\System32\Drivers\hyperkbd.sys [11776 2012-07-26] (Microsoft Corporation)
3 HyperVideo; C:\Windows\System32\Drivers\HyperVideo.sys [24576 2012-07-26] (Microsoft Corporation)
3 kdnic; C:\Windows\System32\Drivers\kdnic.sys [18432 2012-07-26] (Microsoft Corporation)
0 LSI_SSS; C:\Windows\System32\Drivers\LSI_SSS.sys [81136 2012-07-26] (LSI Corporation)
3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-26] (Microsoft Corporation)
3 msgpiowin32; C:\Windows\System32\Drivers\msgpiowin32.sys [28400 2012-07-26] (Microsoft Corporation)
3 mshidumdf; C:\Windows\System32\Drivers\mshidumdf.sys [10752 2012-07-26] (Microsoft Corporation)
3 MsLldp; C:\Windows\System32\Drivers\MsLldp.sys [68608 2012-07-26] (Microsoft Corporation)
0 mvumis; C:\Windows\System32\Drivers\mvumis.sys [64240 2012-07-26] (Marvell Semiconductor, Inc.)
3 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] (Microsoft Corporation)
2 Ndu; C:\Windows\System32\Drivers\Ndu.sys [97792 2012-07-26] (Microsoft Corporation)
1 npsvctrig; C:\Windows\System32\Drivers\npsvctrig.sys [23552 2012-07-26] (Microsoft Corporation)
0 pdc; C:\Windows\System32\Drivers\pdc.sys [68848 2012-07-26] (Microsoft Corporation)
3 sdstor; C:\Windows\System32\Drivers\sdstor.sys [56560 2012-07-26] (Microsoft Corporation)
3 SerCx; C:\Windows\System32\Drivers\SerCx.sys [62976 2012-07-26] (Microsoft Corporation)
0 spaceport; C:\Windows\System32\Drivers\spaceport.sys [283888 2012-07-26] (Microsoft Corporation)
3 SpbCx; C:\Windows\System32\Drivers\SpbCx.sys [59392 2012-07-26] (Microsoft Corporation)
0 storahci; C:\Windows\System32\Drivers\storahci.sys [77552 2012-07-26] (Microsoft Corporation)
3 storvsp; C:\Windows\System32\Drivers\storvsp.sys [67584 2012-07-26] (Microsoft Corporation)
3 UASPStor; C:\Windows\System32\Drivers\UASPStor.sys [97008 2012-07-26] (Microsoft Corporation)
3 UCX01000; C:\Windows\System32\Drivers\UCX01000.sys [212208 2012-07-26] (Microsoft Corporation)
3 USBHUB3; C:\Windows\System32\Drivers\USBHUB3.sys [445168 2012-07-26] (Microsoft Corporation)
3 USBXHCI; C:\Windows\System32\Drivers\USBXHCI.sys [337136 2012-07-26] (Microsoft Corporation)
3 VerifierExt; C:\Windows\System32\Drivers\VerifierExt.sys [106224 2012-07-26] (Microsoft Corporation)
3 Vid; C:\Windows\System32\Drivers\Vid.sys [203776 2012-07-26] (Microsoft Corporation)
3 vmbusr; C:\Windows\System32\Drivers\vmbusr.sys [117248 2012-07-26] (Microsoft Corporation)
3 vpci; C:\Windows\System32\Drivers\vpci.sys [67824 2012-07-26] (Microsoft Corporation)
3 vpcivsp; C:\Windows\System32\Drivers\vpcivsp.sys [66048 2012-07-26] (Microsoft Corporation)
0 VSTXRAID; C:\Windows\System32\Drivers\VSTXRAID.sys [322800 2012-07-26] (VIA Corporation)
0 WdBoot; C:\Windows\System32\Drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
0 WdFilter; C:\Windows\System32\Drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
0 WFPLWFS; C:\Windows\System32\Drivers\WFPLWFS.sys [96496 2012-07-26] (Microsoft Corporation)
3 wpcfltr; C:\Windows\System32\Drivers\wpcfltr.sys [45056 2012-07-26] (Microsoft Corporation)
3 WpdUpFltr; C:\Windows\System32\Drivers\WpdUpFltr.sys [19968 2012-07-26] (Microsoft Corporation)
3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-05 23:14 - 2013-02-05 05:43 - 00008192 _RASH C:\BOOTSECT.BAK
2013-02-05 23:14 - 2012-07-26 06:12 - 00398156 _RASH C:\bootmgr
2013-02-05 16:33 - 2013-02-05 16:33 - 00000000 ____D C:\FRST
2013-02-05 16:28 - 2013-02-05 16:28 - 00000000 ____A C:\Recovery.txt
2013-02-05 16:26 - 2013-02-05 16:26 - 00000264 ____A C:\Windows\System32\netcfg-443963.txt
2013-02-05 16:25 - 2013-02-05 16:25 - 00001203 ____A C:\Windows\System32\netcfg-442372.txt
2013-02-05 16:25 - 2012-11-21 17:41 - 03744256 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athuw8x.sys
2013-02-05 16:23 - 2013-02-05 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Roaming\Adobe
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Local\VirtualStore
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Local\Packages
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\All Users\PRICache
2013-02-05 16:21 - 2013-02-05 16:22 - 00000000 ____D C:\users\cedunapete
2013-02-05 16:21 - 2013-02-05 16:21 - 00000020 __ASH C:\Users\cedunapete\ntuser.ini
2013-02-05 16:21 - 2013-02-05 16:21 - 00000000 ____D C:\Windows\CSC
2013-02-05 16:20 - 2013-02-05 16:28 - 00000000 __SHD C:\Recovery
2013-02-05 16:19 - 2013-02-05 16:26 - 00007622 ____A C:\Windows\WindowsUpdate.log
2013-02-05 16:16 - 2013-02-05 16:16 - 00001135 ____A C:\Windows\System32\netcfg-73741.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000424 ____A C:\Windows\PFRO.log
2013-02-05 16:16 - 2013-02-05 16:16 - 00000185 ____A C:\Windows\System32\netcfg-71900.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000164 ____A C:\Windows\System32\netcfg-65972.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000161 ____A C:\Windows\System32\netcfg-71604.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-71417.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-70574.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-64896.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000159 ____A C:\Windows\System32\netcfg-70871.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000157 ____A C:\Windows\System32\netcfg-71042.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000157 ____A C:\Windows\System32\netcfg-64584.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000150 ____A C:\Windows\System32\netcfg-66175.txt
2013-02-05 16:14 - 2013-02-05 16:15 - 00000000 ____D C:\Windows.old
2013-02-05 05:43 - 2013-02-05 05:43 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-02-05 05:43 - 2012-06-02 14:30 - 00000001 __ASH C:\BOOTNXT
2013-02-05 05:34 - 2013-02-05 16:21 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified Files and Folders =======

