View Single Post
  #2  
Old December 20th, 2013, 10:07 PM
chillgv chillgv is offline
New Member
 
Join Date: Dec 2013
O/S: Windows 7 64-bit
Posts: 8
here is my frst.txt log,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Guest (administrator) on CHILLBAR on 20-12-2013 14:44:16
Running from C:\Users\Guest\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-17] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-02-18] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2290337541 484756&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2290337541 484756&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {0AC277E0-493D-44B6-9AF6-B72BAFB9E97D} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={search Terms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYY Y^YY^US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default
FF Homepage: hxxp://www.ask.com/?l=dis&o=2159&gct=hp
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=OVO2&o=2159&locale=en _US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_ptnrs=%5EA2E&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: Instrument Test - C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default\Extensions\testpilot@labs.m ozilla.com.xpi

Chrome:
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{googl e:sourceId}{google:instantExtendedEnabledParameter }{google:omniboxStartMarginParameter}ie={inputEnco ding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledP arameter}{google:ntpIsThemedParameter}ie={inputEnc oding}
CHR Extension: (Google Docs) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1

==================== Services (Whitelisted) =================

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8227216 2012-08-20] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 14:44 - 2013-12-20 14:45 - 00009421 _____ C:\Users\Guest\Downloads\FRST.txt
2013-12-20 14:43 - 2013-12-20 14:43 - 00000000 ____D C:\FRST
2013-12-20 14:41 - 2013-12-20 14:42 - 02193141 _____ (Farbar) C:\Users\Guest\Downloads\FRST64.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.3.Run.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global (1).DiagCab
2013-12-19 15:19 - 2013-12-19 15:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.2.Run.exe
2013-12-19 15:18 - 2013-12-19 15:18 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global. DiagCab
2013-12-19 15:16 - 2013-12-19 15:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.malware.FI SC.50310914526261282.1.1.Run.exe
2013-12-19 14:41 - 2013-12-19 14:43 - 03192224 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp47397.exe
2013-12-19 14:40 - 2013-12-19 14:44 - 10160848 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp48922.exe
2013-12-19 14:36 - 2013-12-19 14:39 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-12-19 14:34 - 2013-12-19 14:36 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-19 14:33 - 2013-12-19 14:44 - 00000000 ____D C:\swsetup
2013-12-19 14:33 - 2013-12-19 14:33 - 01201944 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52509.exe
2013-12-19 14:32 - 2013-12-19 14:37 - 31042496 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp51613.exe
2013-12-19 14:32 - 2013-12-19 14:33 - 02320384 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp57448.exe
2013-12-19 14:32 - 2013-12-19 14:32 - 01592176 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52407.exe
2013-12-19 14:27 - 2013-12-19 14:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-19 14:27 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-19 14:25 - 2013-12-19 14:26 - 04427776 _____ C:\Users\Guest\Downloads\HPSupportSolutionsFramewo rk.msi
2013-12-02 10:42 - 2013-12-02 10:42 - 00023346 _____ C:\Users\Guest\Desktop\combofix.txt
2013-12-02 10:28 - 2013-12-02 10:28 - 00023346 _____ C:\ComboFix.txt
2013-12-02 08:31 - 2013-12-02 10:28 - 00000000 ____D C:\Qoobox
2013-12-02 08:31 - 2013-12-02 10:28 - 00000000 ____D C:\ComboFix
2013-12-02 08:31 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 08:31 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 08:31 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 08:30 - 2013-12-02 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-02 08:10 - 2013-12-02 08:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 07:56 - 2013-12-02 07:57 - 00819184 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2013-12-01 20:45 - 2013-12-01 20:45 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 20:38 - 2013-12-01 20:38 - 00000000 ____D C:\Program Files\iPod
2013-12-01 20:37 - 2013-12-01 20:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 20:37 - 2013-12-01 20:45 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 20:37 - 2013-12-01 20:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 20:04 - 2013-12-01 20:04 - 00000079 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.html
2013-12-01 20:03 - 2013-12-01 20:03 - 00916254 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.bmp
2013-12-01 20:01 - 2013-12-01 20:03 - 00000000 ____D C:\ProgramData\WRData
2013-12-01 19:42 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-01 19:42 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-01 19:42 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-01 19:41 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-01 18:28 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2013-12-01 18:28 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2013-12-01 18:28 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-12-01 18:27 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-12-01 18:27 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-12-01 18:27 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-12-01 18:27 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-12-01 18:27 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-12-01 18:27 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-12-01 18:27 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-01 18:27 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-12-01 18:27 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-12-01 18:27 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-01 18:27 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-12-01 18:27 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-01 18:27 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-12-01 18:27 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-12-01 18:27 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-01 18:27 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-12-01 18:27 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-12-01 18:27 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-12-01 18:27 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-12-01 18:27 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-01 18:27 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-01 17:46 - 2013-12-01 17:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2013-12-01 16:56 - 2013-01-04 00:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-01 16:55 - 2013-01-13 13:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-01 16:55 - 2013-01-13 13:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-01 16:55 - 2013-01-04 00:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-01 16:54 - 2013-01-13 15:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 16:54 - 2013-01-13 13:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-01 16:54 - 2013-01-13 13:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-01 16:54 - 2013-01-13 13:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-01 16:54 - 2013-01-13 12:32 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-01 16:53 - 2013-01-13 14:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-01 16:53 - 2013-01-13 14:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-01 16:53 - 2013-01-13 14:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-01 16:53 - 2013-01-13 13:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-01 16:53 - 2013-01-13 13:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-01 16:53 - 2013-01-13 13:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-01 16:53 - 2013-01-13 13:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-01 16:53 - 2013-01-13 13:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-01 16:53 - 2013-01-13 13:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-01 16:53 - 2013-01-13 13:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-01 16:53 - 2013-01-13 13:43 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-01 16:53 - 2013-01-13 13:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-01 16:53 - 2013-01-13 13:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-01 16:53 - 2013-01-13 13:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-01 16:53 - 2013-01-13 13:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-01 16:53 - 2013-01-13 13:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-01 16:53 - 2013-01-13 13:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-01 16:53 - 2013-01-13 13:15 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-01 16:53 - 2013-01-13 13:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-01 16:53 - 2013-01-13 12:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-01 16:53 - 2013-01-13 12:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-01 16:53 - 2013-01-13 11:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-01 16:53 - 2013-01-13 11:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-01 16:44 - 2012-12-07 07:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-01 16:44 - 2012-12-07 07:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-01 16:44 - 2012-12-07 06:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-01 16:44 - 2012-12-07 06:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-01 16:44 - 2012-12-07 05:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-01 16:43 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-01 16:43 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-01 16:43 - 2013-08-28 20:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-01 16:43 - 2013-08-28 20:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-01 16:43 - 2013-08-28 19:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-01 16:43 - 2013-08-28 19:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-01 16:43 - 2013-04-25 17:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-01 16:43 - 2013-03-31 16:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-01 16:43 - 2013-03-18 23:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-01 16:43 - 2013-03-18 23:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-01 16:43 - 2012-11-29 23:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-01 16:43 - 2012-11-29 23:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-01 16:43 - 2012-11-29 23:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-01 16:43 - 2012-11-29 23:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-01 16:43 - 2012-11-29 23:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-01 16:43 - 2012-11-29 22:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 21:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-01 16:43 - 2012-11-29 20:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 17:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-01 16:43 - 2012-11-29 17:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-01 16:43 - 2012-08-24 12:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-01 16:43 - 2012-08-24 12:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-01 16:43 - 2012-08-24 12:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-01 16:43 - 2012-08-24 12:04 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-01 16:43 - 2012-08-24 12:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-01 16:43 - 2012-08-24 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-01 16:42 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dl l
2013-12-01 16:42 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-01 16:42 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-01 16:42 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dl l
2013-12-01 16:42 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-01 16:42 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-01 16:42 - 2013-09-13 19:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-01 16:42 - 2013-09-07 20:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-01 16:42 - 2013-09-07 20:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-01 16:42 - 2013-09-07 20:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-01 16:42 - 2013-08-28 19:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-01 16:42 - 2013-08-28 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-01 16:42 - 2013-08-28 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-01 16:42 - 2013-08-28 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-01 16:42 - 2013-08-28 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-01 16:42 - 2013-08-04 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-01 16:42 - 2013-07-04 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-01 16:42 - 2013-07-04 06:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-01 16:42 - 2013-07-04 05:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-01 16:42 - 2013-07-04 05:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-01 16:42 - 2013-07-04 04:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-01 16:42 - 2013-03-18 23:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-01 16:42 - 2013-03-18 22:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-01 16:42 - 2013-03-18 21:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-01 16:42 - 2013-01-03 23:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-01 16:42 - 2013-01-03 00:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-01 16:42 - 2012-11-21 23:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-01 16:42 - 2012-11-21 22:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-01 16:37 - 2013-05-09 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-01 16:36 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-01 16:36 - 2013-01-24 00:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-12-20 14:45 - 2013-12-20 14:44 - 00009421 _____ C:\Users\Guest\Downloads\FRST.txt
2013-12-20 14:45 - 2010-10-01 12:23 - 01248046 _____ C:\Windows\WindowsUpdate.log
2013-12-20 14:44 - 2012-10-02 10:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 14:43 - 2013-12-20 14:43 - 00000000 ____D C:\FRST
2013-12-20 14:42 - 2013-12-20 14:41 - 02193141 _____ (Farbar) C:\Users\Guest\Downloads\FRST64.exe
2013-12-20 14:42 - 2012-11-13 09:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 14:42 - 2009-07-13 22:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 14:42 - 2009-07-13 22:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 14:16 - 2012-11-13 09:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 14:16 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 14:16 - 2009-07-13 22:51 - 00050517 _____ C:\Windows\setupact.log
2013-12-19 15:21 - 2013-12-19 15:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.3.Run.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global (1).DiagCab
2013-12-19 15:19 - 2013-12-19 15:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.2.Run.exe
2013-12-19 15:18 - 2013-12-19 15:18 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global. DiagCab
2013-12-19 15:16 - 2013-12-19 15:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.malware.FI SC.50310914526261282.1.1.Run.exe
2013-12-19 14:55 - 2012-10-02 16:41 - 00117188 _____ C:\Windows\PFRO.log
2013-12-19 14:44 - 2013-12-19 14:40 - 10160848 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp48922.exe
2013-12-19 14:44 - 2013-12-19 14:33 - 00000000 ____D C:\swsetup
2013-12-19 14:43 - 2013-12-19 14:41 - 03192224 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp47397.exe
2013-12-19 14:41 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-19 14:39 - 2013-12-19 14:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-12-19 14:37 - 2013-12-19 14:32 - 31042496 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp51613.exe
2013-12-19 14:36 - 2013-12-19 14:34 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-19 14:33 - 2013-12-19 14:33 - 01201944 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52509.exe
2013-12-19 14:33 - 2013-12-19 14:32 - 02320384 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp57448.exe
2013-12-19 14:32 - 2013-12-19 14:32 - 01592176 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52407.exe
2013-12-19 14:27 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-19 14:26 - 2013-12-19 14:25 - 04427776 _____ C:\Users\Guest\Downloads\HPSupportSolutionsFramewo rk.msi
2013-12-19 14:26 - 2009-07-13 23:13 - 00783234 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 14:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-19 13:27 - 2012-12-26 22:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-12-02 10:42 - 2013-12-02 10:42 - 00023346 _____ C:\Users\Guest\Desktop\combofix.txt
2013-12-02 10:28 - 2013-12-02 10:28 - 00023346 _____ C:\ComboFix.txt
2013-12-02 10:28 - 2013-12-02 08:31 - 00000000 ____D C:\Qoobox
2013-12-02 10:28 - 2013-12-02 08:31 - 00000000 ____D C:\ComboFix
2013-12-02 10:28 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-12-02 10:12 - 2013-12-02 08:30 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:07 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-02 08:14 - 2012-10-03 08:22 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2013-12-02 08:10 - 2013-12-02 08:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 08:10 - 2012-11-13 09:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-02 07:57 - 2013-12-02 07:56 - 00819184 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2013-12-01 20:50 - 2012-12-26 21:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-01 20:45 - 2013-12-01 20:45 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 20:45 - 2013-12-01 20:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 20:45 - 2013-12-01 20:37 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 20:44 - 2013-12-01 20:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 20:38 - 2013-12-01 20:38 - 00000000 ____D C:\Program Files\iPod
2013-12-01 20:12 - 2012-12-10 17:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-01 20:04 - 2013-12-01 20:04 - 00000079 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.html
2013-12-01 20:03 - 2013-12-01 20:03 - 00916254 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.bmp
2013-12-01 20:03 - 2013-12-01 20:01 - 00000000 ____D C:\ProgramData\WRData
2013-12-01 19:59 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-01 19:12 - 2012-10-03 10:11 - 00772372 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-01 18:40 - 2012-10-03 07:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-01 17:49 - 2012-10-02 10:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-01 17:49 - 2012-10-02 10:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 17:49 - 2012-10-02 10:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-01 17:48 - 2013-01-02 15:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2013-12-01 17:46 - 2013-12-01 17:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-19 13:54

==================== End Of Log ============================
Reply With Quote