logs for trojan gen 2?

[paoktzi]

Post merged

this is the DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Kostaki at 21:22:16 on 2012-05-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1910.622 [GMT 10:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://startsear.ch/?aff=1

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL

BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube Download - C:\Users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - C:\Users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

TCP: DhcpNameServer = 61.9.134.49 61.9.133.193

TCP: Interfaces\{631D202C-1B54-4382-AA28-51207F4EEC01} : DhcpNameServer = 61.9.134.49 61.9.133.193

TCP: Interfaces\{DE304D90-3F2D-4243-97C4-378B2823183E} : DhcpNameServer = 61.9.134.49 61.9.133.193

TCP: Interfaces\{DE304D90-3F2D-4243-97C4-378B2823183E}\07F636B6564777966696D253466343 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{DE304D90-3F2D-4243-97C4-378B2823183E}\24967605F6E64603436463 : DhcpNameServer = 61.9.133.193 61.9.134.49

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kostaki\AppData\Roaming\Mozilla\Firefox\Profiles\thgmei3l.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kostaki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120507.001_561\BHDrvx64.sys [2012-5-7 1160824]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120512.001_5a2\IDSviA64.sys [2012-5-12 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-28 652872]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-4 130008]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-27 138360]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-29 17152]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253088]

S4 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-4-27 247760]

S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

S4 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-16 1071160]

S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-1 92216]

S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-6 13336]

S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-6 2372096]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]

S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]

S4 PCToolsProtectInjDrv;PCToolsProtectInjDrv;C:\Users\Kostaki\AppData\Local\Temp\pcttProtect64.sys [2012-4-27 58912]

S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-4-27 366840]

S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-4-27 1150936]

S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-6 2320920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-05-09 12:34:51 -------- d-----w- C:\ProgramData\LightScribe

2012-05-09 12:31:58 -------- d-----w- C:\Program Files (x86)\Nero

2012-05-09 12:31:37 -------- d-----w- C:\ProgramData\Nero

2012-05-09 12:27:23 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-04-30 09:50:09 -------- d-----w- C:\ProgramData\Windows

2012-04-27 08:34:28 -------- d-----w- C:\Users\Kostaki\AppData\Roaming\Malwarebytes

2012-04-27 08:34:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-27 08:34:15 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-27 08:34:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-27 05:44:02 767952 ----a-w- C:\Windows\BDTSupport.dll

2012-04-27 05:44:01 2000848 ----a-w- C:\Windows\PCTBDCore.dll

2012-04-27 05:44:01 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2012-04-27 05:44:01 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2012-04-27 05:43:42 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2012-04-27 05:43:42 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2012-04-27 05:43:40 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2012-04-27 05:43:40 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2012-04-27 05:43:26 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2012-04-27 05:42:26 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2012-04-27 05:42:08 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2012-04-25 09:25:39 -------- d-----w- C:\Program Files\Yamicsoft

2012-04-24 07:25:47 -------- d-----w- C:\Users\Kostaki\AppData\Roaming\Yvuh

2012-04-24 07:25:47 -------- d-----w- C:\Users\Kostaki\AppData\Roaming\Dobuy

2012-04-24 07:15:02 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-04-21 11:19:00 -------- d-----w- C:\af983eb7993ee3ee4629f7ee77c2a882

2012-04-21 07:27:16 -------- d-----w- C:\Users\Kostaki\AppData\Local\AVG Secure Search

2012-04-21 07:26:50 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-04-21 07:26:30 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-04-21 07:26:26 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-04-21 07:25:43 -------- d-----w- C:\Program Files (x86)\Xvid

2012-04-21 07:25:39 -------- d--h--w- C:\ProgramData\Common Files

2012-04-21 06:42:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-04-21 06:42:10 -------- d-----w- C:\Users\Kostaki\AppData\Roaming\PC Tools

2012-04-21 06:42:10 -------- d-----w- C:\ProgramData\PC Tools

2012-04-21 06:42:10 -------- d-----w- C:\Program Files (x86)\Spyware Doctor

2012-04-16 07:20:02 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

.

==================== Find3M ====================

.

2012-04-22 08:25:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 08:25:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-22 01:44:12 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-06 05:43:14 80024 ----a-w- C:\Windows\SysWow64\mfcm100u.dll

2012-03-06 05:43:14 772248 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2012-03-06 05:43:14 4421272 ----a-w- C:\Windows\SysWow64\mfc100u.dll

2012-03-06 05:43:14 419480 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2012-03-06 05:43:14 136344 ----a-w- C:\Windows\SysWow64\atl100.dll

.

============= FINISH: 21:25:29.69 ===============

should i post the rest in here?

[LDTate]

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  
• Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

[paoktzi]

lets proceed

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[paoktzi]

00:16:08.0091 2968 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

00:16:09.0230 2968 ============================================================

00:16:09.0230 2968 Current date / time: 2012/05/19 00:16:09.0230

00:16:09.0230 2968 SystemInfo:

00:16:09.0230 2968

00:16:09.0230 2968 OS Version: 6.1.7601 ServicePack: 1.0

00:16:09.0230 2968 Product type: Workstation

00:16:09.0230 2968 ComputerName: KOSTAKI-HP

00:16:09.0230 2968 UserName: Kostaki

00:16:09.0230 2968 Windows directory: C:\Windows

00:16:09.0230 2968 System windows directory: C:\Windows

00:16:09.0230 2968 Running under WOW64

00:16:09.0230 2968 Processor architecture: Intel x64

00:16:09.0230 2968 Number of processors: 4

00:16:09.0230 2968 Page size: 0x1000

00:16:09.0230 2968 Boot type: Normal boot

00:16:09.0230 2968 ============================================================

00:16:09.0885 2968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:16:09.0900 2968 ============================================================

00:16:09.0900 2968 \Device\Harddisk0\DR0:

00:16:09.0900 2968 MBR partitions:

00:16:09.0900 2968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

00:16:09.0900 2968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387DE800

00:16:09.0900 2968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38842800, BlocksNum 0x1B0F800

00:16:09.0900 2968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

00:16:09.0900 2968 ============================================================

00:16:09.0963 2968 C: <-> \Device\Harddisk0\DR0\Partition1

00:16:10.0025 2968 D: <-> \Device\Harddisk0\DR0\Partition2

00:16:10.0025 2968 ============================================================

00:16:10.0025 2968 Initialize success

00:16:10.0025 2968 ============================================================

00:16:19.0728 0848 ============================================================

00:16:19.0728 0848 Scan started

00:16:19.0728 0848 Mode: Manual; SigCheck; TDLFS;

00:16:19.0728 0848 ============================================================

00:16:22.0224 0848 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:16:23.0036 0848 1394ohci - ok

00:16:23.0176 0848 93664462 (ccde590a195cb3a02fb0bfd787ce7ac5) C:\Windows\system32\drivers\18405993.sys

00:16:23.0410 0848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:16:23.0457 0848 ACPI - ok

00:16:23.0519 0848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:16:23.0706 0848 AcpiPmi - ok

00:16:24.0003 0848 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:16:24.0018 0848 AdobeARMservice - ok

00:16:24.0486 0848 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:16:24.0564 0848 AdobeFlashPlayerUpdateSvc - ok

00:16:24.0876 0848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

00:16:24.0939 0848 adp94xx - ok

00:16:25.0095 0848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

00:16:25.0173 0848 adpahci - ok

00:16:25.0313 0848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

00:16:25.0360 0848 adpu320 - ok

00:16:25.0422 0848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:16:25.0984 0848 AeLookupSvc - ok

00:16:26.0124 0848 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

00:16:26.0312 0848 AFD - ok

00:16:26.0421 0848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:16:26.0452 0848 agp440 - ok

00:16:26.0577 0848 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:16:26.0717 0848 ALG - ok

00:16:26.0826 0848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:16:26.0889 0848 aliide - ok

00:16:26.0920 0848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:16:26.0951 0848 amdide - ok

00:16:27.0045 0848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

00:16:27.0138 0848 AmdK8 - ok

00:16:27.0170 0848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

00:16:27.0232 0848 AmdPPM - ok

00:16:27.0326 0848 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

00:16:27.0372 0848 amdsata - ok

00:16:27.0450 0848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

00:16:27.0482 0848 amdsbs - ok

00:16:27.0575 0848 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

00:16:27.0622 0848 amdxata - ok

00:16:27.0762 0848 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:16:28.0355 0848 AppID - ok

00:16:28.0433 0848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:16:28.0605 0848 AppIDSvc - ok

00:16:28.0730 0848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:16:28.0854 0848 Appinfo - ok

00:16:29.0010 0848 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:16:29.0073 0848 Apple Mobile Device - ok

00:16:29.0166 0848 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

00:16:29.0198 0848 arc - ok

00:16:29.0291 0848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

00:16:29.0322 0848 arcsas - ok

00:16:29.0556 0848 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

00:16:29.0603 0848 aspnet_state - ok

00:16:29.0759 0848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:16:29.0900 0848 AsyncMac - ok

00:16:29.0993 0848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:16:30.0040 0848 atapi - ok

00:16:30.0196 0848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:16:30.0368 0848 AudioEndpointBuilder - ok

00:16:30.0368 0848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:16:30.0477 0848 AudioSrv - ok

00:16:30.0789 0848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:16:30.0976 0848 AxInstSV - ok

00:16:31.0288 0848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

00:16:31.0413 0848 b06bdrv - ok

00:16:31.0553 0848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:16:31.0647 0848 b57nd60a - ok

00:16:31.0959 0848 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

00:16:32.0115 0848 BBSvc - ok

00:16:32.0520 0848 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

00:16:32.0676 0848 BCM43XX - ok

00:16:32.0723 0848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:16:32.0801 0848 BDESVC - ok

00:16:32.0926 0848 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:16:33.0066 0848 Beep - ok

00:16:33.0550 0848 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120507.001_d66\BHDrvx64.sys

00:16:33.0800 0848 BHDrvx64 - ok

00:16:33.0987 0848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

00:16:34.0236 0848 BITS - ok

00:16:34.0330 0848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

00:16:34.0377 0848 blbdrive - ok

00:16:34.0486 0848 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

00:16:34.0564 0848 Bonjour Service - ok

00:16:34.0626 0848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:16:34.0736 0848 bowser - ok

00:16:34.0782 0848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

00:16:34.0845 0848 BrFiltLo - ok

00:16:34.0876 0848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

00:16:34.0938 0848 BrFiltUp - ok

00:16:35.0001 0848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:16:35.0157 0848 Browser - ok

00:16:35.0266 0848 Browser Defender Update Service (f2dddf1e0c0c9c1122e45d1993cf92c9) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

00:16:35.0375 0848 Browser Defender Update Service - ok

00:16:35.0438 0848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:16:35.0500 0848 Brserid - ok

00:16:35.0578 0848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:16:35.0640 0848 BrSerWdm - ok

00:16:35.0672 0848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:16:35.0734 0848 BrUsbMdm - ok

00:16:35.0765 0848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:16:35.0812 0848 BrUsbSer - ok

00:16:35.0874 0848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

00:16:35.0921 0848 BTHMODEM - ok

00:16:36.0015 0848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:16:36.0155 0848 bthserv - ok

00:16:36.0202 0848 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:16:36.0327 0848 cdfs - ok

00:16:36.0389 0848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:16:36.0452 0848 cdrom - ok

00:16:36.0514 0848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:16:36.0623 0848 CertPropSvc - ok

00:16:36.0717 0848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

00:16:36.0764 0848 circlass - ok

00:16:36.0842 0848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:16:36.0873 0848 CLFS - ok

00:16:36.0951 0848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:16:36.0982 0848 clr_optimization_v2.0.50727_32 - ok

00:16:37.0044 0848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:16:37.0107 0848 clr_optimization_v2.0.50727_64 - ok

00:16:37.0622 0848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:16:37.0653 0848 clr_optimization_v4.0.30319_32 - ok

00:16:37.0824 0848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:16:37.0856 0848 clr_optimization_v4.0.30319_64 - ok

00:16:37.0949 0848 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

00:16:37.0980 0848 clwvd - ok

00:16:38.0027 0848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

00:16:38.0105 0848 CmBatt - ok

00:16:38.0136 0848 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:16:38.0168 0848 cmdide - ok

00:16:38.0246 0848 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

00:16:38.0308 0848 CNG - ok

00:16:38.0370 0848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

00:16:38.0386 0848 Compbatt - ok

00:16:38.0417 0848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:16:38.0495 0848 CompositeBus - ok

00:16:38.0511 0848 COMSysApp - ok

00:16:38.0542 0848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

00:16:38.0573 0848 crcdisk - ok

00:16:38.0698 0848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

00:16:38.0823 0848 CryptSvc - ok

00:16:38.0916 0848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:16:39.0041 0848 DcomLaunch - ok

00:16:39.0104 0848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:16:39.0244 0848 defragsvc - ok

00:16:39.0291 0848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:16:39.0416 0848 DfsC - ok

00:16:39.0494 0848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:16:39.0634 0848 Dhcp - ok

00:16:39.0681 0848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:16:39.0806 0848 discache - ok

00:16:39.0884 0848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

00:16:39.0915 0848 Disk - ok

00:16:39.0977 0848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:16:40.0055 0848 Dnscache - ok

00:16:40.0102 0848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:16:40.0242 0848 dot3svc - ok

00:16:40.0305 0848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:16:40.0445 0848 DPS - ok

00:16:40.0476 0848 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:16:40.0554 0848 drmkaud - ok

00:16:40.0695 0848 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

00:16:40.0742 0848 dtsoftbus01 - ok

00:16:40.0835 0848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:16:40.0898 0848 DXGKrnl - ok

00:16:40.0976 0848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:16:41.0116 0848 EapHost - ok

00:16:41.0381 0848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

00:16:41.0569 0848 ebdrv - ok

00:16:41.0803 0848 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

00:16:41.0865 0848 eeCtrl - ok

00:16:41.0974 0848 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

00:16:42.0021 0848 EFS - ok

00:16:42.0208 0848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:16:42.0286 0848 ehRecvr - ok

00:16:42.0317 0848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:16:42.0380 0848 ehSched - ok

00:16:42.0505 0848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

00:16:42.0551 0848 elxstor - ok

00:16:42.0723 0848 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

00:16:42.0754 0848 EraserUtilRebootDrv - ok

00:16:42.0785 0848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:16:42.0863 0848 ErrDev - ok

00:16:42.0941 0848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:16:43.0097 0848 EventSystem - ok

00:16:43.0160 0848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:16:43.0269 0848 exfat - ok

00:16:43.0300 0848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:16:43.0425 0848 fastfat - ok

00:16:43.0534 0848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:16:43.0643 0848 Fax - ok

00:16:43.0690 0848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

00:16:43.0753 0848 fdc - ok

00:16:43.0784 0848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:16:43.0955 0848 fdPHost - ok

00:16:43.0987 0848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:16:44.0096 0848 FDResPub - ok

00:16:44.0143 0848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:16:44.0189 0848 FileInfo - ok

00:16:44.0205 0848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:16:44.0330 0848 Filetrace - ok

00:16:44.0361 0848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

00:16:44.0408 0848 flpydisk - ok

00:16:44.0439 0848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:16:44.0486 0848 FltMgr - ok

00:16:44.0595 0848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:16:44.0689 0848 FontCache - ok

00:16:44.0767 0848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:16:44.0798 0848 FontCache3.0.0.0 - ok

00:16:44.0860 0848 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:16:44.0891 0848 FsDepends - ok

00:16:44.0938 0848 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:16:44.0969 0848 Fs_Rec - ok

00:16:45.0032 0848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:16:45.0079 0848 fvevol - ok

00:16:45.0141 0848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

00:16:45.0172 0848 gagp30kx - ok

00:16:45.0266 0848 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

00:16:45.0313 0848 GamesAppService - ok

00:16:45.0375 0848 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:16:45.0406 0848 GEARAspiWDM - ok

00:16:45.0515 0848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:16:45.0656 0848 gpsvc - ok

00:16:45.0703 0848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:16:45.0765 0848 hcw85cir - ok

00:16:45.0859 0848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:16:45.0937 0848 HdAudAddService - ok

00:16:46.0015 0848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:16:46.0093 0848 HDAudBus - ok

00:16:46.0155 0848 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

00:16:46.0186 0848 HECIx64 - ok

00:16:46.0217 0848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

00:16:46.0264 0848 HidBatt - ok

00:16:46.0295 0848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

00:16:46.0358 0848 HidBth - ok

00:16:46.0405 0848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

00:16:46.0451 0848 HidIr - ok

00:16:46.0467 0848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

00:16:46.0607 0848 hidserv - ok

00:16:46.0701 0848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

00:16:46.0732 0848 HidUsb - ok

00:16:46.0795 0848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:16:46.0966 0848 hkmsvc - ok

00:16:47.0029 0848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:16:47.0107 0848 HomeGroupListener - ok

00:16:47.0153 0848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:16:47.0216 0848 HomeGroupProvider - ok

00:16:47.0341 0848 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

00:16:47.0387 0848 HP Health Check Service - ok

00:16:47.0481 0848 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

00:16:47.0528 0848 HPClientSvc - ok

00:16:47.0684 0848 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

00:16:47.0887 0848 hpCMSrv - ok

00:16:47.0965 0848 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

00:16:48.0027 0848 HPDrvMntSvc.exe - ok

00:16:48.0136 0848 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

00:16:48.0261 0848 hpqwmiex - ok

00:16:48.0401 0848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:16:48.0433 0848 HpSAMD - ok

00:16:48.0479 0848 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

00:16:48.0526 0848 HPWMISVC - ok

00:16:48.0620 0848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:16:48.0807 0848 HTTP - ok

00:16:48.0838 0848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:16:48.0869 0848 hwpolicy - ok

00:16:48.0932 0848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:16:48.0979 0848 i8042prt - ok

00:16:49.0072 0848 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

00:16:49.0135 0848 iaStor - ok

00:16:49.0259 0848 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

00:16:49.0322 0848 IAStorDataMgrSvc - ok

00:16:49.0415 0848 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

00:16:49.0447 0848 iaStorV - ok

00:16:49.0696 0848 IconMan_R (d22d82d74fd1b6c77e7556dbdc3ea9d2) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

00:16:49.0946 0848 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

00:16:49.0946 0848 IconMan_R - detected UnsignedFile.Multi.Generic (1)

00:16:50.0055 0848 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

00:16:50.0102 0848 IDriverT ( UnsignedFile.Multi.Generic ) - warning

00:16:50.0102 0848 IDriverT - detected UnsignedFile.Multi.Generic (1)

00:16:50.0258 0848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:16:50.0336 0848 idsvc - ok

00:16:50.0570 0848 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120517.001_dae\IDSvia64.sys

00:16:50.0679 0848 IDSVia64 - ok

00:16:51.0709 0848 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:16:52.0270 0848 igfx - ok

00:16:52.0426 0848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

00:16:52.0457 0848 iirsp - ok

00:16:52.0629 0848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:16:52.0816 0848 IKEEXT - ok

00:16:52.0879 0848 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

00:16:52.0972 0848 Impcd - ok

00:16:53.0066 0848 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:16:53.0113 0848 IntcDAud - ok

00:16:53.0144 0848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:16:53.0175 0848 intelide - ok

00:16:53.0222 0848 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:16:53.0284 0848 intelppm - ok

00:16:53.0362 0848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:16:53.0503 0848 IPBusEnum - ok

00:16:53.0549 0848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:16:53.0643 0848 IpFilterDriver - ok

00:16:53.0690 0848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:16:53.0752 0848 IPMIDRV - ok

00:16:53.0815 0848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:16:53.0955 0848 IPNAT - ok

00:16:54.0095 0848 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe

00:16:54.0173 0848 iPod Service - ok

00:16:54.0220 0848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:16:54.0283 0848 IRENUM - ok

00:16:54.0329 0848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:16:54.0361 0848 isapnp - ok

00:16:54.0407 0848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:16:54.0439 0848 iScsiPrt - ok

00:16:54.0501 0848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:16:54.0532 0848 kbdclass - ok

00:16:54.0579 0848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:16:54.0657 0848 kbdhid - ok

00:16:54.0704 0848 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:16:54.0751 0848 KeyIso - ok

00:16:54.0797 0848 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

00:16:54.0829 0848 KSecDD - ok

00:16:54.0922 0848 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

00:16:54.0969 0848 KSecPkg - ok

00:16:55.0078 0848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:16:55.0203 0848 ksthunk - ok

00:16:55.0281 0848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:16:55.0421 0848 KtmRm - ok

00:16:55.0484 0848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

00:16:55.0640 0848 LanmanServer - ok

00:16:55.0702 0848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:16:55.0843 0848 LanmanWorkstation - ok

00:16:56.0092 0848 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

00:16:56.0264 0848 Lavasoft Ad-Aware Service - ok

00:16:56.0373 0848 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

00:16:56.0389 0848 Lavasoft Kernexplorer - ok

00:16:56.0560 0848 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

00:16:56.0607 0848 Lbd - ok

00:16:56.0747 0848 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

00:16:56.0779 0848 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

00:16:56.0779 0848 LightScribeService - detected UnsignedFile.Multi.Generic (1)

00:16:56.0841 0848 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:16:56.0935 0848 lltdio - ok

00:16:57.0013 0848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:16:57.0137 0848 lltdsvc - ok

00:16:57.0153 0848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:16:57.0247 0848 lmhosts - ok

00:16:57.0340 0848 LMIGuardianSvc (e01fded75312652de448e5aa792afa59) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

00:16:57.0403 0848 LMIGuardianSvc - ok

00:16:57.0449 0848 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

00:16:57.0496 0848 LMIInfo - ok

00:16:57.0527 0848 LMIMaint (be53cf6e8ffef255988209a35f184f9f) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

00:16:57.0590 0848 LMIMaint - ok

00:16:57.0621 0848 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

00:16:57.0699 0848 lmimirr - ok

00:16:57.0730 0848 LMIRfsClientNP - ok

00:16:57.0777 0848 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

00:16:57.0808 0848 LMIRfsDriver - ok

00:16:57.0949 0848 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:16:58.0042 0848 LMS - ok

00:16:58.0105 0848 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

00:16:58.0151 0848 LogMeIn - ok

00:16:58.0229 0848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

00:16:58.0261 0848 LSI_FC - ok

00:16:58.0292 0848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

00:16:58.0339 0848 LSI_SAS - ok

00:16:58.0448 0848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

00:16:58.0479 0848 LSI_SAS2 - ok

00:16:58.0619 0848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

00:16:58.0651 0848 LSI_SCSI - ok

00:16:58.0791 0848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:16:58.0947 0848 luafv - ok

00:16:59.0025 0848 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

00:16:59.0056 0848 MBAMProtector - ok

00:16:59.0243 0848 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

00:16:59.0306 0848 MBAMService - ok

00:16:59.0446 0848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:16:59.0524 0848 Mcx2Svc - ok

00:16:59.0571 0848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

00:16:59.0602 0848 megasas - ok

00:16:59.0836 0848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

00:16:59.0883 0848 MegaSR - ok

00:16:59.0945 0848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:17:00.0101 0848 MMCSS - ok

00:17:00.0164 0848 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:17:00.0273 0848 Modem - ok

00:17:00.0367 0848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:17:00.0429 0848 monitor - ok

00:17:00.0460 0848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:17:00.0491 0848 mouclass - ok

00:17:00.0585 0848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

00:17:00.0663 0848 mouhid - ok

00:17:00.0725 0848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:17:00.0757 0848 mountmgr - ok

00:17:00.0819 0848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:17:00.0850 0848 mpio - ok

00:17:00.0913 0848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:17:01.0022 0848 mpsdrv - ok

00:17:01.0162 0848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:17:01.0240 0848 MRxDAV - ok

00:17:01.0303 0848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:17:01.0438 0848 mrxsmb - ok

00:17:01.0478 0848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:17:01.0517 0848 mrxsmb10 - ok

00:17:01.0543 0848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:17:01.0594 0848 mrxsmb20 - ok

00:17:01.0656 0848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:17:01.0685 0848 msahci - ok

00:17:01.0716 0848 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:17:01.0752 0848 msdsm - ok

00:17:01.0790 0848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:17:01.0850 0848 MSDTC - ok

00:17:01.0943 0848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:17:02.0075 0848 Msfs - ok

00:17:02.0114 0848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:17:02.0237 0848 mshidkmdf - ok

00:17:02.0300 0848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:17:02.0330 0848 msisadrv - ok

00:17:02.0381 0848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:17:02.0516 0848 MSiSCSI - ok

00:17:02.0522 0848 msiserver - ok

00:17:02.0565 0848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:17:02.0684 0848 MSKSSRV - ok

00:17:02.0704 0848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:17:02.0829 0848 MSPCLOCK - ok

00:17:02.0873 0848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:17:02.0985 0848 MSPQM - ok

00:17:03.0046 0848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:17:03.0093 0848 MsRPC - ok

00:17:03.0122 0848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:17:03.0170 0848 mssmbios - ok

00:17:03.0215 0848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:17:03.0335 0848 MSTEE - ok

00:17:03.0370 0848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

00:17:03.0428 0848 MTConfig - ok

00:17:03.0463 0848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:17:03.0495 0848 Mup - ok

00:17:03.0564 0848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:17:03.0737 0848 napagent - ok

00:17:03.0807 0848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:17:03.0893 0848 NativeWifiP - ok

00:17:04.0039 0848 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120517.023_d84\ENG64.SYS

00:17:04.0066 0848 NAVENG - ok

00:17:04.0263 0848 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120517.023_d84\EX64.SYS

00:17:04.0381 0848 NAVEX15 - ok

00:17:04.0615 0848 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

00:17:04.0687 0848 NDIS - ok

00:17:04.0735 0848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:17:04.0860 0848 NdisCap - ok

00:17:04.0907 0848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:17:05.0029 0848 NdisTapi - ok

00:17:05.0058 0848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:17:05.0180 0848 Ndisuio - ok

00:17:05.0233 0848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:17:05.0356 0848 NdisWan - ok

00:17:05.0381 0848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:17:05.0476 0848 NDProxy - ok

00:17:05.0538 0848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:17:05.0664 0848 NetBIOS - ok

00:17:05.0712 0848 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:17:05.0822 0848 NetBT - ok

00:17:05.0871 0848 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:17:05.0913 0848 Netlogon - ok

00:17:05.0972 0848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:17:06.0119 0848 Netman - ok

00:17:06.0225 0848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:06.0266 0848 NetMsmqActivator - ok

00:17:06.0272 0848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:06.0300 0848 NetPipeActivator - ok

00:17:06.0360 0848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:17:06.0507 0848 netprofm - ok

00:17:06.0684 0848 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys

00:17:06.0766 0848 netr28x - ok

00:17:06.0859 0848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:06.0886 0848 NetTcpActivator - ok

00:17:06.0892 0848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

00:17:06.0920 0848 NetTcpPortSharing - ok

00:17:06.0971 0848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

00:17:07.0004 0848 nfrd960 - ok

00:17:07.0117 0848 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

00:17:07.0146 0848 NIS - ok

00:17:07.0193 0848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:17:07.0339 0848 NlaSvc - ok

00:17:07.0385 0848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:17:07.0491 0848 Npfs - ok

00:17:07.0515 0848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:17:07.0641 0848 nsi - ok

00:17:07.0673 0848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:17:07.0798 0848 nsiproxy - ok

00:17:07.0962 0848 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

00:17:08.0069 0848 Ntfs - ok

00:17:08.0200 0848 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:17:08.0303 0848 Null - ok

00:17:08.0397 0848 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

00:17:08.0470 0848 NVENETFD - ok

00:17:08.0539 0848 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

00:17:08.0575 0848 nvraid - ok

00:17:08.0616 0848 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

00:17:08.0653 0848 nvstor - ok

00:17:08.0819 0848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:17:08.0854 0848 nv_agp - ok

00:17:08.0890 0848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:17:08.0932 0848 ohci1394 - ok

00:17:08.0985 0848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:17:09.0059 0848 p2pimsvc - ok

00:17:09.0135 0848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:17:09.0197 0848 p2psvc - ok

00:17:09.0227 0848 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

00:17:09.0270 0848 Parport - ok

00:17:09.0306 0848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:17:09.0339 0848 partmgr - ok

00:17:09.0376 0848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:17:09.0475 0848 PcaSvc - ok

00:17:09.0524 0848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:17:09.0562 0848 pci - ok

00:17:09.0589 0848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:17:09.0620 0848 pciide - ok

00:17:09.0703 0848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

00:17:09.0743 0848 pcmcia - ok

00:17:09.0816 0848 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys

00:17:09.0875 0848 PCTCore - ok

00:17:09.0934 0848 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys

00:17:10.0009 0848 pctDS - ok

00:17:10.0136 0848 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys

00:17:10.0234 0848 pctEFA - ok

00:17:10.0402 0848 PCToolsProtectInjDrv (ada6774030a4412f64899a3c52e687e1) C:\Users\Kostaki\AppData\Local\Temp\pcttProtect64.sys

00:17:10.0443 0848 PCToolsProtectInjDrv - ok

00:17:10.0479 0848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:17:10.0511 0848 pcw - ok

00:17:10.0571 0848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:17:10.0743 0848 PEAUTH - ok

00:17:10.0851 0848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:17:10.0926 0848 PerfHost - ok

00:17:11.0081 0848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:17:11.0230 0848 pla - ok

00:17:11.0329 0848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:17:11.0403 0848 PlugPlay - ok

00:17:11.0440 0848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:17:11.0527 0848 PNRPAutoReg - ok

00:17:11.0574 0848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:17:11.0622 0848 PNRPsvc - ok

00:17:11.0731 0848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:17:11.0879 0848 PolicyAgent - ok

00:17:11.0919 0848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:17:12.0065 0848 Power - ok

00:17:12.0143 0848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:17:12.0287 0848 PptpMiniport - ok

00:17:12.0321 0848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

00:17:12.0380 0848 Processor - ok

00:17:12.0430 0848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

00:17:12.0563 0848 ProfSvc - ok

00:17:12.0612 0848 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:17:12.0652 0848 ProtectedStorage - ok

00:17:12.0733 0848 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:17:12.0866 0848 Psched - ok

00:17:13.0030 0848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

00:17:13.0130 0848 ql2300 - ok

00:17:13.0288 0848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

00:17:13.0323 0848 ql40xx - ok

00:17:13.0432 0848 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:17:13.0510 0848 QWAVE - ok

00:17:13.0534 0848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:17:13.0608 0848 QWAVEdrv - ok

00:17:13.0651 0848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:17:13.0764 0848 RasAcd - ok

00:17:13.0923 0848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:17:14.0057 0848 RasAgileVpn - ok

00:17:14.0098 0848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:17:14.0226 0848 RasAuto - ok

00:17:14.0266 0848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:17:14.0372 0848 Rasl2tp - ok

00:17:14.0522 0848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:17:14.0715 0848 RasMan - ok

00:17:14.0819 0848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:17:14.0961 0848 RasPppoe - ok

00:17:15.0062 0848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:17:15.0205 0848 RasSstp - ok

00:17:15.0355 0848 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:17:15.0502 0848 rdbss - ok

00:17:15.0557 0848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

00:17:15.0650 0848 rdpbus - ok

00:17:15.0730 0848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:17:15.0861 0848 RDPCDD - ok

00:17:15.0969 0848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:17:16.0108 0848 RDPENCDD - ok

00:17:16.0130 0848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:17:16.0230 0848 RDPREFMP - ok

00:17:16.0283 0848 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

00:17:16.0377 0848 RDPWD - ok

00:17:16.0446 0848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:17:16.0494 0848 rdyboost - ok

00:17:16.0682 0848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:17:16.0840 0848 RemoteAccess - ok

00:17:16.0909 0848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:17:17.0053 0848 RemoteRegistry - ok

00:17:17.0072 0848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:17:17.0223 0848 RpcEptMapper - ok

00:17:17.0256 0848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:17:17.0305 0848 RpcLocator - ok

00:17:17.0390 0848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:17:17.0515 0848 RpcSs - ok

00:17:17.0597 0848 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

00:17:17.0656 0848 RSPCIESTOR - ok

00:17:17.0721 0848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:17:17.0855 0848 rspndr - ok

00:17:18.0308 0848 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:17:18.0386 0848 RTL8167 - ok

00:17:18.0439 0848 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:17:18.0479 0848 SamSs - ok

00:17:18.0682 0848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:17:18.0742 0848 sbp2port - ok

00:17:18.0842 0848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:17:18.0965 0848 SCardSvr - ok

00:17:19.0006 0848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:17:19.0127 0848 scfilter - ok

00:17:19.0261 0848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:17:19.0459 0848 Schedule - ok

00:17:19.0500 0848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:17:19.0604 0848 SCPolicySvc - ok

00:17:19.0757 0848 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe

00:17:19.0805 0848 sdAuxService - ok

00:17:19.0896 0848 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

00:17:19.0967 0848 sdbus - ok

00:17:20.0094 0848 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe

00:17:20.0257 0848 sdCoreService - ok

00:17:20.0299 0848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:17:20.0363 0848 SDRSVC - ok

00:17:20.0448 0848 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

00:17:20.0487 0848 SeaPort - ok

00:17:20.0562 0848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:17:20.0683 0848 secdrv - ok

00:17:20.0728 0848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:17:20.0832 0848 seclogon - ok

00:17:20.0852 0848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

00:17:20.0964 0848 SENS - ok

00:17:21.0024 0848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:17:21.0084 0848 SensrSvc - ok

00:17:21.0122 0848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

00:17:21.0179 0848 Serenum - ok

00:17:21.0238 0848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

00:17:21.0301 0848 Serial - ok

00:17:21.0342 0848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

00:17:21.0400 0848 sermouse - ok

00:17:21.0448 0848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:17:21.0581 0848 SessionEnv - ok

00:17:21.0631 0848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:17:21.0714 0848 sffdisk - ok

00:17:21.0749 0848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:17:21.0814 0848 sffp_mmc - ok

00:17:21.0849 0848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:17:21.0928 0848 sffp_sd - ok

00:17:21.0958 0848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

00:17:22.0012 0848 sfloppy - ok

00:17:22.0087 0848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:17:22.0206 0848 SharedAccess - ok

00:17:22.0260 0848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:17:22.0408 0848 ShellHWDetection - ok

00:17:22.0447 0848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

00:17:22.0479 0848 SiSRaid2 - ok

00:17:22.0511 0848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

00:17:22.0546 0848 SiSRaid4 - ok

00:17:22.0616 0848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:17:22.0795 0848 Smb - ok

00:17:22.0854 0848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:17:22.0916 0848 SNMPTRAP - ok

00:17:23.0002 0848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:17:23.0034 0848 spldr - ok

00:17:23.0135 0848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:17:23.0258 0848 Spooler - ok

00:17:23.0517 0848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:17:23.0784 0848 sppsvc - ok

00:17:23.0917 0848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:17:24.0016 0848 sppuinotify - ok

00:17:24.0171 0848 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS

00:17:24.0227 0848 SRTSP - ok

00:17:24.0251 0848 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS

00:17:24.0275 0848 SRTSPX - ok

00:17:24.0339 0848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:17:24.0437 0848 srv - ok

00:17:24.0494 0848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:17:24.0567 0848 srv2 - ok

00:17:24.0685 0848 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

00:17:24.0746 0848 SrvHsfHDA - ok

00:17:24.0892 0848 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

00:17:25.0003 0848 SrvHsfV92 - ok

00:17:25.0181 0848 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

00:17:25.0242 0848 SrvHsfWinac - ok

00:17:25.0285 0848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:17:25.0328 0848 srvnet - ok

00:17:25.0377 0848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:17:25.0527 0848 SSDPSRV - ok

00:17:25.0710 0848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:17:25.0841 0848 SstpSvc - ok

00:17:26.0013 0848 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

00:17:26.0137 0848 STacSV - ok

00:17:26.0168 0848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

00:17:26.0198 0848 stexstor - ok

00:17:26.0297 0848 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys

00:17:26.0364 0848 STHDA - ok

00:17:26.0440 0848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:17:26.0530 0848 stisvc - ok

00:17:26.0562 0848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:17:26.0592 0848 swenum - ok

00:17:26.0800 0848 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

00:17:26.0876 0848 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

00:17:26.0876 0848 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

00:17:26.0953 0848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:17:27.0095 0848 swprv - ok

00:17:27.0214 0848 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS

00:17:27.0258 0848 SymDS - ok

00:17:27.0353 0848 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS

00:17:27.0420 0848 SymEFA - ok

00:17:27.0497 0848 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

00:17:27.0536 0848 SymEvent - ok

00:17:27.0581 0848 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS

00:17:27.0613 0848 SymIRON - ok

00:17:27.0682 0848 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS

00:17:27.0722 0848 SymNetS - ok

00:17:27.0905 0848 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

00:17:28.0008 0848 SynTP - ok

00:17:28.0267 0848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:17:28.0437 0848 SysMain - ok

00:17:28.0569 0848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:17:28.0669 0848 TabletInputService - ok

00:17:28.0741 0848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:17:28.0879 0848 TapiSrv - ok

00:17:28.0915 0848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:17:29.0031 0848 TBS - ok

00:17:29.0253 0848 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:17:29.0375 0848 Tcpip - ok

00:17:29.0670 0848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:17:29.0774 0848 TCPIP6 - ok

00:17:29.0942 0848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:17:30.0062 0848 tcpipreg - ok

00:17:30.0089 0848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:17:30.0154 0848 TDPIPE - ok

00:17:30.0190 0848 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:17:30.0297 0848 TDTCP - ok

00:17:30.0326 0848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:17:30.0433 0848 tdx - ok

00:17:30.0461 0848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:17:30.0493 0848 TermDD - ok

00:17:30.0585 0848 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:17:30.0758 0848 TermService - ok

00:17:30.0799 0848 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:17:30.0851 0848 Themes - ok

00:17:30.0884 0848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:17:30.0980 0848 THREADORDER - ok

00:17:31.0001 0848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:17:31.0155 0848 TrkWks - ok

00:17:31.0226 0848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:17:31.0354 0848 TrustedInstaller - ok

00:17:31.0399 0848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:17:31.0530 0848 tssecsrv - ok

00:17:31.0578 0848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:17:31.0617 0848 TsUsbFlt - ok

00:17:31.0698 0848 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

00:17:31.0736 0848 TsUsbGD - ok

00:17:31.0795 0848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:17:31.0923 0848 tunnel - ok

00:17:31.0958 0848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

00:17:31.0990 0848 uagp35 - ok

00:17:32.0044 0848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:17:32.0168 0848 udfs - ok

00:17:32.0222 0848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:17:32.0272 0848 UI0Detect - ok

00:17:32.0324 0848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:17:32.0355 0848 uliagpkx - ok

00:17:32.0377 0848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:17:32.0437 0848 umbus - ok

00:17:32.0477 0848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

00:17:32.0538 0848 UmPass - ok

00:17:32.0868 0848 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:17:33.0042 0848 UNS - ok

00:17:33.0174 0848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:17:33.0335 0848 upnphost - ok

00:17:33.0413 0848 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

00:17:33.0478 0848 USBAAPL64 - ok

00:17:33.0525 0848 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

00:17:33.0569 0848 usbccgp - ok

00:17:33.0595 0848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:17:33.0653 0848 usbcir - ok

00:17:33.0688 0848 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys

00:17:33.0765 0848 usbehci - ok

00:17:33.0832 0848 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys

00:17:33.0904 0848 usbhub - ok

00:17:33.0939 0848 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

00:17:33.0979 0848 usbohci - ok

00:17:34.0011 0848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

00:17:34.0081 0848 usbprint - ok

00:17:34.0127 0848 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:17:34.0185 0848 USBSTOR - ok

00:17:34.0218 0848 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

00:17:34.0281 0848 usbuhci - ok

00:17:34.0339 0848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

00:17:34.0404 0848 usbvideo - ok

00:17:34.0442 0848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:17:34.0573 0848 UxSms - ok

00:17:34.0619 0848 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

00:17:34.0655 0848 VaultSvc - ok

00:17:34.0702 0848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:17:34.0730 0848 vdrvroot - ok

00:17:34.0795 0848 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:17:34.0933 0848 vds - ok

00:17:34.0964 0848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:17:35.0011 0848 vga - ok

00:17:35.0026 0848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:17:35.0154 0848 VgaSave - ok

00:17:35.0208 0848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:17:35.0247 0848 vhdmp - ok

00:17:35.0267 0848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:17:35.0298 0848 viaide - ok

00:17:35.0324 0848 vmkbd2 (5f22132c9153639762708909f156b33d) C:\Windows\system32\zpnodecollector.dll

00:17:35.0342 0848 vmkbd2 ( Backdoor.Multi.ZAccess.gen ) - infected

00:17:35.0342 0848 vmkbd2 - detected Backdoor.Multi.ZAccess.gen (0)

00:17:35.0379 0848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:17:35.0413 0848 volmgr - ok

00:17:35.0479 0848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:17:35.0525 0848 volmgrx - ok

00:17:35.0584 0848 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:17:35.0628 0848 volsnap - ok

00:17:35.0708 0848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

00:17:35.0757 0848 vsmraid - ok

00:17:35.0921 0848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:17:36.0122 0848 VSS - ok

00:17:36.0240 0848 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:17:36.0303 0848 vwifibus - ok

00:17:36.0352 0848 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:17:36.0422 0848 vwififlt - ok

00:17:36.0509 0848 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:17:36.0632 0848 W32Time - ok

00:17:36.0675 0848 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

00:17:36.0737 0848 WacomPen - ok

00:17:36.0798 0848 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:17:36.0918 0848 WANARP - ok

00:17:36.0925 0848 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:17:37.0028 0848 Wanarpv6 - ok

00:17:37.0173 0848 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:17:37.0263 0848 WatAdminSvc - ok

00:17:37.0410 0848 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:17:37.0517 0848 wbengine - ok

00:17:37.0689 0848 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:17:37.0753 0848 WbioSrvc - ok

00:17:37.0783 0848 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:17:37.0868 0848 wcncsvc - ok

00:17:37.0895 0848 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:17:37.0936 0848 WcsPlugInService - ok

00:17:37.0979 0848 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

00:17:38.0009 0848 Wd - ok

00:17:38.0088 0848 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:17:38.0150 0848 Wdf01000 - ok

00:17:38.0176 0848 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:17:38.0266 0848 WdiServiceHost - ok

00:17:38.0272 0848 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:17:38.0331 0848 WdiSystemHost - ok

00:17:38.0384 0848 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:17:38.0466 0848 WebClient - ok

00:17:38.0517 0848 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:17:38.0656 0848 Wecsvc - ok

00:17:38.0701 0848 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:17:38.0832 0848 wercplsupport - ok

00:17:38.0894 0848 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:17:39.0008 0848 WerSvc - ok

00:17:39.0057 0848 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:17:39.0164 0848 WfpLwf - ok

00:17:39.0181 0848 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:17:39.0211 0848 WIMMount - ok

00:17:39.0224 0848 WinHttpAutoProxySvc - ok

00:17:39.0304 0848 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:17:39.0458 0848 Winmgmt - ok

00:17:39.0660 0848 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:17:39.0851 0848 WinRM - ok

00:17:40.0045 0848 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

00:17:40.0106 0848 WinUsb - ok

00:17:40.0206 0848 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:17:40.0319 0848 Wlansvc - ok

00:17:40.0402 0848 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:17:40.0440 0848 wlcrasvc - ok

00:17:40.0716 0848 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:17:40.0848 0848 wlidsvc - ok

00:17:40.0984 0848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:17:41.0040 0848 WmiAcpi - ok

00:17:41.0123 0848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:17:41.0187 0848 wmiApSrv - ok

00:17:41.0242 0848 WMPNetworkSvc - ok

00:17:41.0282 0848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:17:41.0373 0848 WPCSvc - ok

00:17:41.0399 0848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:17:41.0469 0848 WPDBusEnum - ok

00:17:41.0500 0848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:17:41.0612 0848 ws2ifsl - ok

00:17:41.0624 0848 WSearch - ok

00:17:41.0857 0848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:17:42.0061 0848 wuauserv - ok

00:17:42.0786 0848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:17:42.0945 0848 WudfPf - ok

00:17:43.0017 0848 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:17:43.0141 0848 WUDFRd - ok

00:17:43.0192 0848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:17:43.0340 0848 wudfsvc - ok

00:17:43.0493 0848 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll

00:17:43.0541 0848 WwanSvc - ok

00:17:43.0592 0848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:17:44.0647 0848 \Device\Harddisk0\DR0 - ok

00:17:44.0682 0848 Boot (0x1200) (c97c7f9a9e14d36a0174420dc098eca8) \Device\Harddisk0\DR0\Partition0

00:17:44.0691 0848 \Device\Harddisk0\DR0\Partition0 - ok

00:17:44.0736 0848 Boot (0x1200) (543d1be4034c72534e54b9db5885aeed) \Device\Harddisk0\DR0\Partition1

00:17:44.0759 0848 \Device\Harddisk0\DR0\Partition1 - ok

00:17:44.0784 0848 Boot (0x1200) (fa18640decccd794e0e1b7cd8a020a1b) \Device\Harddisk0\DR0\Partition2

00:17:44.0786 0848 \Device\Harddisk0\DR0\Partition2 - ok

00:17:44.0800 0848 Boot (0x1200) (faf82de658cbfd85c3a7742ba0c148c4) \Device\Harddisk0\DR0\Partition3

00:17:44.0801 0848 \Device\Harddisk0\DR0\Partition3 - ok

00:17:44.0802 0848 ============================================================

00:17:44.0802 0848 Scan finished

00:17:44.0802 0848 ============================================================

00:17:44.0815 0648 Detected object count: 5

00:17:44.0816 0648 Actual detected object count: 5

00:17:47.0652 0648 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

00:17:47.0652 0648 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:17:47.0655 0648 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

00:17:47.0655 0648 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:17:47.0660 0648 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

00:17:47.0660 0648 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:17:47.0664 0648 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

00:17:47.0664 0648 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:17:47.0745 0648 C:\Windows\system32\zpnodecollector.dll - copied to quarantine

00:17:47.0747 0648 HKLM\SYSTEM\ControlSet001\services\vmkbd2 - will be deleted on reboot

00:17:47.0816 0648 HKLM\SYSTEM\ControlSet002\services\vmkbd2 - will be deleted on reboot

00:17:47.0962 0648 C:\Windows\system32\zpnodecollector.dll - will be deleted on reboot

00:17:47.0962 0648 vmkbd2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

00:17:57.0418 2736 Deinitialize success

[LDTate]

If the pc didn't reboot after the scan, reboot and then do this:

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[paoktzi]

ComboFix 12-05-18.03 - Kostaki 19/05/2012 12:00:34.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1910.699 [GMT 10:00]

Running from: c:\users\Kostaki\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))

.

.

2012-05-19 02:20 . 2012-05-19 02:20 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-05-19 02:20 . 2012-05-19 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-18 14:14 . 2012-05-18 14:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-17 08:48 . 2012-05-18 05:59 -------- d-----w- c:\users\Kostaki\AppData\Roaming\dvdcss

2012-05-09 12:34 . 2012-05-09 12:34 -------- d-----w- c:\programdata\LightScribe

2012-05-09 12:34 . 2012-05-09 12:52 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Nero

2012-05-09 12:32 . 2012-05-12 17:52 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-05-09 12:31 . 2012-05-09 12:33 -------- d-----w- c:\program files (x86)\Nero

2012-05-09 12:31 . 2012-05-09 12:33 -------- d-----w- c:\programdata\Nero

2012-05-09 12:27 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Ask.com

2012-05-08 12:33 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Common Files\LightScribe

2012-04-30 09:50 . 2012-05-01 11:30 -------- d-----w- c:\programdata\Windows

2012-04-27 08:34 . 2012-04-27 08:34 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Malwarebytes

2012-04-27 08:34 . 2012-04-27 08:34 -------- d-----w- c:\programdata\Malwarebytes

2012-04-27 08:34 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-27 08:34 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-27 05:44 . 2011-01-07 04:54 767952 ----a-w- c:\windows\BDTSupport.dll

2012-04-27 05:44 . 2011-01-07 04:54 149456 ----a-w- c:\windows\SGDetectionTool.dll

2012-04-27 05:44 . 2011-01-07 04:54 1533904 ----a-w- c:\windows\PCTBDRes.dll

2012-04-27 05:44 . 2011-01-07 04:54 2000848 ----a-w- c:\windows\PCTBDCore.dll

2012-04-27 05:43 . 2010-07-16 04:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2012-04-27 05:43 . 2010-06-29 00:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2012-04-27 05:43 . 2011-01-16 23:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2012-04-27 05:43 . 2010-12-15 22:43 137704 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2012-04-27 05:43 . 2010-12-10 03:24 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2012-04-27 05:42 . 2010-12-15 22:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2012-04-27 05:42 . 2012-05-19 19:42 -------- d-----w- c:\program files (x86)\PC Tools Security

2012-04-25 09:25 . 2012-04-25 09:25 -------- d-----w- c:\program files\Yamicsoft

2012-04-24 14:14 . 2012-04-24 14:14 -------- d-----w- c:\windows\Sun

2012-04-24 07:25 . 2012-04-27 06:57 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Yvuh

2012-04-24 07:25 . 2012-04-27 06:52 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Dobuy

2012-04-24 07:25 . 2012-04-24 07:25 142336 ----a-w- c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe

2012-04-24 07:25 . 2012-04-24 07:25 142336 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe

2012-04-24 07:15 . 2012-05-19 01:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-21 11:19 . 2012-04-22 06:45 -------- d-----w- C:\af983eb7993ee3ee4629f7ee77c2a882

2012-04-21 07:27 . 2012-04-21 07:27 -------- d-----w- c:\users\Kostaki\AppData\Local\AVG Secure Search

2012-04-21 07:26 . 2012-04-21 07:27 -------- d-----w- c:\programdata\AVG Secure Search

2012-04-21 07:26 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-04-21 07:26 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-04-21 07:25 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Xvid

2012-04-21 07:25 . 2012-04-21 07:25 -------- d--h--w- c:\programdata\Common Files

2012-04-21 06:42 . 2012-05-19 19:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-04-21 06:42 . 2012-05-19 19:38 -------- d-----w- c:\programdata\PC Tools

2012-04-21 06:42 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Spyware Doctor

2012-04-21 06:42 . 2012-04-21 06:42 -------- d-----w- c:\users\Kostaki\AppData\Roaming\PC Tools

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-22 08:25 . 2012-03-28 09:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-22 08:25 . 2011-11-01 20:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 01:44 . 2012-03-28 09:22 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-06 05:43 . 2012-04-01 06:19 136344 ----a-w- c:\windows\SysWow64\atl100.dll

2012-03-06 05:43 . 2012-04-01 06:19 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll

2012-03-06 05:43 . 2012-04-01 06:19 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll

2012-03-06 05:43 . 2010-11-09 22:20 772248 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-03-06 05:43 . 2010-11-09 22:20 419480 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-27 740216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

gedew.exe [2012-4-24 142336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-29 17152]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]

R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R4 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]

R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-29 2152152]

R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-09-26 375176]

R4 PCToolsProtectInjDrv;PCToolsProtectInjDrv;c:\users\Kostaki\AppData\Local\Temp\pcttProtect64.sys [x]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120518.001_16e\IDSvia64.sys [2012-05-17 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-27 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-22 13:06]

.

2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:25]

.

2012-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2436082078-2685698106-4065389737-1001Core.job

- c:\users\Kostaki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 07:43]

.

2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2436082078-2685698106-4065389737-1001UA.job

- c:\users\Kostaki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 07:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF8909.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vmkbd2

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://startsear.ch/?aff=1

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 61.9.134.49 61.9.133.193

FF - ProfilePath - c:\users\Kostaki\AppData\Roaming\Mozilla\Firefox\Profiles\thgmei3l.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Toolbar-10 - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,

7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,

7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,

99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:d8,a7,87,7d,eb,21,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,b4,0c,99,5d,21,fe,42,94,01,47,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,b4,0c,99,5d,21,fe,42,94,01,47,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\hsplayer.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-05-19 12:33:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-19 02:33

.

Pre-Run: 296,473,391,104 bytes free

Post-Run: 296,110,030,848 bytes free

.

- - End Of File - - F0CF33ADBAE07FB2767A5CF1B8B66252

my my internet explorer would not load at all...i restarted and it loaded that was the only thing i realised

[LDTate]

c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe

Do you know what these 2 files are?

If not, do this:

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for this:

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

[paoktzi]

c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe

these are the results for this

Scanners

2012-05-19 Found nothing

2012-05-19 W32/ProxyBot.B.gen!Eldorado

2012-05-19 Win32:Zbot-OHK

2012-05-19 Gen:Variant.Kazy.67232

2012-05-19 Win32/Cryptor

2012-05-19 Gen:Variant.Kazy.67232

2012-05-18 TR/Crypt.XPACK.Gen

2012-05-19 Virus.Win32.Cryptor

2012-05-19 Gen:Variant.Kazy.67232

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Trojan.PWS.Panda.655

2012-05-19 Mal/Zbot-FX

2012-05-19 Virus.Win32.Cryptor!IK

2012-05-18 BScope.Trojan-Ransom.Winlock.2841

2012-05-19 Win32/Kryptik.AEVB

2012-05-18 Found nothing

[paoktzi]

2012-05-19 Found nothing

2012-05-19 W32/ProxyBot.B.gen!Eldorado

2012-05-19 Win32:Zbot-OHK

2012-05-19 Gen:Variant.Kazy.67232

2012-05-19 Win32/Cryptor

2012-05-19 Gen:Variant.Kazy.67232

2012-05-18 TR/Crypt.XPACK.Gen

2012-05-19 Virus.Win32.Cryptor

2012-05-19 Gen:Variant.Kazy.67232

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Found nothing

2012-05-19 Trojan.PWS.Panda.655

2012-05-19 Mal/Zbot-FX

2012-05-19 Virus.Win32.Cryptor!IK

2012-05-18 BScope.Trojan-Ransom.Winlock.2841

2012-05-19 Win32/Kryptik.AEVB

2012-05-18 Found nothing

[paoktzi]

that is

c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe
c:\windows\system32\dds_trash_log.cmd
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gedew.exe
c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll

Folder::
c:\progra~2\SEARCH~1

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[paoktzi]

ComboFix 12-05-18.03 - Kostaki 20/05/2012 6:24.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1910.891 [GMT 10:00]

Running from: c:\users\Kostaki\Desktop\ComboFix.exe

Command switches used :: c:\users\Kostaki\Desktop\CFScript.txt.lnk

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\dds_trash_log.cmd

.

.

((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))

.

.

2012-05-19 20:44 . 2012-05-19 20:44 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-05-19 20:44 . 2012-05-19 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-19 13:29 . 2012-05-19 13:29 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Zyubfo

2012-05-19 13:29 . 2012-05-19 13:29 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Riipqi

2012-05-18 14:14 . 2012-05-18 14:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-17 08:48 . 2012-05-18 05:59 -------- d-----w- c:\users\Kostaki\AppData\Roaming\dvdcss

2012-05-09 12:34 . 2012-05-09 12:34 -------- d-----w- c:\programdata\LightScribe

2012-05-09 12:34 . 2012-05-09 12:52 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Nero

2012-05-09 12:32 . 2012-05-12 17:52 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-05-09 12:31 . 2012-05-09 12:33 -------- d-----w- c:\program files (x86)\Nero

2012-05-09 12:31 . 2012-05-09 12:33 -------- d-----w- c:\programdata\Nero

2012-05-09 12:27 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Ask.com

2012-05-08 12:33 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Common Files\LightScribe

2012-04-30 09:50 . 2012-05-01 11:30 -------- d-----w- c:\programdata\Windows

2012-04-27 08:34 . 2012-04-27 08:34 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Malwarebytes

2012-04-27 08:34 . 2012-04-27 08:34 -------- d-----w- c:\programdata\Malwarebytes

2012-04-27 08:34 . 2012-05-19 19:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-27 08:34 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-27 05:44 . 2011-01-07 04:54 767952 ----a-w- c:\windows\BDTSupport.dll

2012-04-27 05:44 . 2011-01-07 04:54 149456 ----a-w- c:\windows\SGDetectionTool.dll

2012-04-27 05:44 . 2011-01-07 04:54 1533904 ----a-w- c:\windows\PCTBDRes.dll

2012-04-27 05:44 . 2011-01-07 04:54 2000848 ----a-w- c:\windows\PCTBDCore.dll

2012-04-27 05:43 . 2010-07-16 04:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2012-04-27 05:43 . 2010-06-29 00:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2012-04-27 05:43 . 2011-01-16 23:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2012-04-27 05:43 . 2010-12-15 22:43 137704 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2012-04-27 05:43 . 2010-12-10 03:24 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2012-04-27 05:42 . 2010-12-15 22:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2012-04-27 05:42 . 2012-05-19 19:42 -------- d-----w- c:\program files (x86)\PC Tools Security

2012-04-25 09:25 . 2012-04-25 09:25 -------- d-----w- c:\program files\Yamicsoft

2012-04-24 14:14 . 2012-04-24 14:14 -------- d-----w- c:\windows\Sun

2012-04-24 07:25 . 2012-04-27 06:57 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Yvuh

2012-04-24 07:25 . 2012-04-27 06:52 -------- d-----w- c:\users\Kostaki\AppData\Roaming\Dobuy

2012-04-24 07:25 . 2012-04-24 07:25 142336 ----a-w- c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe

2012-04-24 07:25 . 2012-04-24 07:25 142336 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe

2012-04-21 11:19 . 2012-04-22 06:45 -------- d-----w- C:\af983eb7993ee3ee4629f7ee77c2a882

2012-04-21 07:27 . 2012-04-21 07:27 -------- d-----w- c:\users\Kostaki\AppData\Local\AVG Secure Search

2012-04-21 07:26 . 2012-04-21 07:27 -------- d-----w- c:\programdata\AVG Secure Search

2012-04-21 07:26 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-04-21 07:26 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-04-21 07:25 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Xvid

2012-04-21 07:25 . 2012-04-21 07:25 -------- d--h--w- c:\programdata\Common Files

2012-04-21 06:42 . 2012-05-19 19:37 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-04-21 06:42 . 2012-05-19 19:38 -------- d-----w- c:\programdata\PC Tools

2012-04-21 06:42 . 2012-04-22 06:45 -------- d-----w- c:\program files (x86)\Spyware Doctor

2012-04-21 06:42 . 2012-04-21 06:42 -------- d-----w- c:\users\Kostaki\AppData\Roaming\PC Tools

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-22 08:25 . 2012-03-28 09:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-22 08:25 . 2011-11-01 20:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 01:44 . 2012-03-28 09:22 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-06 05:43 . 2012-04-01 06:19 136344 ----a-w- c:\windows\SysWow64\atl100.dll

2012-03-06 05:43 . 2012-04-01 06:19 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll

2012-03-06 05:43 . 2012-04-01 06:19 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll

2012-03-06 05:43 . 2010-11-09 22:20 772248 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-03-06 05:43 . 2010-11-09 22:20 419480 ----a-w- c:\windows\SysWow64\msvcp100.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-19_02.23.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-13 23:32 . 2009-07-14 01:15 24064 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll

+ 2009-07-13 23:32 . 2009-07-14 01:06 20480 c:\windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll

+ 2009-07-13 23:30 . 2009-07-14 01:16 61952 c:\windows\SysWOW64\wbem\xml\wmi2xml.dll

+ 2009-07-13 23:30 . 2009-07-14 01:16 85504 c:\windows\SysWOW64\wbem\wmiutils.dll

+ 2009-07-13 23:19 . 2009-07-14 01:16 50176 c:\windows\SysWOW64\wbem\WmiPerfInst.dll

+ 2009-07-13 23:19 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\wbem\WmiPerfClass.dll

+ 2009-07-13 23:30 . 2009-07-14 01:16 74752 c:\windows\SysWOW64\wbem\WMICOOKR.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 89600 c:\windows\SysWOW64\wbem\WmiApRpl.dll

+ 2009-07-13 23:30 . 2009-07-14 01:14 78336 c:\windows\SysWOW64\wbem\WinMgmt.exe

+ 2009-07-13 23:30 . 2009-07-14 01:16 47616 c:\windows\SysWOW64\wbem\wbemsvc.dll

+ 2009-07-13 23:30 . 2009-07-14 01:16 29184 c:\windows\SysWOW64\wbem\wbemprox.dll

+ 2009-07-13 23:30 . 2009-07-14 01:16 98304 c:\windows\SysWOW64\wbem\stdprov.dll

+ 2009-07-13 23:22 . 2009-07-14 01:16 79360 c:\windows\SysWOW64\wbem\RacWmiProv.dll

+ 2009-07-13 23:30 . 2009-07-14 01:14 19968 c:\windows\SysWOW64\wbem\mofcomp.exe

+ 2009-07-14 00:14 . 2009-07-14 01:16 18944 c:\windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL

+ 2009-07-14 00:01 . 2009-07-14 01:16 66560 c:\windows\SysWOW64\Setup\tssysprep.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 67584 c:\windows\SysWOW64\Setup\pbkmigr.dll

+ 2009-07-13 23:44 . 2009-07-14 01:15 65024 c:\windows\SysWOW64\Setup\msdtcstp.dll

+ 2009-07-13 23:54 . 2009-07-14 01:15 58368 c:\windows\SysWOW64\Setup\cmmigr.dll

+ 2011-07-06 08:44 . 2010-08-27 21:43 62464 c:\windows\SysWOW64\sda\SDRTCPRM.dll

+ 2010-11-21 07:06 . 2010-11-21 07:06 51462 c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 56756 c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 81048 c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 69882 c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 51312 c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs

+ 2010-11-21 03:24 . 2010-11-21 03:24 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll

+ 2009-07-13 22:00 . 2009-06-10 21:15 19429 c:\windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat

+ 2009-07-14 00:13 . 2009-07-14 01:16 57344 c:\windows\SysWOW64\migwiz\replacementmanifests\WindowsSearchEngine\WSearchMigPlugin.dll

+ 2009-07-13 23:51 . 2009-07-14 01:16 72192 c:\windows\SysWOW64\migwiz\replacementmanifests\Usb\usbmigplugin.dll

+ 2009-07-14 00:01 . 2009-07-14 01:16 75776 c:\windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\TlsRepPlugin.dll

+ 2010-11-21 03:25 . 2010-11-21 03:25 90112 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll

+ 2009-07-13 23:40 . 2009-07-14 01:16 19456 c:\windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\gameuxmig.dll

+ 2009-07-14 00:03 . 2009-07-14 01:16 68608 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\audmigplugin.dll

+ 2009-07-13 23:15 . 2009-07-14 01:16 97280 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\nlscoremig.dll

+ 2009-07-13 23:32 . 2009-07-14 01:16 63488 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\adwsmigrate.dll

+ 2009-07-13 23:52 . 2009-07-14 01:16 89088 c:\windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\icfupgd.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 31744 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 22528 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imtcmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 32768 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imscmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 39936 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 35328 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll

+ 2010-11-21 03:25 . 2010-11-21 03:25 90112 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll

+ 2009-07-13 23:54 . 2009-07-14 01:16 58368 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\cmmigr.dll

+ 2009-07-13 23:14 . 2009-07-14 01:16 95744 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\CscMigDl.dll

+ 2009-07-13 23:52 . 2009-07-14 01:16 62976 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\bridgemigplugin.dll

+ 2009-07-13 23:15 . 2009-07-14 01:16 97280 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\nlscoremig.dll

+ 2009-07-13 23:38 . 2009-07-14 01:16 89600 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\adammigrate.dll

+ 2009-07-13 23:44 . 2009-07-14 01:16 65024 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\msdtcstp.dll

+ 2009-07-13 23:44 . 2009-07-14 01:16 55296 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll

+ 2009-07-13 23:51 . 2009-07-14 01:16 75776 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll

+ 2009-07-13 23:36 . 2009-07-14 01:16 74752 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\adfsmig.dll

+ 2009-07-13 23:32 . 2009-07-14 01:16 63488 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\adwsmigrate.dll

+ 2009-07-13 23:29 . 2009-07-14 01:16 61440 c:\windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\bitsmig.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 67584 c:\windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\pbkmigr-Mig.dll

+ 2009-07-14 00:13 . 2009-07-14 01:16 57344 c:\windows\SysWOW64\migration\WSearchMigPlugin.dll

+ 2011-12-28 03:12 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2009-07-13 23:26 . 2009-07-14 01:16 31744 c:\windows\SysWOW64\migration\TableTextServiceMig.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 90112 c:\windows\SysWOW64\migration\shmig.dll

+ 2009-07-14 00:14 . 2009-07-14 01:16 44032 c:\windows\SysWOW64\migration\SCGMigPlugin.dll

+ 2009-07-13 23:19 . 2009-07-14 01:16 98304 c:\windows\SysWOW64\migration\PlaMig.dll

+ 2009-07-13 23:15 . 2009-07-14 01:16 97280 c:\windows\SysWOW64\migration\nlscoremig.dll

+ 2009-07-13 23:53 . 2009-07-14 01:16 57856 c:\windows\SysWOW64\migration\netiomig.dll

+ 2009-07-13 23:53 . 2009-07-14 01:15 51200 c:\windows\SysWOW64\migration\IphlpsvcMigPlugin.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 22528 c:\windows\SysWOW64\migration\imtcmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 32768 c:\windows\SysWOW64\migration\imscmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 39936 c:\windows\SysWOW64\migration\imkrmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 35328 c:\windows\SysWOW64\migration\imjpmig.dll

+ 2009-07-13 23:40 . 2009-07-14 01:15 19456 c:\windows\SysWOW64\migration\gameuxmig.dll

+ 2009-07-13 23:44 . 2009-07-14 01:15 55296 c:\windows\SysWOW64\migration\commig.dll

+ 2009-07-13 23:51 . 2009-07-14 01:15 75776 c:\windows\SysWOW64\migration\bthmigplugin.dll

+ 2009-07-14 00:03 . 2009-07-14 01:14 68608 c:\windows\SysWOW64\migration\audmigplugin.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0816\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0404\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\002d\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0024\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0021\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\001f\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\001d\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\001b\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\001a\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0019\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0015\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0014\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0013\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0012\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0011\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35840 c:\windows\SysWOW64\InstallShield\setupdir\0010\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\000e\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\000b\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35840 c:\windows\SysWOW64\InstallShield\setupdir\000a\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0009\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35840 c:\windows\SysWOW64\InstallShield\setupdir\0008\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35328 c:\windows\SysWOW64\InstallShield\setupdir\0007\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0006\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\setupdir\0005\_setup.dll

+ 2009-07-13 21:23 . 2009-07-14 01:11 35840 c:\windows\SysWOW64\InstallShield\setupdir\0003\_setup.dll

+ 2009-07-13 21:23 . 2009-06-10 21:48 71680 c:\windows\SysWOW64\InstallShield\setup.exe

+ 2009-07-13 21:23 . 2009-07-14 01:11 34816 c:\windows\SysWOW64\InstallShield\_setup.dll

+ 2009-06-10 21:48 . 2009-06-10 21:48 27648 c:\windows\SysWOW64\InstallShield\_isdel.exe

+ 2009-07-13 23:26 . 2009-07-14 01:15 11776 c:\windows\SysWOW64\IME\shared\res\padrs804.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 17920 c:\windows\SysWOW64\IME\shared\res\padrs412.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 18432 c:\windows\SysWOW64\IME\shared\res\padrs411.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 11264 c:\windows\SysWOW64\IME\shared\res\padrs404.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 15360 c:\windows\SysWOW64\IME\shared\imever.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 32768 c:\windows\SysWOW64\IME\shared\IMEPADSM.DLL

+ 2009-07-13 23:26 . 2009-07-14 01:15 31744 c:\windows\SysWOW64\IME\shared\imecfm.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 29696 c:\windows\SysWOW64\IME\shared\IMEAPIS.DLL

+ 2009-07-13 23:26 . 2009-07-14 01:15 58368 c:\windows\SysWOW64\IME\IMETC10\applets\IMTCDIC.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 53760 c:\windows\SysWOW64\IME\IMESC5\PMIGRATE.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 90112 c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe

+ 2009-07-13 23:26 . 2009-07-14 01:15 53248 c:\windows\SysWOW64\IME\imekr8\imkrudt.dll

+ 2009-07-13 23:26 . 2009-07-14 01:15 78848 c:\windows\SysWOW64\IME\imekr8\dicts\imkrhjd.dll

+ 2009-07-13 23:26 . 2009-07-14 01:14 58368 c:\windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE

+ 2009-07-13 23:26 . 2009-07-14 01:14 26112 c:\windows\SysWOW64\IME\IMEJP10\imjppdmg.exe

+ 2009-07-13 23:26 . 2009-07-14 01:14 74240 c:\windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE

+ 2009-07-13 23:26 . 2009-07-14 01:14 59904 c:\windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE

+ 2009-07-13 23:26 . 2009-07-14 01:15 36864 c:\windows\SysWOW64\IME\IMEJP10\IMJPDCTP.DLL

+ 2009-07-13 23:26 . 2009-07-14 01:14 14848 c:\windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE

+ 2010-11-21 07:06 . 2010-11-21 07:06 69632 c:\windows\SysWOW64\en\AuthFWWizFwk.Resources.dll

+ 2009-07-13 23:17 . 2009-07-14 01:19 19008 c:\windows\SysWOW64\drivers\wimmount.sys

+ 2010-11-21 03:24 . 2010-11-21 03:24 89600 c:\windows\SysWOW64\Dism\LogProvider.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 49152 c:\windows\SysWOW64\Dism\FolderProvider.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 82944 c:\windows\SysWOW64\Dism\DismHost.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 50688 c:\windows\SysWOW64\Dism\DismCorePS.dll

+ 2012-04-24 07:25 . 2012-04-27 06:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-04-24 08:26 . 2012-04-27 06:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat

+ 2009-07-14 04:54 . 2012-04-27 07:03 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-04-24 16:06 . 2012-04-24 16:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2009-07-14 00:06 . 2009-07-14 01:39 42496 c:\windows\system32\xwizard.exe

+ 2009-07-13 23:59 . 2009-07-14 01:41 59392 c:\windows\system32\xolehlp.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 22016 c:\windows\system32\xmlprovi.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 67072 c:\windows\system32\xmlfilter.dll

+ 2009-07-14 00:20 . 2009-07-14 01:41 30720 c:\windows\system32\XInput9_1_0.dll

+ 2012-01-02 01:54 . 2006-07-27 22:31 83736 c:\windows\system32\xinput1_2.dll

+ 2011-10-30 20:09 . 2006-03-31 01:39 83664 c:\windows\system32\xinput1_1.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 43008 c:\windows\system32\xcopy.exe

+ 2012-01-02 09:46 . 2010-06-01 17:55 77656 c:\windows\system32\XAPOFX1_5.dll

+ 2012-01-02 05:49 . 2010-02-03 23:01 78680 c:\windows\system32\XAPOFX1_4.dll

+ 2012-01-02 05:49 . 2009-09-04 06:44 73544 c:\windows\system32\XAPOFX1_3.dll

+ 2012-01-02 05:48 . 2008-10-26 23:04 74576 c:\windows\system32\XAPOFX1_2.dll

+ 2012-01-02 05:48 . 2008-07-30 23:41 72200 c:\windows\system32\XAPOFX1_1.dll

+ 2012-01-02 01:58 . 2008-05-30 03:17 68104 c:\windows\system32\XAPOFX1_0.dll

+ 2012-01-02 05:49 . 2010-02-03 23:01 24920 c:\windows\system32\X3DAudio1_7.dll

+ 2012-01-02 05:49 . 2009-03-16 03:18 24920 c:\windows\system32\X3DAudio1_6.dll

+ 2012-01-02 05:48 . 2008-10-26 23:04 25936 c:\windows\system32\X3DAudio1_5.dll

+ 2012-01-02 01:58 . 2008-05-30 03:16 28168 c:\windows\system32\X3DAudio1_4.dll

+ 2012-01-02 01:58 . 2008-03-05 05:00 28168 c:\windows\system32\X3DAudio1_3.dll

+ 2012-01-02 01:58 . 2007-10-21 16:37 21000 c:\windows\system32\X3DAudio1_2.dll

+ 2012-01-02 01:58 . 2007-03-05 01:42 17688 c:\windows\system32\x3daudio1_1.dll

+ 2011-10-30 20:09 . 2006-02-02 21:41 16592 c:\windows\system32\x3daudio1_0.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 36352 c:\windows\system32\wwapi.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 48640 c:\windows\system32\wwanprotdim.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 46592 c:\windows\system32\Wwanpref.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 15872 c:\windows\system32\wwaninst.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 73728 c:\windows\system32\WWanHC.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 49664 c:\windows\system32\wwancfg.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system32\wups2.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 33280 c:\windows\system32\wups.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 98304 c:\windows\system32\wudriver.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 78848 c:\windows\system32\WUDFSvc.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 44544 c:\windows\system32\WUDFCoinstaller.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 51200 c:\windows\system32\wuauclt.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 36864 c:\windows\system32\wuapp.exe

+ 2009-07-14 00:17 . 2009-07-14 01:41 54272 c:\windows\system32\wtsapi32.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 18432 c:\windows\system32\wsock32.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 67072 c:\windows\system32\wsnmp32.dll

+ 2009-07-13 23:47 . 2009-07-14 01:34 54272 c:\windows\system32\WsmRes.dll

+ 2009-07-13 23:47 . 2009-07-14 01:39 13824 c:\windows\system32\wsmprovhost.exe

+ 2009-07-13 23:47 . 2009-07-14 01:41 13312 c:\windows\system32\wsmplpxy.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 13312 c:\windows\system32\WSHTCPIP.DLL

+ 2009-07-14 00:09 . 2009-07-14 01:41 17408 c:\windows\system32\wshrm.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 16896 c:\windows\system32\wshqos.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 13312 c:\windows\system32\wshnetbs.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 13824 c:\windows\system32\wshirda.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 13824 c:\windows\system32\wship6.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 19968 c:\windows\system32\wshelper.dll

+ 2009-07-13 23:58 . 2009-07-14 01:41 28160 c:\windows\system32\wshcon.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 47104 c:\windows\system32\wshbth.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 23040 c:\windows\system32\wsepno.dll

+ 2009-07-14 00:35 . 2009-07-14 01:41 67072 c:\windows\system32\WSDScanProxy.dll

+ 2009-07-14 00:39 . 2009-07-14 01:41 69632 c:\windows\system32\WSDPrintProxy.DLL

+ 2010-11-21 03:24 . 2010-11-21 03:24 26112 c:\windows\system32\wsdchngr.dll

+ 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system32\wscsvc.dll

+ 2009-07-13 23:48 . 2009-07-14 01:41 13824 c:\windows\system32\wscproxystub.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 68608 c:\windows\system32\wscmisetup.dll

+ 2009-07-13 23:48 . 2009-07-14 01:41 22528 c:\windows\system32\wscisvif.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 63488 c:\windows\system32\wscapi.dll

+ 2009-07-13 23:56 . 2009-07-14 01:39 10240 c:\windows\system32\write.exe

+ 2009-07-14 00:40 . 2009-07-14 01:39 48640 c:\windows\system32\wpnpinst.exe

+ 2009-07-14 00:22 . 2009-07-14 01:39 34816 c:\windows\system32\WPDShextAutoplay.exe

+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 12288 c:\windows\system32\wpcsvc.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 17408 c:\windows\system32\wpcmig.dll

+ 2009-07-13 23:26 . 2009-07-14 01:39 16384 c:\windows\system32\wowreg32.exe

+ 2011-10-29 21:43 . 2011-07-16 05:41 13312 c:\windows\system32\wow64cpu.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 14848 c:\windows\system32\wmsgapi.dll

+ 2009-07-14 00:23 . 2009-07-14 01:41 28672 c:\windows\system32\wmpcm.dll

+ 2009-07-13 23:22 . 2009-07-14 01:41 27648 c:\windows\system32\wmiprop.dll

+ 2009-07-14 00:21 . 2009-07-14 01:41 37888 c:\windows\system32\wmdmlog.dll

+ 2009-07-14 00:22 . 2009-07-14 01:41 44032 c:\windows\system32\wmcodecdspps.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 10752 c:\windows\system32\WlS0WndH.dll

+ 2009-07-13 23:52 . 2009-07-14 01:39 44544 c:\windows\system32\wlrmdr.exe

+ 2009-07-14 00:07 . 2009-07-14 01:41 10752 c:\windows\system32\wlanutil.dll

+ 2009-07-14 00:07 . 2009-07-14 01:41 19968 c:\windows\system32\wlaninst.dll

+ 2009-07-14 00:07 . 2009-07-14 01:39 99328 c:\windows\system32\wlanext.exe

+ 2009-07-14 00:16 . 2009-07-14 01:41 12800 c:\windows\system32\wksprtPS.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 71680 c:\windows\system32\wkscli.dll

+ 2009-07-13 23:57 . 2009-07-14 01:39 80384 c:\windows\system32\winver.exe

+ 2009-07-14 00:06 . 2009-07-14 01:41 20480 c:\windows\system32\winusb.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 24064 c:\windows\system32\WINSRPC.DLL

+ 2009-07-14 00:10 . 2009-07-14 01:41 88576 c:\windows\system32\winsockhc.dll

+ 2009-07-13 23:53 . 2009-07-14 01:40 13312 c:\windows\system32\winshfhc.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 13312 c:\windows\system32\winrssrv.dll

+ 2009-07-13 23:47 . 2009-07-14 01:39 24064 c:\windows\system32\winrshost.exe

+ 2009-07-13 23:47 . 2009-07-14 01:39 51200 c:\windows\system32\winrs.exe

+ 2009-07-13 23:53 . 2009-07-14 01:41 28672 c:\windows\system32\winrnr.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 26112 c:\windows\system32\winnsi.dll

+ 2009-07-14 00:35 . 2009-07-14 01:41 29184 c:\windows\system32\WinFax.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 99328 c:\windows\system32\winethc.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 28672 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll

+ 2009-07-13 23:49 . 2009-07-14 01:29 20480 c:\windows\system32\WindowsPowerShell\v1.0\PSEvents.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 39936 c:\windows\system32\wincredprovider.dll

+ 2009-07-13 23:30 . 2009-07-14 01:41 16384 c:\windows\system32\winbrand.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 57344 c:\windows\system32\WinBioPlugIns\winbiostorageadapter.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 13824 c:\windows\system32\WinBioPlugIns\winbiosensoradapter.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 78848 c:\windows\system32\winbio.dll

+ 2009-07-14 00:35 . 2009-07-14 01:39 36352 c:\windows\system32\wiawow64.exe

+ 2009-07-14 00:35 . 2009-07-14 01:41 14848 c:\windows\system32\wiatrace.dll

+ 2009-07-14 00:35 . 2009-07-14 01:41 99328 c:\windows\system32\wiascanprofiles.dll

+ 2009-07-14 00:35 . 2009-07-14 01:41 43520 c:\windows\system32\wiarpc.dll

+ 2009-07-14 00:36 . 2009-07-14 01:39 96256 c:\windows\system32\wiaacmgr.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 52736 c:\windows\system32\whoami.exe

+ 2009-07-14 00:10 . 2009-07-14 01:41 18944 c:\windows\system32\whhelper.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 43008 c:\windows\system32\where.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 35328 c:\windows\system32\whealogr.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 85504 c:\windows\system32\WfHC.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 22528 c:\windows\system32\wfapigp.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 76800 c:\windows\system32\wersvc.dll

+ 2009-07-13 23:40 . 2009-07-14 01:39 50688 c:\windows\system32\wermgr.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 26112 c:\windows\system32\WerFaultSecure.exe

+ 2009-07-13 23:40 . 2009-07-14 01:41 34304 c:\windows\system32\werdiagcontroller.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 84480 c:\windows\system32\wercplsupport.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 88576 c:\windows\system32\wecapi.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 36352 c:\windows\system32\wdiasqmmodule.dll

+ 2010-11-21 03:09 . 2012-05-19 20:16 44016 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-19 20:16 41856 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-29 03:59 . 2012-05-19 20:16 10010 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2436082078-2685698106-4065389737-1001_UserData.bin

+ 2009-07-13 23:31 . 2009-07-14 01:41 90624 c:\windows\system32\wdi.dll

+ 2009-07-13 23:38 . 2009-07-14 01:41 40960 c:\windows\system32\WcsPlugInService.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 35328 c:\windows\system32\WcnNetsh.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 25088 c:\windows\system32\WcnEapPeerProxy.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 24576 c:\windows\system32\WcnEapAuthProxy.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 62976 c:\windows\system32\wbem\xml\wmi2xml.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 54272 c:\windows\system32\wbem\wmitimep.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 59904 c:\windows\system32\wbem\WMIPSESS.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 89088 c:\windows\system32\wbem\WMIPIPRT.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 64512 c:\windows\system32\wbem\WmiPerfInst.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 53760 c:\windows\system32\wbem\wmipdfs.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 96256 c:\windows\system32\wbem\WMICOOKR.dll

+ 2009-07-13 23:46 . 2009-07-14 01:39 79872 c:\windows\system32\wbem\WinMgmt.exe

+ 2009-07-13 23:22 . 2009-07-14 01:41 99840 c:\windows\system32\wbem\Win32_EncryptableVolume.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 64512 c:\windows\system32\wbem\wbemsvc.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 43520 c:\windows\system32\wbem\wbemprox.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 75776 c:\windows\system32\wbem\wbemcons.dll

+ 2009-07-13 23:47 . 2009-07-14 01:39 47104 c:\windows\system32\wbem\unsecapp.exe

+ 2009-07-13 23:46 . 2009-07-14 01:41 48128 c:\windows\system32\wbem\SMTPCons.dll

+ 2009-07-13 23:47 . 2009-07-14 01:39 48128 c:\windows\system32\wbem\scrcons.exe

+ 2009-07-13 23:47 . 2009-07-14 01:41 78336 c:\windows\system32\wbem\NCProv.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 76288 c:\windows\system32\wbem\mofinstall.dll

+ 2009-07-13 23:47 . 2009-07-14 01:39 22528 c:\windows\system32\wbem\mofcomp.exe

+ 2009-07-13 23:47 . 2009-07-14 01:41 20480 c:\windows\system32\wbem\MMFUtil.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 44544 c:\windows\system32\wbem\KrnlProv.dll

+ 2010-11-21 03:25 . 2010-11-21 03:25 61952 c:\windows\system32\WavDest.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 44544 c:\windows\system32\waitfor.exe

+ 2009-07-14 00:22 . 2009-07-14 01:41 72192 c:\windows\system32\WABSyncProvider.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 35328 c:\windows\system32\w32topl.dll

+ 2009-07-13 23:49 . 2009-07-14 01:39 81408 c:\windows\system32\w32tm.exe

+ 2009-07-13 23:36 . 2009-07-14 01:41 76800 c:\windows\system32\vsstrace.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 61952 c:\windows\system32\vss_ps.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 38912 c:\windows\system32\vpnikeapi.dll

+ 2009-07-13 23:25 . 2009-07-14 01:41 21504 c:\windows\system32\virtdisk.dll

+ 2009-07-13 23:38 . 2009-07-13 23:38 15360 c:\windows\system32\vga.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 68096 c:\windows\system32\vfwwdm32.dll

+ 2009-07-13 23:57 . 2009-07-14 01:41 29184 c:\windows\system32\version.dll

+ 2009-07-13 23:57 . 2009-07-14 01:39 11776 c:\windows\system32\verclsid.exe

+ 2009-07-13 23:36 . 2009-07-14 01:41 55296 c:\windows\system32\vdsvd.dll

+ 2009-07-13 23:36 . 2009-07-14 01:39 22528 c:\windows\system32\vdsldr.exe

+ 2009-07-13 23:53 . 2009-07-14 01:39 40448 c:\windows\system32\VaultSysUi.exe

+ 2009-07-13 23:53 . 2009-07-14 01:41 80384 c:\windows\system32\VaultCredProvider.dll

+ 2009-07-13 23:53 . 2009-07-14 01:39 27136 c:\windows\system32\VaultCmd.exe

+ 2009-07-13 23:52 . 2009-07-14 01:41 41984 c:\windows\system32\vaultcli.dll

+ 2009-07-13 23:37 . 2009-07-14 01:41 38912 c:\windows\system32\uxsms.dll

+ 2009-07-13 23:54 . 2009-07-14 01:41 25088 c:\windows\system32\UXInit.dll

+ 2009-07-14 00:17 . 2009-07-14 01:41 34816 c:\windows\system32\utildll.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 30720 c:\windows\system32\userinit.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 84480 c:\windows\system32\UserAccountControlSettings.dll

+ 2009-07-14 00:06 . 2009-07-14 01:41 13312 c:\windows\system32\usbperf.dll

+ 2009-07-14 00:39 . 2009-07-14 01:41 45056 c:\windows\system32\usbmon.dll

+ 2009-07-14 00:06 . 2009-07-14 01:41 27648 c:\windows\system32\usbceip.dll

+ 2009-07-13 23:24 . 2009-07-14 01:41 29184 c:\windows\system32\ureg.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 25600 c:\windows\system32\upnpcont.exe

+ 2009-07-13 23:31 . 2009-07-14 01:39 40448 c:\windows\system32\unlodctr.exe

+ 2009-07-14 00:10 . 2009-07-14 01:41 23040 c:\windows\system32\uniplat.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 73216 c:\windows\system32\unimdmat.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 20480 c:\windows\system32\umdmxfrm.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 59904 c:\windows\system32\umb.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 42496 c:\windows\system32\uicom.dll

+ 2009-07-13 23:52 . 2009-07-14 01:39 40960 c:\windows\system32\UI0Detect.exe

+ 2009-07-13 23:25 . 2009-07-14 01:41 87040 c:\windows\system32\uexfat.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 53248 c:\windows\system32\udhisapi.dll

+ 2009-07-13 23:22 . 2009-07-14 01:39 41984 c:\windows\system32\ucsvc.exe

+ 2009-07-14 00:08 . 2009-07-14 01:41 57856 c:\windows\system32\ucmhc.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 58368 c:\windows\system32\tzutil.exe

+ 2009-07-13 23:31 . 2009-07-14 01:39 47104 c:\windows\system32\typeperf.exe

+ 2009-07-13 23:19 . 2009-07-14 01:41 11776 c:\windows\system32\txfw32.dll

+ 2009-07-14 00:20 . 2009-07-14 01:41 34816 c:\windows\system32\tvratings.dll

+ 2009-07-14 01:01 . 2009-06-10 20:31 34624 c:\windows\system32\TsWpfWrp.exe

+ 2009-07-14 00:16 . 2009-07-14 01:39 52224 c:\windows\system32\TSWbPrxy.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 12288 c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 40960 c:\windows\system32\TsUsbGDCoInstaller.dll

+ 2009-07-14 00:17 . 2009-07-14 01:39 46592 c:\windows\system32\TSTheme.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 86016 c:\windows\system32\TSpkg.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 44032 c:\windows\system32\tsgqec.dll

+ 2009-07-14 00:16 . 2009-07-14 00:16 17408 c:\windows\system32\tsddd.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 17408 c:\windows\system32\TSChannel.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 14848 c:\windows\system32\tsbyuv.dll

+ 2009-07-13 23:25 . 2009-07-13 23:25 18944 c:\windows\system32\tree.com

+ 2010-11-21 03:24 . 2010-11-21 03:24 21504 c:\windows\system32\TRAPI.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 39424 c:\windows\system32\traffic.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 13824 c:\windows\system32\TRACERT.EXE

+ 2009-07-13 23:21 . 2009-07-14 01:41 42496 c:\windows\system32\tpmcompc.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 73728 c:\windows\system32\tlscsp.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 33280 c:\windows\system32\timeout.exe

+ 2009-07-13 23:22 . 2009-07-14 01:41 10240 c:\windows\system32\TimeDateMUICallback.dll

+ 2009-07-13 23:54 . 2009-07-14 01:41 44544 c:\windows\system32\themeservice.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 10240 c:\windows\system32\TCPSVCS.EXE

+ 2009-07-14 00:39 . 2009-07-14 01:41 73216 c:\windows\system32\tcpmonui.dll

+ 2009-07-14 00:39 . 2009-07-14 01:41 38912 c:\windows\system32\tcpmib.dll

+ 2009-07-14 00:40 . 2009-07-14 01:39 15360 c:\windows\system32\tcmsetup.exe

+ 2009-07-13 23:21 . 2009-07-14 01:41 65536 c:\windows\system32\tbssvc.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 19968 c:\windows\system32\tbs.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 55296 c:\windows\system32\TaskSchdPS.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 69120 c:\windows\system32\taskhost.exe

+ 2009-07-14 00:41 . 2009-07-14 01:39 13312 c:\windows\system32\TapiUnattend.exe

+ 2009-07-14 00:41 . 2009-07-14 01:41 11776 c:\windows\system32\TapiSysprep.dll

+ 2009-07-14 00:40 . 2009-07-14 01:41 11264 c:\windows\system32\tapiperf.dll

+ 2009-07-14 00:40 . 2009-07-14 01:41 35328 c:\windows\system32\tapilua.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 63488 c:\windows\system32\takeown.exe

+ 2010-11-21 03:25 . 2010-11-21 03:25 92672 c:\windows\system32\TabSvc.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 78848 c:\windows\system32\tabcal.exe

+ 2009-07-14 00:01 . 2009-07-14 01:41 66560 c:\windows\system32\TabbtnEx.dll

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesRemote.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesProtection.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesPerformance.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesHardware.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesDataExecutionPrevention.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesComputerName.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system32\SystemPropertiesAdvanced.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 17408 c:\windows\system32\syssetup.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 23040 c:\windows\system32\sysntfy.dll

+ 2009-07-13 23:50 . 2009-07-14 01:39 33792 c:\windows\system32\syskey.exe

+ 2009-07-14 00:22 . 2009-07-14 01:41 73728 c:\windows\system32\Syncreg.dll

+ 2009-07-14 00:22 . 2009-07-14 01:41 37888 c:\windows\system32\SyncInfrastructureps.dll

+ 2009-07-14 00:21 . 2009-07-14 01:41 12800 c:\windows\system32\SyncHostps.dll

+ 2009-07-14 00:22 . 2009-07-14 01:39 43520 c:\windows\system32\SyncHost.exe

+ 2009-07-13 23:55 . 2009-07-14 01:41 95232 c:\windows\system32\synceng.dll

+ 2009-07-13 23:26 . 2009-07-14 01:39 35328 c:\windows\system32\sxstrace.exe

+ 2009-07-13 23:26 . 2009-07-14 01:41 27136 c:\windows\system32\sxsstore.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 31744 c:\windows\system32\sxssrv.dll

+ 2009-07-13 23:36 . 2009-07-14 01:41 42496 c:\windows\system32\sxshared.dll

+ 2009-07-13 23:36 . 2009-07-14 01:41 75776 c:\windows\system32\sxproxy.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 27136 c:\windows\system32\svchost.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 15360 c:\windows\system32\subst.exe

+ 2009-07-14 00:18 . 2009-07-14 01:45 24144 c:\windows\system32\streamci.dll

+ 2009-07-14 00:01 . 2009-07-14 01:41 70144 c:\windows\system32\Storprop.dll

+ 2009-07-13 23:57 . 2009-07-14 01:41 75776 c:\windows\system32\StorageContextHandler.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 66560 c:\windows\system32\stclient.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 75264 c:\windows\system32\sstpsvc.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\sspisrv.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 51200 c:\windows\system32\ssdpapi.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 13312 c:\windows\system32\sscore.dll

+ 2009-07-13 23:36 . 2009-07-14 01:41 26624 c:\windows\system32\srwmi.dll

+ 2009-07-13 23:36 . 2009-07-14 01:41 86528 c:\windows\system32\srhelper.dll

+ 2009-07-13 23:36 . 2009-07-14 01:39 18944 c:\windows\system32\srdelayed.exe

+ 2009-07-13 23:36 . 2009-07-14 01:41 50176 c:\windows\system32\srclient.dll

+ 2009-07-13 23:29 . 2009-07-14 01:41 13824 c:\windows\system32\spwinsat.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 65536 c:\windows\system32\sppuinotify.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 18944 c:\windows\system32\spopk.dll

+ 2009-07-14 00:39 . 2009-07-14 01:41 57856 c:\windows\system32\spoolss.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 39424 c:\windows\system32\spool\prtprocs\x64\winprint.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 59776 c:\windows\system32\spool\prtprocs\x64\LMIproc.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 65408 c:\windows\system32\spool\drivers\x64\LMIprinterui.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 65408 c:\windows\system32\spool\drivers\x64\LMIprinterdat.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 53120 c:\windows\system32\spool\drivers\x64\LMIprinter.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 65408 c:\windows\system32\spool\drivers\x64\3\LMIprinterui.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 65408 c:\windows\system32\spool\drivers\x64\3\LMIprinterdat.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 53120 c:\windows\system32\spool\drivers\x64\3\LMIprinter.dll

+ 2009-07-13 23:29 . 2009-07-14 01:41 10240 c:\windows\system32\spnet.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 97792 c:\windows\system32\spfileq.dll

+ 2009-07-14 00:34 . 2009-07-14 01:41 40448 c:\windows\system32\Speech\SpeechUX\SpeechUXPS.DLL

+ 2009-07-13 23:35 . 2009-07-14 01:41 13312 c:\windows\system32\spcmsg.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 78848 c:\windows\system32\spbcd.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 78848 c:\windows\system32\SortWindows6Compat.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 51200 c:\windows\system32\SortServer2003Compat.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 22528 c:\windows\system32\sort.exe

+ 2009-07-14 00:10 . 2009-07-14 01:39 14336 c:\windows\system32\snmptrap.exe

+ 2009-07-14 00:10 . 2009-07-14 01:41 27648 c:\windows\system32\snmpapi.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 15360 c:\windows\system32\slwga.dll

+ 2009-07-13 23:51 . 2009-07-14 01:41 18432 c:\windows\system32\slcext.dll

+ 2009-07-13 23:51 . 2009-07-14 01:41 30720 c:\windows\system32\slc.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 24064 c:\windows\system32\sisbkup.dll

+ 2009-07-13 23:27 . 2009-07-14 01:39 74752 c:\windows\system32\sigverif.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 54272 c:\windows\system32\signdrv.dll

+ 2009-07-13 23:50 . 2009-07-14 01:39 34304 c:\windows\system32\shutdown.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 11264 c:\windows\system32\shunimpl.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 17920 c:\windows\system32\shpafact.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system32\shimgvw.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 28160 c:\windows\system32\shgina.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 10240 c:\windows\system32\shfolder.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 45056 c:\windows\system32\sfc_os.dll

+ 2009-07-13 23:26 . 2009-07-14 01:39 39424 c:\windows\system32\sfc.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 57856 c:\windows\system32\setx.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 88576 c:\windows\system32\setupcl.exe

+ 2009-07-14 00:16 . 2009-07-14 01:41 67584 c:\windows\system32\Setup\tssysprep.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 57856 c:\windows\system32\Setup\pbkmigr.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 67072 c:\windows\system32\Setup\msdtcstp.dll

+ 2009-07-14 00:36 . 2009-07-14 01:40 35328 c:\windows\system32\Setup\FXSOCM.dll

+ 2009-07-14 00:09 . 2009-07-14 01:40 64000 c:\windows\system32\Setup\cmmigr.dll

+ 2009-07-13 23:50 . 2009-07-14 01:39 34816 c:\windows\system32\setspn.exe

+ 2011-07-06 08:48 . 2011-07-06 08:48 91648 c:\windows\system32\SetIEInstalledDate.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 63488 c:\windows\system32\setbcdlocale.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 22528 c:\windows\system32\serwvdrv.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 17920 c:\windows\system32\serialui.dll

+ 2009-07-14 00:00 . 2009-07-14 01:41 29184 c:\windows\system32\sensrsvc.dll

+ 2009-07-14 00:00 . 2009-07-14 01:41 93184 c:\windows\system32\SensorsClassExtension.dll

+ 2009-07-13 23:34 . 2009-07-14 01:41 15872 c:\windows\system32\SensApi.dll

+ 2009-07-13 23:34 . 2009-07-14 01:41 64512 c:\windows\system32\Sens.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 69632 c:\windows\system32\sendmail.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 28160 c:\windows\system32\secur32.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 30720 c:\windows\system32\seclogon.dll

+ 2009-07-13 23:35 . 2009-07-14 01:39 16896 c:\windows\system32\secinit.exe

+ 2009-07-13 23:49 . 2009-07-14 01:39 36864 c:\windows\system32\SecEdit.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 51200 c:\windows\system32\sdiagschd.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 23552 c:\windows\system32\sdiagnhost.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 34304 c:\windows\system32\sdhcinst.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 51712 c:\windows\system32\sdchange.exe

+ 2009-07-13 23:21 . 2009-07-14 01:39 23552 c:\windows\system32\sdbinst.exe

+ 2009-07-13 23:36 . 2009-07-14 01:41 48640 c:\windows\system32\sdautoplay.dll

+ 2009-07-13 23:56 . 2009-07-14 01:38 11264 c:\windows\system32\scrnsave.scr

+ 2009-07-14 00:29 . 2009-07-14 01:41 77312 c:\windows\system32\scripto.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 24064 c:\windows\system32\schedcli.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 89088 c:\windows\system32\scext.dll

+ 2009-07-13 23:50 . 2009-07-14 01:41 65536 c:\windows\system32\sccls.dll

+ 2009-07-13 23:50 . 2009-07-14 01:41 82432 c:\windows\system32\SCardDlg.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 45056 c:\windows\system32\sc.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 13824 c:\windows\system32\sbunattend.exe

+ 2009-07-14 00:20 . 2009-07-14 01:32 65536 c:\windows\system32\sberes.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 12800 c:\windows\system32\sas.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 67584 c:\windows\system32\samcli.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 56832 c:\windows\system32\runonce.exe

+ 2009-07-13 23:57 . 2009-07-14 01:39 58880 c:\windows\system32\RunLegacyCPLElevated.exe

+ 2009-07-13 23:57 . 2009-07-14 01:39 45568 c:\windows\system32\rundll32.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 20480 c:\windows\system32\runas.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 52224 c:\windows\system32\rtutils.dll

+ 2011-06-09 19:34 . 2011-06-09 19:34 74272 c:\windows\system32\RtNicProp64.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 41984 c:\windows\system32\rtffilt.dll

+ 2009-07-13 23:57 . 2009-07-14 01:41 53760 c:\windows\system32\rshx32.dll

+ 2009-07-14 00:19 . 2009-07-14 01:39 55808 c:\windows\system32\rrinstaller.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 65536 c:\windows\system32\RpcRtRemote.dll

+ 2009-07-13 23:59 . 2009-07-14 01:39 30208 c:\windows\system32\RpcPing.exe

+ 2009-07-13 23:59 . 2009-07-14 01:41 31744 c:\windows\system32\rpcnsh.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 52736 c:\windows\system32\RPCNDFP.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 67072 c:\windows\system32\RpcEpMap.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 21504 c:\windows\system32\ROUTE.EXE

+ 2009-07-13 23:35 . 2009-07-14 01:39 16896 c:\windows\system32\RmClient.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 10752 c:\windows\system32\riched32.dll

+ 2009-07-13 23:34 . 2009-07-14 01:41 86016 c:\windows\system32\resutils.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 19968 c:\windows\system32\replace.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 51712 c:\windows\system32\repair-bde.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 43008 c:\windows\system32\relog.exe

+ 2009-07-13 23:50 . 2009-07-14 01:39 69120 c:\windows\system32\rekeywiz.exe

+ 2009-07-14 00:14 . 2009-07-14 01:39 19456 c:\windows\system32\regsvr32.exe

+ 2011-07-06 08:48 . 2011-07-06 08:48 89088 c:\windows\system32\RegisterIEPKEYs.exe

+ 2009-07-14 00:14 . 2009-07-14 01:39 47104 c:\windows\system32\regini.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 14336 c:\windows\system32\regidle.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 10240 c:\windows\system32\regedt32.exe

+ 2009-07-13 23:57 . 2009-07-14 01:41 49152 c:\windows\system32\RegCtrl.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 95232 c:\windows\system32\regapi.dll

+ 2009-07-13 23:26 . 2009-07-14 01:39 74752 c:\windows\system32\reg.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 12800 c:\windows\system32\recover.exe

+ 2009-07-13 23:32 . 2009-07-14 01:39 20480 c:\windows\system32\ReAgentc.exe

+ 2009-07-13 23:32 . 2009-07-14 01:39 40448 c:\windows\system32\rdrleakdiag.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 77312 c:\windows\system32\rdpwsx.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 23040 c:\windows\system32\rdprefdrvapi.dll

+ 2009-07-14 00:16 . 2009-07-14 01:32 32256 c:\windows\system32\RDPREFDD.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 68096 c:\windows\system32\rdpd3d.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 10240 c:\windows\system32\rdpcfgex.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 82432 c:\windows\system32\rastapi.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 29696 c:\windows\system32\rasser.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 42496 c:\windows\system32\rasphone.exe

+ 2009-07-14 00:10 . 2009-07-14 01:41 41472 c:\windows\system32\rasmxs.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 57344 c:\windows\system32\rasmbmgr.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 18944 c:\windows\system32\rasdial.exe

+ 2009-07-14 00:08 . 2009-07-14 01:41 76288 c:\windows\system32\rasdiag.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 17408 c:\windows\system32\rasctrs.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 95744 c:\windows\system32\rascfg.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 17920 c:\windows\system32\rasautou.exe

+ 2009-07-14 00:10 . 2009-07-14 01:41 99328 c:\windows\system32\rasauto.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 16384 c:\windows\system32\rasadhlp.dll

+ 2009-07-13 23:32 . 2009-07-14 01:41 71168 c:\windows\system32\radarrs.dll

+ 2009-07-13 23:32 . 2009-07-14 01:41 97792 c:\windows\system32\radardt.dll

+ 2011-07-06 08:46 . 2010-11-02 21:33 14051 c:\windows\system32\RaCoInst.dat

+ 2009-07-13 23:46 . 2009-07-14 01:41 44544 c:\windows\system32\qmgrprxy.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 79872 c:\windows\system32\QCLIPROV.DLL

+ 2009-07-13 23:49 . 2009-07-14 01:41 55296 c:\windows\system32\pwrshplugin.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 36352 c:\windows\system32\pstorsvc.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 52736 c:\windows\system32\pstorec.dll

+ 2009-07-13 23:19 . 2009-07-14 01:45 57424 c:\windows\system32\PSHED.DLL

+ 2009-07-13 23:49 . 2009-07-14 01:41 52224 c:\windows\system32\psbase.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 31744 c:\windows\system32\proquota.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 33792 c:\windows\system32\profprov.dll

+ 2009-07-13 23:20 . 2009-07-14 01:41 44032 c:\windows\system32\profapi.dll

+ 2009-07-13 23:22 . 2009-07-14 01:41 10240 c:\windows\system32\procinst.dll

+ 2009-07-14 00:40 . 2009-07-14 01:39 61952 c:\windows\system32\printui.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 48128 c:\windows\system32\PrintIsolationProxy.dll

+ 2009-07-14 00:39 . 2009-07-14 01:39 18944 c:\windows\system32\PrintIsolationHost.exe

+ 2010-11-21 07:06 . 2010-11-21 07:06 51462 c:\windows\system32\Printing_Admin_Scripts\en-US\prnqctl.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 56756 c:\windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 81048 c:\windows\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 69882 c:\windows\system32\Printing_Admin_Scripts\en-US\prnjobs.vbs

+ 2010-11-21 07:06 . 2010-11-21 07:06 51312 c:\windows\system32\Printing_Admin_Scripts\en-US\prndrvr.vbs

+ 2009-07-14 00:40 . 2009-07-14 01:41 35840 c:\windows\system32\printfilterpipelineprxy.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 15360 c:\windows\system32\print.exe

+ 2009-07-13 23:19 . 2009-07-14 01:32 17408 c:\windows\system32\prflbmsg.dll

+ 2011-10-29 22:00 . 2011-02-18 10:51 31232 c:\windows\system32\prevhost.exe

+ 2009-07-13 23:27 . 2009-07-14 01:39 71168 c:\windows\system32\powercfg.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 27136 c:\windows\system32\pots.dll

+ 2009-07-14 00:21 . 2009-07-14 01:41 77824 c:\windows\system32\PortableDeviceConnectApi.dll

+ 2009-07-14 00:11 . 2009-07-14 01:41 86016 c:\windows\system32\pnrpnsp.dll

+ 2009-07-14 00:11 . 2009-07-14 01:41 78336 c:\windows\system32\Pnrphc.dll

+ 2009-07-14 00:11 . 2009-07-14 01:41 25088 c:\windows\system32\pnrpauto.dll

+ 2009-07-13 23:35 . 2009-07-14 01:41 55808 c:\windows\system32\PNPXAssocPrx.dll

+ 2009-07-13 23:35 . 2009-07-14 01:41 93184 c:\windows\system32\PNPXAssoc.dll

+ 2009-07-13 23:27 . 2009-07-14 01:39 36352 c:\windows\system32\PnPutil.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 62976 c:\windows\system32\PnPUnattend.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 12288 c:\windows\system32\pnpts.dll

+ 2009-07-13 23:27 . 2009-07-14 01:32 86528 c:\windows\system32\pnpsetup.dll

+ 2011-07-06 08:48 . 2011-07-06 08:48 65024 c:\windows\system32\pngfilt.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 84992 c:\windows\system32\PlaySndSrv.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 16896 c:\windows\system32\PING.EXE

+ 2010-11-21 03:24 . 2010-11-21 03:24 35328 c:\windows\system32\pifmgr.dll

+ 2009-07-14 00:19 . 2009-07-14 01:41 46080 c:\windows\system32\pid.dll

+ 2009-07-14 00:17 . 2009-07-14 01:41 18944 c:\windows\system32\perfts.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 38400 c:\windows\system32\perfproc.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 29696 c:\windows\system32\perfos.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 23040 c:\windows\system32\perfnet.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 35328 c:\windows\system32\perfdisk.dll

+ 2009-07-14 02:36 . 2009-07-14 01:00 31548 c:\windows\system32\perfd009.dat

+ 2009-07-13 23:31 . 2009-07-14 01:41 44544 c:\windows\system32\perfctrs.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 58368 c:\windows\system32\pdhui.dll

+ 2009-07-13 23:31 . 2009-07-14 01:40 19968 c:\windows\system32\pcwutl.dll

+ 2009-07-13 23:19 . 2009-07-14 01:41 36864 c:\windows\system32\pcwum.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 13824 c:\windows\system32\pcwrun.exe

+ 2009-07-13 23:32 . 2009-07-14 01:39 11264 c:\windows\system32\pcawrk.exe

+ 2009-07-13 23:32 . 2009-07-14 01:39 18432 c:\windows\system32\pcaui.exe

+ 2009-07-13 23:32 . 2009-07-14 01:41 97280 c:\windows\system32\pcaui.dll

+ 2009-07-13 23:32 . 2009-07-14 01:41 37376 c:\windows\system32\pcadm.dll

+ 2009-07-13 23:53 . 2009-07-14 01:41 50176 c:\windows\system32\pautoenr.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 15360 c:\windows\system32\PATHPING.EXE

+ 2009-07-13 23:56 . 2009-07-14 01:41 13312 c:\windows\system32\panmap.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 79360 c:\windows\system32\packager.dll

+ 2009-07-13 23:35 . 2009-07-14 01:41 25088 c:\windows\system32\osbaseln.dll

+ 2009-07-13 23:56 . 2009-07-14 01:39 97792 c:\windows\system32\OptionalFeatures.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 79872 c:\windows\system32\openfiles.exe

+ 2009-07-13 23:31 . 2009-07-14 01:41 59392 c:\windows\system32\oobe\WinLGDep.dll

+ 2009-07-13 23:28 . 2009-07-14 01:41 58368 c:\windows\system32\oobe\wdsutil.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 57856 c:\windows\system32\oobe\spprgrss.dll

+ 2009-07-13 23:31 . 2009-07-14 01:39 24064 c:\windows\system32\oobe\setupsqm.exe

+ 2009-07-13 23:27 . 2009-07-14 01:41 81920 c:\windows\system32\oobe\pnpibs.dll

+ 2009-07-13 23:29 . 2009-07-14 01:39 59904 c:\windows\system32\oobe\oobeldr.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 71168 c:\windows\system32\oobe\msoobe.exe

+ 2009-07-13 23:31 . 2009-07-14 01:40 91136 c:\windows\system32\oobe\DU.dll

+ 2009-07-13 23:30 . 2009-07-14 01:41 38912 c:\windows\system32\oobe\diagER.dll

+ 2009-07-13 23:29 . 2009-07-14 01:38 74240 c:\windows\system32\oobe\audit.exe

+ 2009-07-13 23:59 . 2009-07-14 01:31 25600 c:\windows\system32\oleres.dll

+ 2009-07-13 23:38 . 2009-07-14 01:41 10752 c:\windows\system32\oleacchooks.dll

+ 2009-07-14 00:28 . 2009-07-14 01:39 40960 c:\windows\system32\odbcconf.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 53248 c:\windows\system32\odbcconf.dll

+ 2009-07-14 00:28 . 2009-07-14 01:41 57344 c:\windows\system32\odbcbcp.dll

+ 2009-07-14 00:28 . 2009-07-14 01:39 90112 c:\windows\system32\odbcad32.exe

+ 2009-07-14 00:28 . 2009-07-14 01:41 28672 c:\windows\system32\odbc32gt.dll

+ 2011-10-29 21:43 . 2011-07-16 05:39 16384 c:\windows\system32\ntvdm64.dll

+ 2009-07-14 00:39 . 2009-07-14 01:39 61952 c:\windows\system32\ntprint.exe

+ 2009-07-13 23:57 . 2009-07-14 01:41 17920 c:\windows\system32\ntlanui2.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 25600 c:\windows\system32\nsisvc.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 13824 c:\windows\system32\nsi.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 35328 c:\windows\system32\nshhttp.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 15360 c:\windows\system32\nrpsrv.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 31744 c:\windows\system32\npmproxy.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 31232 c:\windows\system32\Nlsdl.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 69120 c:\windows\system32\nlsbres.dll

+ 2009-07-14 00:12 . 2009-07-14 01:41 13824 c:\windows\system32\nlmsprep.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 70656 c:\windows\system32\nlaapi.dll

+ 2009-07-13 23:27 . 2009-07-14 01:39 76288 c:\windows\system32\newdev.exe

+ 2009-07-14 00:08 . 2009-07-14 01:41 53248 c:\windows\system32\networkitemfactory.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\netutils.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 31744 c:\windows\system32\NETSTAT.EXE

+ 2009-07-14 00:10 . 2009-07-14 01:39 87040 c:\windows\system32\netsh.exe

+ 2009-07-13 23:55 . 2009-07-14 01:39 27136 c:\windows\system32\Netplwiz.exe

+ 2009-07-14 00:09 . 2009-07-14 01:39 26624 c:\windows\system32\netiougc.exe

+ 2010-11-21 03:23 . 2010-11-21 03:23 48976 c:\windows\system32\netfxperf.dll

+ 2009-07-13 23:20 . 2009-07-14 01:30 18944 c:\windows\system32\netevent.dll

+ 2009-07-13 23:29 . 2009-07-14 01:39 32256 c:\windows\system32\netcfg.exe

+ 2009-07-14 00:09 . 2009-07-14 01:39 25088 c:\windows\system32\netbtugc.exe

+ 2009-07-14 00:09 . 2009-07-14 01:41 18944 c:\windows\system32\netbios.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 72704 c:\windows\system32\netapi32.dll

+ 2009-07-13 23:53 . 2009-07-14 01:39 55808 c:\windows\system32\net.exe

+ 2009-07-14 00:07 . 2009-07-14 01:41 20480 c:\windows\system32\ndproxystub.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 92160 c:\windows\system32\ndishc.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 47104 c:\windows\system32\ndiscapCfg.dll

+ 2009-07-14 00:07 . 2009-07-14 01:41 33280 c:\windows\system32\ndfetw.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 11264 c:\windows\system32\nddeapi.dll

+ 2009-07-13 23:27 . 2009-07-14 01:39 74752 c:\windows\system32\ndadmin.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 66048 c:\windows\system32\ncryptui.dll

+ 2009-07-13 23:47 . 2009-07-14 01:41 69120 c:\windows\system32\ncobjapi.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 90112 c:\windows\system32\nci.dll

+ 2009-07-13 23:35 . 2009-07-14 01:41 24064 c:\windows\system32\NcdProp.dll

+ 2009-07-14 00:09 . 2009-07-14 01:39 17920 c:\windows\system32\nbtstat.exe

+ 2009-07-13 23:40 . 2009-07-14 01:41 15360 c:\windows\system32\NativeHooks.dll

+ 2009-07-14 00:07 . 2009-07-14 01:41 43520 c:\windows\system32\napipsec.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 68096 c:\windows\system32\NapiNSP.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 72192 c:\windows\system32\napdsnap.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 50176 c:\windows\system32\NAPCRYPT.DLL

+ 2010-11-21 03:24 . 2010-11-21 03:24 51712 c:\windows\system32\MultiDigiMon.exe

+ 2009-07-13 23:22 . 2009-07-14 01:39 83456 c:\windows\system32\MuiUnattend.exe

+ 2009-07-13 23:56 . 2009-07-14 01:41 12800 c:\windows\system32\MUILanguageCleanup.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 16896 c:\windows\system32\muifontsetup.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 11600 c:\windows\system32\MUI\0409\mscorees.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 10240 c:\windows\system32\mtxex.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 29696 c:\windows\system32\mtxdm.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 25600 c:\windows\system32\msyuv.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 38912 c:\windows\system32\msvidc32.dll

+ 2009-07-13 23:18 . 2009-07-14 01:41 78336 c:\windows\system32\msvcirt.dll

+ 2009-07-14 00:33 . 2009-07-14 01:41 19456 c:\windows\system32\msswch.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 50688 c:\windows\system32\mssign32.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 14848 c:\windows\system32\msshooks.dll

+ 2011-10-29 22:00 . 2011-05-04 05:22 75264 c:\windows\system32\msscntrs.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 16384 c:\windows\system32\msrle32.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 51712 c:\windows\system32\MsRdpWebAccess.dll

+ 2009-07-13 23:56 . 2009-07-14 01:41 53248 c:\windows\system32\msports.dll

+ 2009-07-14 00:20 . 2009-07-14 01:41 54272 c:\windows\system32\MsPbdaCoInst.dll

+ 2009-07-13 23:21 . 2009-07-14 01:41 46592 c:\windows\system32\mspatcha.dll

+ 2009-07-13 23:19 . 2009-07-14 01:29 60416 c:\windows\system32\msobjs.dll

+ 2009-07-14 00:00 . 2009-07-14 01:41 11264 c:\windows\system32\msmmsp.dll

+ 2009-07-13 23:48 . 2009-07-14 01:41 27136 c:\windows\system32\msisip.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 41984 c:\windows\system32\msimtf.dll

+ 2009-07-13 23:47 . 2009-07-14 01:29 25088 c:\windows\system32\msimsg.dll

+ 2009-07-13 23:48 . 2009-07-14 01:41 19968 c:\windows\system32\msiltcfg.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 11264 c:\windows\system32\msidle.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 64512 c:\windows\system32\msident.dll

+ 2009-07-13 23:31 . 2009-07-14 01:41 44544 c:\windows\system32\MsiCofire.dll

+ 2011-07-06 08:48 . 2011-07-06 08:48 48640 c:\windows\system32\mshtmler.dll

+ 2011-12-28 03:12 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll

+ 2011-07-06 08:48 . 2011-07-06 08:48 12288 c:\windows\system32\mshta.exe

+ 2011-07-06 08:48 . 2011-07-06 08:48 10752 c:\windows\system32\msfeedssync.exe

+ 2011-07-06 08:48 . 2011-07-06 08:48 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-07-13 23:59 . 2009-07-14 01:29 21504 c:\windows\system32\msdtcVSp1res.dll

+ 2009-07-13 21:51 . 2009-06-10 20:31 19429 c:\windows\system32\Msdtc\Trace\msdtcvtr.bat

+ 2010-11-21 03:23 . 2010-11-21 03:23 35840 c:\windows\system32\msdmo.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 28160 c:\windows\system32\MsCtfMonitor.dll

+ 2009-07-13 20:37 . 2009-06-10 20:40 73040 c:\windows\system32\mscories.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 10240 c:\windows\system32\mscat32.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 46592 c:\windows\system32\msasn1.dll

+ 2009-07-14 00:18 . 2009-07-14 01:38 25600 c:\windows\system32\msacm32.drv

+ 2009-07-14 00:18 . 2009-07-14 01:41 83456 c:\windows\system32\msacm32.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 12800 c:\windows\system32\MRINFO.EXE

+ 2009-07-14 00:09 . 2009-07-14 01:41 97792 c:\windows\system32\mprdim.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 80896 c:\windows\system32\mpr.dll

+ 2009-07-13 23:52 . 2009-07-14 01:39 17408 c:\windows\system32\mpnotify.exe

+ 2009-07-13 23:25 . 2009-07-14 01:39 14848 c:\windows\system32\mountvol.exe

+ 2009-07-13 23:25 . 2009-07-13 23:25 24576 c:\windows\system32\more.com

+ 2009-07-13 23:38 . 2009-07-14 01:41 19968 c:\windows\system32\montr_ci.dll

+ 2009-07-13 23:25 . 2009-07-13 23:25 30208 c:\windows\system32\mode.com

+ 2009-07-14 00:22 . 2009-07-14 01:41 67584 c:\windows\system32\mmcss.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 15360 c:\windows\system32\mmcico.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 74752 c:\windows\system32\mmci.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 41472 c:\windows\system32\mimefilt.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 78336 c:\windows\system32\migwiz\replacementmanifests\WindowsSearchEngine\WSearchMigPlugin.dll

+ 2009-07-14 00:06 . 2009-07-14 01:41 79872 c:\windows\system32\migwiz\replacementmanifests\Usb\usbmigplugin.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 23552 c:\windows\system32\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\gameuxmig.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 76288 c:\windows\system32\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\audmigplugin.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 85504 c:\windows\system32\migwiz\replacementmanifests\microsoft-activedirectory-webservices\adwsmigrate.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 40960 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 24064 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imtcmig.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 36864 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imscmig.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 47104 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 40448 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 64000 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\cmmigr.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 82432 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\bridgemigplugin.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 67072 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\msdtcstp.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 59392 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll

+ 2009-07-14 00:06 . 2009-07-14 01:41 86016 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll

+ 2009-07-13 23:52 . 2009-07-14 01:41 90112 c:\windows\system32\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\adfsmig.dll

+ 2009-07-13 23:49 . 2009-07-14 01:41 85504 c:\windows\system32\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\adwsmigrate.dll

+ 2009-07-13 23:46 . 2009-07-14 01:41 80384 c:\windows\system32\migwiz\dlmanifests\BITSExtensions-Server\bitsmig.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 57856 c:\windows\system32\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\pbkmigr-Mig.dll

+ 2009-07-14 00:29 . 2009-07-14 01:41 78336 c:\windows\system32\migration\WSearchMigPlugin.dll

+ 2011-12-28 03:12 . 2011-11-04 01:41 86528 c:\windows\system32\migration\WininetPlugin.dll

+ 2009-07-14 00:06 . 2009-07-14 01:41 79872 c:\windows\system32\migration\usbmigplugin.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 40960 c:\windows\system32\migration\TableTextServiceMig.dll

+ 2009-07-14 00:34 . 2009-07-14 01:41 52736 c:\windows\system32\migration\SCGMigPlugin.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 72192 c:\windows\system32\migration\netiomig.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 60416 c:\windows\system32\migration\IphlpsvcMigPlugin.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 24064 c:\windows\system32\migration\imtcmig.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 36864 c:\windows\system32\migration\imscmig.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 47104 c:\windows\system32\migration\imkrmig.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 40448 c:\windows\system32\migration\imjpmig.dll

+ 2009-07-13 23:55 . 2009-07-14 01:40 23552 c:\windows\system32\migration\gameuxmig.dll

+ 2009-07-13 23:59 . 2009-07-14 01:40 59392 c:\windows\system32\migration\commig.dll

+ 2009-07-14 00:06 . 2009-07-14 01:40 86016 c:\windows\system32\migration\bthmigplugin.dll

+ 2009-07-14 00:08 . 2009-07-14 01:40 82432 c:\windows\system32\migration\bridgemigplugin.dll

+ 2009-07-14 00:18 . 2009-07-14 01:40 76288 c:\windows\system32\migration\audmigplugin.dll

+ 2009-07-13 23:28 . 2009-07-14 01:48 91728 c:\windows\system32\MigAutoPlay.exe

+ 2009-07-14 00:18 . 2009-07-14 01:41 20480 c:\windows\system32\midimap.dll

+ 2009-07-13 23:35 . 2009-07-14 01:28 25088 c:\windows\system32\microsoft-windows-kernel-processor-power-events.dll

+ 2009-07-13 23:35 . 2009-07-14 01:28 51712 c:\windows\system32\microsoft-windows-kernel-power-events.dll

+ 2009-07-14 00:10 . 2009-07-14 01:41 22528 c:\windows\system32\mgmtapi.dll

+ 2009-07-14 00:22 . 2009-07-14 01:41 70144 c:\windows\system32\mfvdsp.dll

+ 2009-07-14 00:18 . 2009-07-14 01:39 24576 c:\windows\system32\mfpmp.exe

+ 2009-07-14 00:18 . 2009-07-14 01:41 93696 c:\windows\system32\mfmjpegdec.dll

+ 2009-07-13 23:59 . 2009-07-14 01:41 33792 c:\windows\system32\mfcsubs.dll

+ 2009-07-13 23:38 . 2009-07-14 01:41 55808 c:\windows\system32\mf3216.dll

+ 2009-07-13 23:32 . 2009-07-14 01:41 18432 c:\windows\system32\memdiag.dll

+ 2009-07-13 23:32 . 2009-07-14 01:39 88576 c:\windows\system32\MdRes.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 84992 c:\windows\system32\Mcx2Svc.dll

+ 2009-07-13 23:22 . 2009-07-14 01:48 32832 c:\windows\system32\mcupdate_AuthenticAMD.dll

+ 2009-07-13 23:54 . 2009-07-14 01:39 97280 c:\windows\system32\mctadmin.exe

+ 2009-07-14 00:18 . 2009-07-14 01:41 28672 c:\windows\system32\mciwave.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 28672 c:\windows\system32\mciseq.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 41472 c:\windows\system32\mciqtz32.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 48128 c:\windows\system32\mcicda.dll

+ 2009-07-14 00:18 . 2009-07-14 01:41 96256 c:\windows\system32\mciavi32.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 91648 c:\windows\system32\mapistub.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 91648 c:\windows\system32\mapi32.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 79872 c:\windows\system32\manage-bde.exe

+ 2009-07-13 23:40 . 2009-07-14 01:41 48128 c:\windows\system32\Magnification.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 48640 c:\windows\system32\luainstall.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 50176 c:\windows\system32\lsmproxy.dll

+ 2011-12-29 14:41 . 2011-12-29 13:07 16432 c:\windows\system32\lsdelete.exe

+ 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe

+ 2009-07-13 23:56 . 2009-07-14 01:39 71168 c:\windows\system32\lpremove.exe

+ 2009-07-13 23:38 . 2009-07-14 01:41 41984 c:\windows\system32\lpk.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 27648 c:\windows\system32\LogonUI.exe

+ 2009-07-13 23:46 . 2009-07-14 01:41 91136 c:\windows\system32\loghours.dll

+ 2012-04-22 06:04 . 2012-05-19 01:07 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2009-07-13 23:31 . 2009-07-14 01:39 50176 c:\windows\system32\lodctr.exe

+ 2009-07-13 23:59 . 2009-07-14 01:39 10240 c:\windows\system32\Locator.exe

+ 2009-07-14 00:00 . 2009-07-14 01:39 90112 c:\windows\system32\LocationNotifications.exe

+ 2009-07-14 00:39 . 2009-07-14 01:41 17408 c:\windows\system32\localui.dll

+ 2011-10-30 16:29 . 2011-09-26 07:17 87456 c:\windows\system32\LMIRfsClientNP.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 34688 c:\windows\system32\LMIport.dll

+ 2011-09-16 04:10 . 2011-09-16 04:10 14624 c:\windows\system32\lmimirr2.dll

+ 2011-09-16 04:10 . 2011-09-16 04:10 35616 c:\windows\system32\lmimirr.dll

+ 2011-10-30 16:29 . 2011-09-26 07:16 80768 c:\windows\system32\LMIinit.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 23552 c:\windows\system32\lmhsvc.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 49664 c:\windows\system32\lltdapi.dll

+ 2009-07-13 23:55 . 2009-07-14 01:41 29696 c:\windows\system32\linkinfo.dll

+ 2011-07-06 08:48 . 2011-07-06 08:48 30720 c:\windows\system32\licmgr10.dll

+ 2009-07-14 00:23 . 2009-07-14 01:41 11776 c:\windows\system32\LAPRXY.DLL

+ 2009-07-13 23:56 . 2009-07-14 01:41 35840 c:\windows\system32\LangCleanupSysprepAction.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 16384 c:\windows\system32\label.exe

+ 2009-07-14 00:07 . 2009-07-14 01:41 62464 c:\windows\system32\l2nacp.dll

+ 2009-07-14 00:07 . 2009-07-14 01:41 71168 c:\windows\system32\l2gpstore.dll

+ 2009-07-13 23:19 . 2009-07-14 01:41 23040 c:\windows\system32\ktmw32.dll

+ 2009-07-13 23:25 . 2009-07-14 01:39 16896 c:\windows\system32\ktmutil.exe

+ 2009-07-13 23:50 . 2009-07-14 01:39 43008 c:\windows\system32\ksetup.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 90624 c:\windows\system32\KMSVC.DLL

+ 2009-07-13 23:50 . 2009-07-14 01:39 35328 c:\windows\system32\klist.exe

+ 2009-07-13 23:49 . 2009-07-14 01:41 29184 c:\windows\system32\keyiso.dll

+ 2009-07-13 23:26 . 2009-07-14 01:41 18432 c:\windows\system32\kernelceip.dll

+ 2011-05-16 07:36 . 2011-05-16 07:36 20352 c:\windows\system32\kdusb.dll

+ 2011-05-16 07:36 . 2011-05-16 07:36 17792 c:\windows\system32\kdcom.dll

+ 2011-05-16 07:36 . 2011-05-16 07:36 19328 c:\windows\system32\kd1394.dll

+ 2009-07-13 23:37 . 2009-07-14 01:28 10240 c:\windows\system32\kbdnecat.dll

+ 2009-07-13 23:37 . 2009-07-14 01:41 12288 c:\windows\system32\KBDKOR.DLL

+ 2009-07-13 23:37 . 2009-07-14 01:41 12800 c:\windows\system32\KBDJPN.DLL

+ 2011-12-28 03:12 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll

+ 2011-08-30 12:05 . 2011-08-30 12:05 61288 c:\windows\system32\jdns_sd.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 54272 c:\windows\system32\iyuv_32.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 91648 c:\windows\system32\isoburn.exe

+ 2009-07-14 00:01 . 2009-07-14 01:41 89088 c:\windows\system32\iscsiwmi.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 37376 c:\windows\system32\iscsium.dll

+ 2009-07-14 00:01 . 2009-07-14 01:28 16384 c:\windows\system32\iscsilog.dll

+ 2009-07-14 00:01 . 2009-07-14 01:41 10240 c:\windows\system32\iscsied.dll

+ 2009-07-14 00:01 . 2009-07-14 01:41 77312 c:\windows\system32\iscsidsc.dll

+ 2009-07-14 00:09 . 2009-07-14 01:41 23552 c:\windows\system32\irmon.dll

+ 2009-07-14 00:08 . 2009-07-14 01:41 18432 c:\windows\system32\irclass.dll

+ 2009-07-14 00:10 . 2009-07-14 01:39 58368 c:\windows\system32\ipconfig.exe

+ 2009-07-13 23:35 . 2009-07-14 01:41 12800 c:\windows\system32\IPBusEnumProxy.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 14848 c:\windows\system32\IntcDAuC.dll

+ 2009-07-13 23:26 . 2009-07-14 01:39 10240 c:\windows\system32\InfDefaultInstall.exe

+ 2009-07-13 23:58 . 2009-07-14 01:28 84480 c:\windows\system32\INETRES.dll

+ 2009-07-14 00:39 . 2009-07-14 01:41 22528 c:\windows\system32\inetppui.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 65536 c:\windows\system32\inetmib1.dll

+ 2011-07-06 08:48 . 2011-07-06 08:48 49664 c:\windows\system32\imgutil.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 14336 c:\windows\system32\IME\shared\res\padrs804.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 22016 c:\windows\system32\IME\shared\res\padrs412.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 23552 c:\windows\system32\IME\shared\res\padrs411.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 13824 c:\windows\system32\IME\shared\res\padrs404.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 19968 c:\windows\system32\IME\shared\imever.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 45568 c:\windows\system32\IME\shared\IMEPADSM.DLL

+ 2009-07-13 23:39 . 2009-07-14 01:41 40448 c:\windows\system32\IME\shared\imecfm.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 68608 c:\windows\system32\IME\shared\IMEAPIS.DLL

+ 2009-07-13 23:39 . 2009-07-14 01:41 60928 c:\windows\system32\IME\IMETC10\applets\IMTCDIC.dll

+ 2009-07-13 23:39 . 2009-07-14 01:41 69632 c:\windows\system32\IME\IMESC5\PMIGRATE.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 64000 c:\windows\system32\IME\imekr8\imkrudt.dll

+ 2009-07-13 23:40 . 2009-07-14 01:41 99840 c:\windows\system32\IME\imekr8\dicts\imkrhjd.dll

+ 2009-07-13 23:39 . 2009-07-14 01:39 61952 c:\windows\system32\IME\IMEJP10\IMJPUEX.EXE

+ 2009-07-13 23:40 . 2009-07-14 01:39 30208 c:\windows\system32\IME\IMEJP10\imjppdmg.exe

+ 2009-07-13 23:39 . 2009-07-14 01:39 79360 c:\windows\system32\IME\IMEJP10\IMJPMGR.EXE

+ 2009-07-13 23:39 . 2009-07-14 01:39 82432 c:\windows\system32\IME\IMEJP10\IMJPDSVR.EXE

+ 2009-07-13 23:39 . 2009-07-14 01:41 46080 c:\windows\system32\IME\IMEJP10\IMJPDCTP.DLL

+ 2009-07-13 23:39 . 2009-07-14 01:39 18432 c:\windows\system32\IME\IMEJP10\IMJPDADM.EXE

[paoktzi]

2009-07-14 01:20 . 2009-07-14 01:40 3420160 c:\windows\system32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\EP0NOE18.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 3237376 c:\windows\system32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\EP0NOE14.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 2379776 c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NUI60.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 1632768 c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NREUJ.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 2166784 c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NRA8G.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 3022336 c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NOE04.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 2799616 c:\windows\system32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\EP0NOE03.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 1878528 c:\windows\system32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0LB03B.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:26 9625088 c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBUR4.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 2809856 c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBUI4.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:26 1854464 c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBSR4.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1599488 c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBPC4_2.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:26 4047872 c:\windows\system32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBLR4.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:26 6068224 c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBUR.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 1936384 c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBUI3.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:26 1598976 c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBSR.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:25 2135040 c:\windows\system32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\Amd64\CNBLR.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00h.inf_amd64_neutral_96a8e38189e54d71\Amd64\CNBP_288.DLL

+ 2009-07-14 01:20 . 2009-07-14 01:40 2775040 c:\windows\system32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\CNBXUI4.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1085440 c:\windows\system32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\CNBP_281.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_300.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_298.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_297.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_295.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\CNBP_294.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1967104 c:\windows\system32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\CNBMR310.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 2899968 c:\windows\system32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\CNBMR285.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1724416 c:\windows\system32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\CNBMR284.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\CNBP_332.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1724416 c:\windows\system32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\CNBMR284.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\CNBP_327.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\CNBP_326.DLL

+ 2009-07-14 01:17 . 2009-07-14 01:30 1026048 c:\windows\system32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\CNBP_325.DLL

+ 2009-06-10 20:32 . 2009-06-10 20:32 1512832 c:\windows\system32\DriverStore\FileRepository\ph6xib64c1.inf_amd64_neutral_68c99681343e9b68\Ph6xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1512832 c:\windows\system32\DriverStore\FileRepository\ph6xib64c0.inf_amd64_neutral_a43df8f7441e1c61\Ph6xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc9.inf_amd64_neutral_ff3a566e4b6ba035\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc7.inf_amd64_neutral_348f512722c79525\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc6.inf_amd64_neutral_2818f7b3b62bdd39\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc5.inf_amd64_neutral_2270382453de2dbb\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc3.inf_amd64_neutral_1da6abc36a79974f\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc12.inf_amd64_neutral_ff7295ba5a46d63f\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc11.inf_amd64_neutral_bb18e5f134c40c68\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc10.inf_amd64_neutral_2c5d0c618dbfaf2a\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\Ph3xIB64.sys

+ 2009-06-10 20:32 . 2009-06-10 20:32 1627520 c:\windows\system32\DriverStore\FileRepository\ph3xibc0.inf_amd64_neutral_c24bcc939e6dfc23\Ph3xIB64.sys

+ 2009-07-13 21:59 . 2009-07-14 01:41 4326912 c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\nvwgf2umx.dll

+ 2009-07-13 21:59 . 2009-07-14 01:41 3128320 c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\nvwgf2um.dll

+ 2009-07-13 21:59 . 2009-07-14 01:41 9443840 c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\nvd3dumx.dll

+ 2009-06-10 20:37 . 2009-07-14 01:41 7592960 c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\nvd3dum.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 1576448 c:\windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\XPSSVCS.DLL

+ 2010-11-21 03:23 . 2010-11-21 03:23 1058304 c:\windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\PCL5URES.DLL

+ 2010-11-21 03:23 . 2010-11-21 03:23 1057792 c:\windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\PCL5ERES.DLL

+ 2009-06-10 20:35 . 2009-06-10 20:35 5434368 c:\windows\system32\DriverStore\FileRepository\netw5v64.inf_amd64_neutral_a6b778ba802632cc\netw5v64.sys

+ 2011-07-06 08:46 . 2010-11-05 03:57 1041760 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9aeef015c27e1b10\netr28x.sys

+ 2009-06-10 20:34 . 2009-06-10 20:34 3286016 c:\windows\system32\DriverStore\FileRepository\netevbda.inf_amd64_neutral_bab421df9c31cc81\evbda.sys

+ 2009-06-10 20:34 . 2009-06-10 20:34 1311232 c:\windows\system32\DriverStore\FileRepository\netbc664.inf_amd64_neutral_673d3dfb961e9b17\BCMWL664.SYS

+ 2009-06-20 02:09 . 2009-06-20 02:09 1394688 c:\windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_905772087ff288af\athrx.sys

+ 2011-08-02 06:38 . 2011-08-02 06:38 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll

+ 2009-06-10 21:01 . 2009-06-10 21:01 1227776 c:\windows\system32\DriverStore\FileRepository\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\SmSerl64.sys

+ 2009-07-13 22:04 . 2009-06-10 21:01 1485312 c:\windows\system32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\VSTDPV6.SYS

+ 2009-07-13 22:04 . 2009-06-10 21:01 1485312 c:\windows\system32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\VSTDPV6.SYS

+ 2009-06-10 21:01 . 2009-06-10 21:01 1146880 c:\windows\system32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714\agrsm64.sys

+ 2011-05-03 18:07 . 2011-05-03 18:07 9014784 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igfxress.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 7473664 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igdumd64.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 5697024 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igdumd32.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 7385088 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igd10umd64.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 6067712 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igd10umd32.dll

+ 2011-05-03 18:08 . 2011-05-03 18:08 4370712 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\GfxUI.exe

+ 2009-07-13 21:59 . 2009-06-10 20:37 1498564 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igkrng400.bin

+ 2009-07-13 21:59 . 2009-07-14 01:41 5437952 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igdumd64.dll

+ 2009-07-13 21:59 . 2009-07-14 01:41 3805184 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igdumd32.dll

+ 2009-06-10 20:37 . 2009-06-10 20:37 6108416 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igdkmd64.sys

+ 2009-07-13 21:59 . 2009-07-14 01:41 3451904 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igd10umd64.dll

+ 2009-07-13 21:59 . 2009-07-14 01:41 2531328 c:\windows\system32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igd10umd32.dll

+ 2009-07-14 01:18 . 2009-07-14 01:41 1303552 c:\windows\system32\DriverStore\FileRepository\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\hpowiav1.dll

+ 2009-07-14 01:18 . 2009-07-14 01:41 1303552 c:\windows\system32\DriverStore\FileRepository\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\hpowiav1.dll

+ 2009-07-14 01:17 . 2009-07-14 01:41 1708032 c:\windows\system32\DriverStore\FileRepository\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\hpotiop1.dll

+ 2009-07-14 01:19 . 2009-07-14 01:41 1252864 c:\windows\system32\DriverStore\FileRepository\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\hpowiad1.dll

+ 2009-06-10 20:31 . 2009-06-10 20:31 1192448 c:\windows\system32\DriverStore\FileRepository\hcw85b64.inf_amd64_neutral_22b436d5d06ab017\HCW85BDA.sys

+ 2009-07-13 22:53 . 2009-06-10 20:32 1643520 c:\windows\system32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\hcw72DTV.sys

+ 2009-07-13 22:53 . 2009-06-10 20:32 1649024 c:\windows\system32\DriverStore\FileRepository\hcw72b64.inf_amd64_neutral_023772237d3a4ade\hcw72ATV.sys

+ 2009-07-13 21:53 . 2009-06-10 20:36 1297122 c:\windows\system32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\dspcli.bin

+ 2009-07-13 21:53 . 2009-06-10 20:36 1544192 c:\windows\system32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\dicowan.sys

+ 2009-07-13 21:53 . 2009-06-10 20:36 1210684 c:\windows\system32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\c4.bin

+ 2009-07-13 21:53 . 2009-06-10 20:36 1164816 c:\windows\system32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\c2.bin

+ 2009-07-13 21:59 . 2009-07-14 01:40 4772352 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdva.dll

+ 2009-07-13 21:59 . 2009-07-14 01:40 4030976 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdag.dll

+ 2009-07-13 21:59 . 2009-07-14 01:40 4763136 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumd6a.dll

+ 2009-06-10 20:36 . 2009-07-14 01:40 5492736 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumd64.dll

+ 2009-07-13 21:59 . 2009-07-13 21:59 5020672 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atikmdag.sys

+ 2009-07-13 21:59 . 2009-07-14 01:40 3115008 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atidxx64.dll

+ 2009-07-13 21:59 . 2009-07-14 01:40 2342400 c:\windows\system32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atidxx32.dll

+ 2009-07-13 22:04 . 2009-06-10 21:01 1485312 c:\windows\system32\drivers\VSTDPV6.SYS

+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

+ 2011-11-10 07:07 . 2011-09-29 16:29 1923952 c:\windows\system32\drivers\tcpip.sys

+ 2010-12-17 02:28 . 2010-12-17 02:28 1403440 c:\windows\system32\drivers\SynTP.sys

+ 2009-06-10 20:37 . 2009-07-14 01:45 1524816 c:\windows\system32\drivers\ql2300.sys

+ 2010-11-21 03:23 . 2010-11-21 03:23 1659776 c:\windows\system32\drivers\ntfs.sys

+ 2011-07-06 08:46 . 2010-11-05 03:57 1041760 c:\windows\system32\drivers\netr28x.sys

+ 2009-06-10 20:34 . 2009-06-10 20:34 3286016 c:\windows\system32\drivers\evbda.sys

+ 2009-06-10 20:34 . 2009-06-10 20:34 1311232 c:\windows\system32\drivers\BCMWL664.SYS

+ 2010-11-21 03:24 . 2010-11-21 03:24 1066496 c:\windows\system32\Display.dll

+ 2009-07-13 23:55 . 2009-07-14 01:40 1502208 c:\windows\system32\diskcopy.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1340416 c:\windows\system32\diagperf.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1202176 c:\windows\system32\DiagCpl.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 1942856 c:\windows\system32\dfshim.dll

+ 2009-07-13 23:37 . 2009-07-14 01:40 6281216 c:\windows\system32\DDORes.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1087488 c:\windows\system32\dbghelp.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 3391488 c:\windows\system32\dbgeng.dll

+ 2012-01-02 05:49 . 2010-05-26 00:41 2401112 c:\windows\system32\D3DX9_43.dll

+ 2012-01-02 05:49 . 2009-09-04 06:29 2475352 c:\windows\system32\D3DX9_42.dll

+ 2012-01-02 05:49 . 2009-03-09 04:27 5425496 c:\windows\system32\D3DX9_41.dll

+ 2012-01-02 05:49 . 2008-10-14 19:22 5631312 c:\windows\system32\D3DX9_40.dll

+ 2012-01-02 01:58 . 2008-07-10 00:00 4992520 c:\windows\system32\D3DX9_39.dll

+ 2012-01-02 01:58 . 2008-05-30 03:11 4991496 c:\windows\system32\D3DX9_38.dll

+ 2012-01-02 01:58 . 2008-03-05 04:56 4910088 c:\windows\system32\D3DX9_37.dll

+ 2012-01-02 01:58 . 2007-10-12 04:14 5081608 c:\windows\system32\d3dx9_36.dll

+ 2012-01-02 01:58 . 2007-07-19 07:14 5073256 c:\windows\system32\d3dx9_35.dll

+ 2012-01-02 01:58 . 2007-05-16 05:45 4496232 c:\windows\system32\d3dx9_34.dll

+ 2012-01-02 01:58 . 2007-03-12 05:42 4494184 c:\windows\system32\d3dx9_33.dll

+ 2011-05-16 08:02 . 2006-11-29 20:06 4398360 c:\windows\system32\d3dx9_32.dll

+ 2012-01-02 01:54 . 2006-09-28 05:05 3977496 c:\windows\system32\d3dx9_31.dll

+ 2011-10-30 20:09 . 2006-03-31 01:41 3927248 c:\windows\system32\d3dx9_30.dll

+ 2011-10-30 20:09 . 2006-02-02 21:43 3830992 c:\windows\system32\d3dx9_29.dll

+ 2011-10-30 20:09 . 2005-12-05 07:09 3815120 c:\windows\system32\d3dx9_28.dll

+ 2011-10-30 20:09 . 2005-07-22 08:59 3807440 c:\windows\system32\d3dx9_27.dll

+ 2011-10-30 20:09 . 2005-05-26 04:34 3767504 c:\windows\system32\d3dx9_26.dll

+ 2011-10-30 20:09 . 2005-03-18 06:19 3823312 c:\windows\system32\d3dx9_25.dll

+ 2011-10-30 20:09 . 2005-02-05 08:45 3544272 c:\windows\system32\d3dx9_24.dll

+ 2012-01-02 09:46 . 2010-05-26 00:41 1907552 c:\windows\system32\d3dcsx_43.dll

+ 2012-01-02 05:49 . 2009-09-04 06:29 5554512 c:\windows\system32\d3dcsx_42.dll

+ 2012-01-02 09:46 . 2010-05-26 00:41 2526056 c:\windows\system32\D3DCompiler_43.dll

+ 2012-01-02 05:49 . 2009-09-04 06:29 2582888 c:\windows\system32\D3DCompiler_42.dll

+ 2012-01-02 05:49 . 2009-03-09 04:27 2430312 c:\windows\system32\D3DCompiler_41.dll

+ 2012-01-02 05:49 . 2008-10-14 19:22 2605920 c:\windows\system32\D3DCompiler_40.dll

+ 2012-01-02 05:48 . 2008-07-10 00:00 1942552 c:\windows\system32\D3DCompiler_39.dll

+ 2012-01-02 01:58 . 2008-05-30 03:11 1941528 c:\windows\system32\D3DCompiler_38.dll

+ 2012-01-02 01:58 . 2008-03-05 04:56 1860120 c:\windows\system32\D3DCompiler_37.dll

+ 2012-01-02 01:58 . 2007-10-12 04:14 2006552 c:\windows\system32\D3DCompiler_36.dll

+ 2012-01-02 01:58 . 2007-07-19 07:14 1985904 c:\windows\system32\D3DCompiler_35.dll

+ 2012-01-02 01:58 . 2007-05-16 05:45 1401200 c:\windows\system32\D3DCompiler_34.dll

+ 2012-01-02 01:58 . 2007-03-12 05:42 1400176 c:\windows\system32\D3DCompiler_33.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 2067456 c:\windows\system32\d3d9.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1838080 c:\windows\system32\d3d10warp.dll

+ 2009-07-13 23:46 . 2009-07-14 01:40 1267712 c:\windows\system32\d3d10.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1065984 c:\windows\system32\cryptui.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1456128 c:\windows\system32\crypt32.dll

+ 2009-07-14 00:07 . 2009-07-14 01:40 1393152 c:\windows\system32\connect.dll

+ 2009-07-14 00:01 . 2009-07-14 01:40 1735680 c:\windows\system32\comsvcs.dll

+ 2009-07-13 23:59 . 2009-07-14 01:26 1297408 c:\windows\system32\comres.dll

+ 2009-07-13 23:58 . 2009-07-14 01:40 1208832 c:\windows\system32\cmncliM.dll

+ 2009-07-14 00:27 . 2009-07-14 01:41 6100480 c:\windows\system32\chtbrkr.dll

+ 2009-07-14 00:28 . 2009-07-14 01:41 1675776 c:\windows\system32\chsbrkr.dll

+ 2009-07-13 23:50 . 2009-07-14 01:38 1175552 c:\windows\system32\certutil.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 1796096 c:\windows\system32\certmgr.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 1975296 c:\windows\system32\CertEnroll.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 1133568 c:\windows\system32\cdosys.dll

+ 2009-07-13 23:56 . 2009-07-14 01:25 6214144 c:\windows\system32\CardGames.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 2217856 c:\windows\system32\bootres.dll

+ 2010-11-21 03:23 . 2010-11-21 03:23 1927680 c:\windows\system32\authui.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 5066752 c:\windows\system32\AuthFWSnapin.dll

+ 2009-07-14 00:30 . 2009-07-14 01:40 2134528 c:\windows\system32\apds.dll

+ 2009-07-13 23:31 . 2009-07-14 01:40 3739136 c:\windows\system32\AdvancedInstallers\cmiv2.dll

+ 2010-11-21 03:24 . 2010-11-21 03:24 3745792 c:\windows\system32\accessibilitycpl.dll

+ 2011-10-29 21:52 . 2012-05-19 20:14 6056031 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2436082078-2685698106-4065389737-1001-8192.dat

- 2011-10-29 21:52 . 2012-05-19 02:21 6056031 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2436082078-2685698106-4065389737-1001-8192.dat

+ 2010-11-21 03:24 . 2010-11-21 03:24 12625920 c:\windows\system32\wmploc.DLL

+ 2010-11-21 03:24 . 2010-11-21 03:24 14633472 c:\windows\system32\wmp.dll

+ 2009-07-14 02:34 . 2011-12-29 12:44 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-10-29 22:01 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll

+ 2009-07-14 00:33 . 2009-07-14 01:31 12038656 c:\windows\system32\NlsLexicons0007.dll

+ 2009-07-14 00:32 . 2009-07-14 01:31 11722752 c:\windows\system32\NlsLexicons0001.dll

+ 2011-12-28 03:12 . 2011-11-04 02:38 17786368 c:\windows\system32\mshtml.dll

+ 2011-10-29 21:47 . 2011-12-07 01:26 54867776 c:\windows\system32\MRT.exe

+ 2010-11-21 03:24 . 2010-11-21 03:24 10085888 c:\windows\system32\migwiz\wet.dll

+ 2012-04-22 08:25 . 2012-04-22 08:25 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

+ 2009-07-13 23:57 . 2009-07-14 01:28 20268032 c:\windows\system32\imageres.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 19590656 c:\windows\system32\ig4icd64.dll

+ 2011-12-28 03:12 . 2011-11-04 01:59 10886656 c:\windows\system32\ieframe.dll

+ 2010-12-17 02:26 . 2010-12-17 02:26 10249000 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_162e60f83b004bea\SynTPRes.dll

+ 2009-07-13 21:59 . 2009-06-10 20:37 11572512 c:\windows\system32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\nvlddmkm.sys

+ 2011-05-03 18:07 . 2011-05-03 18:07 12262624 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\igdkmd64.sys

+ 2011-05-03 18:07 . 2011-05-03 18:07 19590656 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\ig4icd64.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 14298624 c:\windows\system32\DriverStore\FileRepository\kit34564.inf_amd64_neutral_48b7715163b2731f\ig4icd32.dll

+ 2011-05-03 18:07 . 2011-05-03 18:07 12262624 c:\windows\system32\drivers\igdkmd64.sys

+ 2011-10-29 21:52 . 2012-05-19 14:43 15500352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2436082078-2685698106-4065389737-1001-4096.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

gedew.exe [2012-4-24 142336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-29 17152]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]

R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]

R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R4 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]

R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-29 2152152]

R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-09-26 375176]

R4 PCToolsProtectInjDrv;PCToolsProtectInjDrv;c:\users\Kostaki\AppData\Local\Temp\pcttProtect64.sys [x]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120518.001_16e\IDSvia64.sys [2012-05-17 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-27 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-22 13:06]

.

2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:25]

.

2012-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2436082078-2685698106-4065389737-1001Core.job

- c:\users\Kostaki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 07:43]

.

2012-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2436082078-2685698106-4065389737-1001UA.job

- c:\users\Kostaki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 07:43]

.

.

--------- x86-64 -----------

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vmkbd2

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://startsear.ch/?aff=1

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Kostaki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 61.9.134.49 61.9.133.193

FF - ProfilePath - c:\users\Kostaki\AppData\Roaming\Mozilla\Firefox\Profiles\thgmei3l.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,

7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,

7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,

99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:d8,a7,87,7d,eb,21,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,b4,0c,99,5d,21,fe,42,94,01,47,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,b4,0c,99,5d,21,fe,42,94,01,47,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-20 06:50:01

ComboFix-quarantined-files.txt 2012-05-19 20:49

ComboFix2.txt 2012-05-19 14:53

ComboFix3.txt 2012-05-19 02:33

.

Pre-Run: 296,703,582,208 bytes free

Post-Run: 296,393,768,960 bytes free

.

- - End Of File - - 78314E7CD1C7A439DE0110A54D689BA6

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eqom.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\gedew.exe
c:\windows\system32\dds_trash_log.cmd
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gedew.exe
c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll

Folder::
c:\progra~2\SEARCH~1

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[paoktzi]

didnt i just post that?

[LDTate]

didnt i just post that?

For whatever reason it didn't work as it's only showing it deleted these

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\dds_trash_log.cmd

[LDTate]

Do you still need help with this?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!