2013-02-05 16:28 - 2013-02-05 16:28 - 00000000 ____A C:\Recovery.txt
2013-02-05 16:28 - 2013-02-05 16:20 - 00000000 __SHD C:\Recovery
2013-02-05 16:26 - 2013-02-05 16:26 - 00000264 ____A C:\Windows\System32\netcfg-443963.txt
2013-02-05 16:26 - 2013-02-05 16:19 - 00007622 ____A C:\Windows\WindowsUpdate.log
2013-02-05 16:26 - 2012-07-26 07:28 - 00803370 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-05 16:26 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-02-05 16:25 - 2013-02-05 16:25 - 00001203 ____A C:\Windows\System32\netcfg-442372.txt
2013-02-05 16:23 - 2013-02-05 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-02-05 16:23 - 2012-07-26 07:21 - 00011904 ____A C:\Windows\setupact.log
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Roaming\Adobe
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Local\VirtualStore
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\cedunapete\AppData\Local\Packages
2013-02-05 16:22 - 2013-02-05 16:22 - 00000000 ____D C:\Users\All Users\PRICache
2013-02-05 16:22 - 2013-02-05 16:21 - 00000000 ____D C:\users\cedunapete
2013-02-05 16:22 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-02-05 16:22 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2013-02-05 16:21 - 2013-02-05 16:21 - 00000020 __ASH C:\Users\cedunapete\ntuser.ini
2013-02-05 16:21 - 2013-02-05 16:21 - 00000000 ____D C:\Windows\CSC
2013-02-05 16:21 - 2013-02-05 05:34 - 00000000 ____D C:\Windows\Panther
2013-02-05 16:20 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-02-05 16:20 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2013-02-05 16:19 - 2012-07-26 07:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-05 16:18 - 2012-07-26 07:19 - 00281088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-05 16:17 - 2012-07-26 08:13 - 00001720 ____A C:\Windows\DtcInstall.log
2013-02-05 16:16 - 2013-02-05 16:16 - 00001135 ____A C:\Windows\System32\netcfg-73741.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000424 ____A C:\Windows\PFRO.log
2013-02-05 16:16 - 2013-02-05 16:16 - 00000185 ____A C:\Windows\System32\netcfg-71900.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000164 ____A C:\Windows\System32\netcfg-65972.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000161 ____A C:\Windows\System32\netcfg-71604.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-71417.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-70574.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000160 ____A C:\Windows\System32\netcfg-64896.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000159 ____A C:\Windows\System32\netcfg-70871.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000157 ____A C:\Windows\System32\netcfg-71042.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000157 ____A C:\Windows\System32\netcfg-64584.txt
2013-02-05 16:16 - 2013-02-05 16:16 - 00000150 ____A C:\Windows\System32\netcfg-66175.txt
2013-02-05 16:15 - 2013-02-05 16:14 - 00000000 ____D C:\Windows.old
2013-02-05 16:15 - 2012-07-26 08:13 - 00262144 ____A C:\Windows\System32\config\BCD-Template
2013-02-05 16:14 - 2012-07-26 05:26 - 00000000 ___HD C:\$WINDOWS.~BT
2013-02-05 05:43 - 2013-02-05 23:14 - 00008192 _RASH C:\BOOTSECT.BAK
2013-02-05 05:43 - 2013-02-05 05:43 - 00262144 ____A C:\Windows\System32\config\userdiff
2013-02-05 05:43 - 2012-07-26 08:18 - 00028672 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-02-05 05:43 - 2012-07-26 05:37 - 00000000 __RHD C:\users\Default


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-07-25 23:55] - [2012-07-26 03:08] - 0516608 ____A (Microsoft Corporation) 93AB226C07A9789B2EC7B41F73602F76

C:\Windows\System32\wininit.exe
[2012-07-26 00:03] - [2012-07-26 03:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\explorer.exe
[2012-07-25 23:14] - [2012-07-26 04:49] - 2380440 ____A (Microsoft Corporation) 928791755FDDEA721B053535EF84FA17

C:\Windows\SysWOW64\explorer.exe
[2012-07-25 23:11] - [2012-07-26 03:50] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571E

C:\Windows\System32\svchost.exe
[2012-07-26 00:00] - [2012-07-26 03:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA

C:\Windows\SysWOW64\svchost.exe
[2012-07-26 00:01] - [2012-07-26 03:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D

C:\Windows\System32\services.exe
[2012-07-26 05:26] - [2012-07-26 05:26] - 0410624 ____A (Microsoft Corporation) 754A2CC1F32107EA87CBD305ABE3E618

C:\Windows\System32\User32.dll
[2012-07-26 00:01] - [2012-07-26 03:07] - 1342464 ____A (Microsoft Corporation) 1D08594400EE1B500B93256795FE30AE

C:\Windows\SysWOW64\User32.dll
[2012-07-26 00:02] - [2012-07-26 00:02] - 1126912 ____A (Microsoft Corporation) 8A93F57772FD24959F76A65FF79D282D

C:\Windows\System32\userinit.exe
[2012-07-26 00:06] - [2012-07-26 03:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe
[2012-07-26 00:08] - [2012-07-26 03:21] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys
[2012-07-26 02:30] - [2012-07-26 04:57] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8191.05 MB
Available physical RAM: 7443.8 MB
Total Pagefile: 8191.05 MB
Available Pagefile: 7445.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:298.09 GB) (Free:265.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: () (Removable) (Total:0.95 GB) (Free:0.52 GB) FAT32
4 Drive e: (HRM_CCSA_X64FRE_EN-GB_DV5) (CDROM) (Total:3.27 GB) (Free:0 GB) UDF
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 979 MB 0 B

Partitions of Disk 0:
===============

Disk ID: EB56935C

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: CDD04F8A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 979 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FAT32 Removable 979 MB Healthy

=========================================================

Last Boot: 2013-02-05 16:16

==================== End Of Log =============================
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 5th, 2013, 3:12 am

the hard drive is 320 gigs which probably means I am missing about 8 on this one for some reason.
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am

Re: I have one very difficult hack or virus to remove

Unread postby Gary R » February 5th, 2013, 9:00 am

Is your PC one you constructed yourself or is it an OEM machine (store bought with Windows pre-installed) ?


Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I have one very difficult hack or virus to remove

Unread postby pgpav2003 » February 5th, 2013, 4:26 pm

The pc was purchased from an ebay Builder some 6 years or more ago . It was not an oem machine.

the scan came up clean so I guess that is why the log is so short.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Last edited by pgpav2003 on February 5th, 2013, 7:40 pm, edited 1 time in total.
pgpav2003
Regular Member
 
Posts: 17
Joined: January 28th, 2013, 11:07 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware