TechSpot

[A] Metamorphic code:. aka Metamorphic virus

By Hiikko
Aug 2, 2012
  1. AUGUST 1, 2012

    Ran quick scan with Malwarebytes and came up with no results. So nothing was logged. Downloaded Gmer from the main mirror unto my desktop. Mind you, I recently installed Avast, updated and reboot before running Marlwarebytes. (The following failures could be a result of avast still running in backround.) Knowing this I still proceeded to disable all anti/firewall and ran Gmer. First scan failed to initiate, pop up screen flashed but went away before I could make out what the warning was about. With Gmer still running I deselect "Devices" and tried again. This time, the scan lasted a little longer until it came to a halt. New warning pop up "ooox<oxox" weird symbols was all I got a glimsp of before the screen went blue with those symbols along with an error message. Few moments pass and the system cold shut down. I tried to boot into safe mode. The normal run down of words scrolling down/up. And then as soon as gui was about iniate, the screen went blue again, and what do you know. Didn't give me enough time read a single word before another cold shut down. What seems odd to me, is that after installing avast, my external monitor would flicker every now again. Mostly before a prompt for administrative action. I'm out ideas, and I thought about disconnecting all devices including my external monitor, but that would seem meaningless. Meaning, my original display is broken. I had to remove it competly in order to boot from external monitor. I'm leaving it alone as it is.

    AUGUST 2, 2012:

    I booted from vista installation cd and attempted to use the program frst.exe saved on my flash drive usb. Ran command prompt from repair window and started the program frst.exe. I thought at least I could generate a report after my failure to run Gmer yesturday. Today, I ran a both scan and searched services.exe. I'm not sure if these reports would help better understand the situation I'm in. To summerize things I installed a pirated vista installation. This has gone on for too many years. When I felt I was free from the virus it emerges in another form. I have reason to believe that I'm dealing with a metamorphic virus.
    More about the virus here: http://en.wikipedia.org/wiki/Metamorphic_code
    I'm also aware that any devices I had used in the past are possibly infected. For now I decided to hold back from interacting with my laptop. Its pretty much the source of my worries where virus dwells. I have read the necessary steps and made preparations to act accordingly. Please advise. Next post will have the reports generated from the program frst.exe
     
  2. Hiikko

    Hiikko TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 02-08-2012 15:36:41
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)
    HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.22.1

    ================================ Services (Whitelisted) ==================

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-07-03] (AVAST Software)
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
    2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation)

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
    1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [113776 2012-07-03] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-07-03] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
    0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-06-27] (ALWIL Software)
    0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [202928 2012-07-03] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
    3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [14904 2010-02-25] (Hewlett-Packard Company)
    3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [164864 2007-08-01] (Conexant Systems Inc.)
    3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
    3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-15] (NVIDIA Corporation)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-02 15:36 - 2012-08-02 15:36 - 00000000 ____D C:\FRST
    2012-08-02 14:31 - 2012-08-02 14:31 - 00134144 ____A C:\Windows\Minidump\Mini080212-01.dmp
    2012-08-01 18:38 - 2012-08-02 14:31 - 00000000 ____D C:\Windows\Minidump
    2012-08-01 18:38 - 2012-08-01 18:38 - 00138216 ____A C:\Windows\Minidump\Mini080112-01.dmp
    2012-08-01 18:37 - 2012-08-02 14:31 - 104549363 ____A C:\Windows\MEMORY.DMP
    2012-08-01 18:29 - 2012-08-01 18:29 - 00302592 ____A C:\Users\HIIKKO\Desktop\ezjz3247.exe
    2012-08-01 18:13 - 2012-08-01 18:13 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\Malwarebytes
    2012-08-01 18:12 - 2012-08-01 18:12 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-01 18:12 - 2012-08-01 18:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-01 18:12 - 2012-08-01 18:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-08-01 18:12 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-01 18:05 - 2012-07-03 08:21 - 00113776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2012-08-01 18:04 - 2012-07-03 08:21 - 00202928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2012-08-01 18:04 - 2012-07-03 08:21 - 00018544 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2012-08-01 18:04 - 2012-06-27 12:33 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
    2012-08-01 18:01 - 2012-08-01 18:01 - 00001829 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-08-01 17:55 - 2012-08-01 17:55 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\Adobe
    2012-08-01 17:54 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-01 17:54 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-01 17:54 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-01 17:54 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-01 17:54 - 2012-07-03 08:21 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-08-01 17:54 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-01 17:53 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-01 17:53 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-01 17:52 - 2012-08-01 17:52 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-08-01 17:52 - 2012-08-01 17:52 - 00000000 ____D C:\Program Files\AVAST Software
    2012-08-01 17:44 - 2012-08-01 17:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\HIIKKO\Desktop\mbam-setup-1.62.0.1300.exe
    2012-08-01 17:43 - 2012-08-01 17:47 - 89340632 ____A C:\Users\HIIKKO\Desktop\avast_free_antivirus_setup.exe
    2012-08-01 15:55 - 2008-06-19 17:14 - 00781344 ____A (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll
    2012-08-01 15:55 - 2008-06-19 17:14 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\icardagt.exe
    2012-08-01 15:55 - 2008-06-19 17:14 - 00326160 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
    2012-08-01 15:55 - 2008-06-19 17:14 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2012-08-01 15:55 - 2008-06-19 17:14 - 00097800 ____A (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
    2012-08-01 15:55 - 2008-06-19 17:14 - 00043544 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
    2012-08-01 15:55 - 2008-06-19 17:14 - 00037384 ____A (Microsoft Corporation) C:\Windows\System32\infocardcpl.cpl
    2012-08-01 15:55 - 2008-06-19 17:14 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\icardres.dll
    2012-08-01 15:50 - 2008-07-27 10:03 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
    2012-08-01 15:50 - 2008-07-27 10:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
    2012-08-01 15:50 - 2008-07-27 10:03 - 00096760 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
    2012-08-01 15:50 - 2008-07-27 10:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
    2012-08-01 15:49 - 2011-02-22 04:51 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2012-08-01 15:49 - 2008-07-27 10:03 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll
    2012-08-01 15:33 - 2007-08-12 03:00 - 00001732 ____A C:\Windows\System32\Drivers\nvphy.bin
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\QSwitch.txt
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\DSwitch.txt
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\AtStart.txt
    2012-08-01 14:55 - 2012-08-01 14:55 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
    2012-08-01 14:43 - 2012-08-01 14:43 - 00000000 ____D C:\Users\HIIKKO\Documents\Siaxis
    2012-08-01 13:32 - 2012-05-31 11:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-08-01 13:26 - 2012-08-01 13:26 - 00000000 ____D C:\Program Files\LibUSB-Win32-0.1.10.1
    2012-08-01 13:26 - 2005-03-09 19:50 - 00033792 ____A C:\Windows\System32\Drivers\libusb0.sys
    2012-08-01 13:26 - 2005-03-09 19:50 - 00019456 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-9x.exe
    2012-08-01 13:26 - 2005-03-09 19:50 - 00018944 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
    2012-08-01 13:25 - 2005-03-10 03:50 - 00046592 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
    2012-08-01 13:24 - 2012-08-01 13:24 - 00388751 ____A C:\Users\HIIKKO\Downloads\11679_Sixaxis_PS3_Win32_Driver_For_PC.rar
    2012-08-01 13:24 - 2012-08-01 13:24 - 00000000 ____D C:\Windows\System32\libusb-win32-bin-1.2.6.0
    2012-08-01 13:22 - 2012-08-01 14:33 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\vlc
    2012-08-01 13:18 - 2012-08-01 13:18 - 00000000 ____D C:\Program Files\VideoLAN
    2012-08-01 13:10 - 2008-05-26 21:21 - 01582592 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
    2012-08-01 13:10 - 2008-05-26 21:21 - 01418240 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00670208 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00439808 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
    2012-08-01 13:10 - 2008-05-26 21:18 - 00350208 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\msshsq.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00184832 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
    2012-08-01 13:10 - 2008-05-26 21:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\nlhtml.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\propdefs.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\xmlfilter.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\msstrc.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\mimefilt.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\rtffilt.dll
    2012-08-01 13:10 - 2008-05-26 21:18 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\wsepno.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 06103040 ____A (Microsoft Corporation) C:\Windows\System32\chtbrkr.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 01671680 ____A (Microsoft Corporation) C:\Windows\System32\chsbrkr.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00754176 ____A (Microsoft Corporation) C:\Windows\System32\propsys.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\thawbrkr.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00301568 ____A (Microsoft Corporation) C:\Windows\System32\srchadmin.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\offfilt.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00143872 ____A (Microsoft Corporation) C:\Windows\System32\korwbrkr.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
    2012-08-01 13:10 - 2008-05-26 21:17 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\msscb.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
    2012-08-01 13:10 - 2008-05-26 21:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
    2012-08-01 13:10 - 2008-05-26 20:59 - 00106605 ____A C:\Windows\System32\StructuredQuerySchema.bin
    2012-08-01 13:10 - 2008-05-26 20:59 - 00018904 ____A C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    2012-08-01 13:10 - 2007-11-08 01:04 - 11967524 ____A C:\Windows\System32\korwbrkr.lex
    2012-08-01 13:06 - 2010-04-14 09:47 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
    2012-08-01 13:06 - 2010-04-14 09:47 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
    2012-08-01 13:06 - 2010-04-14 09:46 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
    2012-08-01 13:06 - 2008-04-22 20:41 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
    2012-08-01 13:02 - 2012-08-01 15:25 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-08-01 12:56 - 2012-08-01 12:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2012-08-01 12:56 - 2012-08-01 12:56 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\hpqLog
    2012-08-01 12:56 - 2012-08-01 12:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
    2012-08-01 12:56 - 2012-08-01 12:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
    2012-08-01 12:55 - 2012-08-02 14:31 - 00031966 ____A C:\Users\All Users\nvModes.001
    2012-08-01 12:55 - 2012-08-01 18:39 - 00031966 ____A C:\Users\All Users\nvModes.dat
    2012-08-01 12:55 - 2012-08-01 12:56 - 00000000 ____D C:\Windows\QLB
    2012-08-01 12:55 - 2012-08-01 12:55 - 22617148 ____A C:\Users\HIIKKO\Downloads\vlc-2.0.3-win32.exe
    2012-08-01 12:55 - 2009-04-29 06:46 - 00015872 ____A (Hewlett-Packard Development Company, L.P.) C:\Windows\System32\Drivers\HpqKbFiltr.sys
    2012-08-01 12:55 - 2008-09-08 12:31 - 01885488 ___RA (Hewlett-Packard Company) C:\Windows\System32\BttnCmn.dll
    2012-08-01 12:55 - 2008-09-08 12:31 - 01885488 ____A (Hewlett-Packard Company) C:\Windows\System32\BttnCmns.dll
    2012-08-01 12:55 - 2006-11-02 05:09 - 01419232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01005.dll
    2012-08-01 12:54 - 2012-08-01 14:55 - 00000916 ____A C:\Windows\setupact.log
    2012-08-01 12:54 - 2012-08-01 12:54 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-01 12:47 - 2010-02-20 15:39 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\nshhttp.dll
    2012-08-01 12:47 - 2010-02-20 15:37 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll
    2012-08-01 12:47 - 2010-02-20 13:18 - 00411136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2012-08-01 12:43 - 2009-10-09 13:56 - 01181696 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
    2012-08-01 12:43 - 2009-10-09 13:56 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\winrscmd.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00214016 ____A (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00145408 ____A (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\pwrshplugin.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\winrs.exe
    2012-08-01 12:43 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winrshost.exe
    2012-08-01 12:43 - 2009-10-09 13:56 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe
    2012-08-01 12:43 - 2009-10-09 13:56 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\winrssrv.dll
    2012-08-01 12:43 - 2009-10-09 13:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\winrsmgr.dll
    2012-08-01 12:43 - 2009-10-09 13:55 - 00252416 ____A (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
    2012-08-01 12:43 - 2009-10-09 13:55 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\wecsvc.dll
    2012-08-01 12:43 - 2009-10-09 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\wevtfwd.dll
    2012-08-01 12:43 - 2009-10-09 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\wecutil.exe
    2012-08-01 12:43 - 2009-10-09 13:55 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\wecapi.dll
    2012-08-01 12:43 - 2009-10-09 13:55 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\WsmRes.dll
    2012-08-01 12:43 - 2009-07-31 22:27 - 00201184 ____A C:\Windows\System32\winrm.vbs
    2012-08-01 12:43 - 2009-07-16 09:30 - 00004675 ____A C:\Windows\System32\wsmanconfig_schema.xml
    2012-08-01 12:43 - 2009-07-16 09:30 - 00002426 ____A C:\Windows\System32\WsmTxt.xsl
    2012-08-01 12:40 - 2010-08-17 05:32 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-01 12:40 - 2009-07-17 06:35 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\atl.dll
    2012-08-01 12:39 - 2011-04-21 07:00 - 01174528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-01 12:39 - 2011-04-21 07:00 - 00833024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-01 12:39 - 2011-04-21 06:59 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-08-01 12:39 - 2011-04-21 06:58 - 03593728 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-01 12:39 - 2011-04-21 06:58 - 00671232 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-08-01 12:39 - 2011-04-21 06:58 - 00477184 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-01 12:39 - 2011-04-21 06:58 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-01 12:39 - 2011-04-21 06:58 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 06078976 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00380928 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00193024 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-08-01 12:39 - 2011-04-21 06:57 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
    2012-08-01 12:39 - 2011-04-21 05:28 - 00389632 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-08-01 12:39 - 2011-04-21 05:08 - 01383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-01 12:39 - 2010-10-15 06:08 - 03600272 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-08-01 12:39 - 2010-10-15 06:08 - 03548048 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-01 12:39 - 2010-10-15 05:48 - 01205080 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2012-08-01 12:39 - 2010-09-10 10:18 - 10626560 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2012-08-01 12:39 - 2010-09-10 08:37 - 08147456 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
    2012-08-01 12:39 - 2010-05-04 08:53 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-01 12:39 - 2010-02-25 20:03 - 02452872 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-08-01 12:39 - 2009-09-10 09:30 - 00213504 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2012-08-01 12:39 - 2009-08-14 08:29 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\netiohlp.dll
    2012-08-01 12:39 - 2009-08-14 08:29 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-08-01 12:39 - 2009-08-14 06:16 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
    2012-08-01 12:39 - 2009-08-14 06:16 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\ARP.EXE
    2012-08-01 12:39 - 2009-08-14 06:16 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\ROUTE.EXE
    2012-08-01 12:39 - 2009-08-14 06:16 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\MRINFO.EXE
    2012-08-01 12:39 - 2009-08-14 06:16 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\finger.exe
    2012-08-01 12:39 - 2009-08-14 06:16 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    2012-08-01 12:39 - 2009-08-14 06:16 - 00008704 ____A (Microsoft Corporation) C:\Windows\System32\HOSTNAME.EXE
    2012-08-01 12:39 - 2009-06-10 04:11 - 02868224 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-08-01 12:39 - 2009-06-10 04:11 - 02386944 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL
    2012-08-01 12:38 - 2011-07-06 06:56 - 00213504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2012-08-01 12:38 - 2011-04-29 04:49 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2012-08-01 12:38 - 2011-04-29 04:49 - 00079360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2012-08-01 12:38 - 2011-04-14 06:24 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
    2012-08-01 12:38 - 2011-03-10 08:12 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
    2012-08-01 12:38 - 2011-03-10 08:12 - 01136640 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
    2012-08-01 12:38 - 2011-02-18 05:31 - 00304640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
    2012-08-01 12:38 - 2011-02-16 07:29 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-08-01 12:38 - 2011-02-16 05:24 - 00292864 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-08-01 12:38 - 2010-12-28 06:57 - 00409600 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
    2012-08-01 12:38 - 2010-06-16 07:12 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2012-08-01 12:38 - 2010-05-27 11:16 - 00081920 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll
    2012-08-01 12:38 - 2010-04-16 08:10 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2012-08-01 12:38 - 2010-04-05 08:07 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
    2012-08-01 12:38 - 2009-08-10 03:01 - 01399296 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-08-01 12:38 - 2009-07-11 11:32 - 00513024 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
    2012-08-01 12:38 - 2009-07-11 11:32 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
    2012-08-01 12:38 - 2009-07-11 11:32 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
    2012-08-01 12:38 - 2009-07-11 11:29 - 00127488 ____A (Microsoft Corporation) C:\Windows\System32\L2SecHC.dll
    2012-08-01 12:38 - 2009-07-11 09:18 - 02501921 ____A C:\Windows\System32\wlan.tmf
    2012-08-01 12:38 - 2009-07-10 04:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\shsvcs.dll
    2012-08-01 12:38 - 2009-06-15 07:20 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2012-08-01 12:38 - 2008-12-05 20:42 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
    2012-08-01 12:38 - 2008-10-21 19:57 - 00241152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
    2012-08-01 12:38 - 2008-10-20 21:25 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
    2012-08-01 12:38 - 2008-06-18 19:31 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
    2012-08-01 12:38 - 2008-02-28 23:14 - 00019000 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
    2012-08-01 12:38 - 2008-02-28 23:11 - 00988216 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2012-08-01 12:38 - 2008-02-28 23:11 - 00927288 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2012-08-01 12:38 - 2008-02-28 22:53 - 00378368 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-01 12:38 - 2008-02-28 22:53 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2012-08-01 12:38 - 2008-02-28 22:53 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2012-08-01 12:38 - 2008-02-28 22:35 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\kbd106n.dll
    2012-08-01 12:38 - 2008-02-28 20:12 - 00318464 ____A (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2012-08-01 12:38 - 2008-02-28 20:12 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\srdelayed.exe
    2012-08-01 12:38 - 2008-02-21 21:05 - 00615992 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
    2012-08-01 12:37 - 2011-04-21 05:16 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2012-08-01 12:37 - 2011-03-02 06:49 - 00167936 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
    2012-08-01 12:37 - 2011-03-02 06:49 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
    2012-08-01 12:37 - 2010-10-28 04:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-08-01 12:37 - 2010-06-28 08:15 - 01315840 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
    2012-08-01 12:37 - 2009-05-04 02:11 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
    2012-08-01 12:37 - 2008-04-17 21:48 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\es.dll
    2012-08-01 12:37 - 2008-04-04 19:34 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\pacerprf.dll
    2012-08-01 12:37 - 2008-04-04 17:21 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
    2012-08-01 12:36 - 2011-06-02 04:59 - 02042368 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-01 12:36 - 2011-04-29 04:49 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2012-08-01 12:36 - 2011-04-29 04:49 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2012-08-01 12:36 - 2011-02-16 07:35 - 00430080 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-01 12:36 - 2011-02-16 07:32 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-01 12:36 - 2008-06-05 19:27 - 00562176 ____A (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
    2012-08-01 12:36 - 2008-06-05 19:27 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\xolehlp.dll
    2012-08-01 12:36 - 2008-05-08 13:59 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\scrobj.dll
    2012-08-01 12:36 - 2008-05-08 13:59 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\scrrun.dll
    2012-08-01 12:36 - 2008-05-08 13:59 - 00155648 ____A (Microsoft Corporation) C:\Windows\System32\wscript.exe
    2012-08-01 12:36 - 2008-05-08 13:59 - 00090112 ____A (Microsoft Corporation) C:\Windows\System32\wshext.dll
    2012-08-01 12:36 - 2008-05-08 13:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\wshom.ocx
    2012-08-01 12:36 - 2008-05-08 13:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\cscript.exe
    2012-08-01 12:35 - 2011-03-03 06:56 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll
    2012-08-01 12:35 - 2011-03-03 05:01 - 04240384 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll
    2012-08-01 12:35 - 2010-12-20 07:39 - 00563200 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2012-08-01 12:35 - 2010-12-14 07:49 - 01169408 ____A (Microsoft Corporation) C:\Windows\System32\sdclt.exe
    2012-08-01 12:35 - 2010-10-18 06:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2012-08-01 12:35 - 2010-08-31 07:41 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll
    2012-08-01 12:35 - 2010-08-31 07:41 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll
    2012-08-01 12:35 - 2010-08-26 08:07 - 00157184 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
    2012-08-01 12:35 - 2010-06-18 08:43 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
    2012-08-01 12:35 - 2010-04-05 08:08 - 00317952 ____A (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
    2012-08-01 12:35 - 2009-10-23 09:42 - 00714240 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
    2012-08-01 12:35 - 2009-08-10 05:05 - 00351232 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
    2012-08-01 12:35 - 2009-07-14 05:00 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll
    2012-08-01 12:35 - 2009-07-14 00:30 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.tlb
    2012-08-01 12:35 - 2009-07-14 00:30 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\amcompat.tlb
    2012-08-01 12:35 - 2009-06-15 10:20 - 00439896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-08-01 12:35 - 2009-06-15 07:24 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2012-08-01 12:35 - 2009-06-15 07:24 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2012-08-01 12:35 - 2009-06-15 07:23 - 01256448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-08-01 12:35 - 2009-06-15 07:21 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-01 12:35 - 2009-06-15 04:57 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2012-08-01 12:35 - 2009-06-10 04:12 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
    2012-08-01 12:35 - 2009-04-23 04:42 - 00636928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-01 12:35 - 2008-10-28 22:29 - 02927104 ____A (Microsoft Corporation) C:\Windows\explorer.exe
    2012-08-01 12:35 - 2008-10-15 20:47 - 00466944 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-01 12:35 - 2008-06-25 19:29 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll
    2012-08-01 12:35 - 2008-03-07 20:21 - 01695744 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2012-08-01 12:34 - 2011-01-21 07:46 - 11582464 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-08-01 12:34 - 2011-01-21 07:46 - 00351744 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
    2012-08-01 12:34 - 2010-12-29 09:41 - 00429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2012-08-01 12:34 - 2010-12-29 09:41 - 00323072 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
    2012-08-01 12:34 - 2010-12-29 09:41 - 00153088 ____A (Microsoft Corporation) C:\Windows\System32\sbeio.dll
    2012-08-01 12:34 - 2010-12-29 09:39 - 00177664 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
    2012-08-01 12:34 - 2010-11-06 03:10 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
    2012-08-01 12:34 - 2010-11-06 03:10 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
    2012-08-01 12:34 - 2010-11-06 03:10 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
    2012-08-01 12:34 - 2010-11-06 03:09 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
    2012-08-01 12:34 - 2010-11-04 16:53 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
    2012-08-01 12:34 - 2010-02-18 06:11 - 00190464 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-08-01 12:34 - 2010-02-18 03:52 - 00025088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
    2012-08-01 12:34 - 2010-01-21 07:59 - 00062464 ____A (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
    2012-08-01 12:34 - 2009-03-02 20:39 - 00551424 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll
    2012-08-01 12:34 - 2009-03-02 20:39 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\sdohlp.dll
    2012-08-01 12:34 - 2009-03-02 20:39 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
    2012-08-01 12:34 - 2009-03-02 20:37 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll
    2012-08-01 12:34 - 2009-03-02 20:37 - 00054784 ____A (Microsoft Corporation) C:\Windows\System32\iasads.dll
    2012-08-01 12:34 - 2009-03-02 20:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\iasdatastore.dll
    2012-08-01 12:34 - 2009-03-02 19:04 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    2012-08-01 12:34 - 2009-03-02 18:38 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\iashost.exe
    2012-08-01 12:34 - 2008-06-25 19:29 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\NaturalLanguage6.dll
    2012-08-01 12:34 - 2008-06-25 17:45 - 12240896 ____A (Microsoft Corporation) C:\Windows\System32\NlsLexicons0007.dll
    2012-08-01 12:34 - 2008-06-25 17:45 - 02644480 ____A (Microsoft Corporation) C:\Windows\System32\NlsLexicons0009.dll
    2012-08-01 12:33 - 2011-05-02 07:58 - 00738816 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2012-08-01 12:33 - 2011-04-20 06:47 - 00375808 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-01 12:33 - 2011-04-20 06:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2012-08-01 12:33 - 2011-04-12 06:53 - 00890368 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-01 12:33 - 2010-08-31 07:40 - 00531968 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
    2012-08-01 12:33 - 2010-08-20 07:21 - 00866816 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
    2012-08-01 12:33 - 2010-06-16 07:59 - 00898952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-01 12:33 - 2010-06-11 07:30 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-08-01 12:33 - 2010-04-16 08:10 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2012-08-01 12:33 - 2010-01-25 04:48 - 00472576 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
    2012-08-01 12:33 - 2010-01-25 04:48 - 00472064 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
    2012-08-01 12:33 - 2010-01-25 04:48 - 00151040 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
    2012-08-01 12:33 - 2010-01-25 04:48 - 00151040 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
    2012-08-01 12:33 - 2010-01-25 04:45 - 00329216 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll
    2012-08-01 12:33 - 2010-01-25 00:35 - 00523776 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
    2012-08-01 12:33 - 2010-01-25 00:35 - 00346624 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
    2012-08-01 12:33 - 2010-01-25 00:34 - 00511488 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
    2012-08-01 12:33 - 2010-01-25 00:34 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
    2012-08-01 12:33 - 2009-12-23 04:43 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-01 12:33 - 2009-09-04 04:24 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
    2012-08-01 12:33 - 2009-03-16 19:38 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\amxread.dll
    2012-08-01 12:33 - 2009-03-16 19:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\apilogen.dll
    2012-08-01 12:33 - 2008-10-20 21:25 - 01645568 ____A (Microsoft Corporation) C:\Windows\System32\connect.dll
    2012-08-01 12:33 - 2008-09-17 20:56 - 00147456 ____A (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
    2012-08-01 12:33 - 2008-09-17 20:56 - 00125952 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll
    2012-08-01 12:33 - 2008-08-27 19:40 - 00712704 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2012-08-01 12:33 - 2008-08-27 19:40 - 00425472 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
    2012-08-01 12:33 - 2008-08-27 19:40 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2012-08-01 12:33 - 2008-08-01 19:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-08-01 12:33 - 2008-08-01 17:01 - 00625152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-08-01 12:33 - 2008-06-25 19:29 - 00565248 ____A (Microsoft Corporation) C:\Windows\System32\emdmgmt.dll
    2012-08-01 12:33 - 2008-06-25 19:29 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\dataclen.dll
    2012-08-01 12:33 - 2008-06-22 17:59 - 00996352 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll
    2012-08-01 12:33 - 2008-06-22 17:58 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\logagent.exe
    2012-08-01 12:33 - 2008-05-19 18:07 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
    2012-08-01 12:33 - 2008-05-09 17:33 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
    2012-08-01 12:32 - 2010-12-17 08:43 - 02067456 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2012-08-01 12:32 - 2010-12-17 07:06 - 00677888 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2012-08-01 12:32 - 2009-12-28 04:35 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
    2012-08-01 12:32 - 2009-12-28 04:32 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\msvfw32.dll
    2012-08-01 12:32 - 2009-12-28 04:32 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
    2012-08-01 12:32 - 2009-12-28 04:32 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
    2012-08-01 12:32 - 2009-12-28 04:32 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
    2012-08-01 12:32 - 2009-12-28 04:31 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
    2012-08-01 12:32 - 2009-12-28 04:31 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
    2012-08-01 12:32 - 2009-12-28 04:28 - 00091136 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
    2012-08-01 12:32 - 2009-12-28 04:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\avicap32.dll
    2012-08-01 12:32 - 2009-04-23 04:43 - 00784896 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2012-08-01 12:32 - 2009-04-02 04:37 - 00604672 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
    2012-08-01 12:27 - 2010-01-14 16:04 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
    2012-08-01 12:27 - 2009-10-07 04:41 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll
    2012-08-01 12:27 - 2009-10-07 04:41 - 00244224 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
    2012-08-01 12:25 - 2012-08-01 12:27 - 00027430 ____A C:\Users\HIIKKO\AppData\Roaming\nvModes.dat
    2012-08-01 12:25 - 2012-08-01 12:27 - 00027430 ____A C:\Users\HIIKKO\AppData\Roaming\nvModes.001
    2012-08-01 12:19 - 2008-08-11 19:39 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-01 12:10 - 2009-09-10 07:21 - 00310784 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe
    2012-08-01 12:10 - 2009-07-14 04:59 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
    2012-08-01 12:10 - 2009-07-14 04:59 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
    2012-08-01 12:10 - 2009-07-14 04:58 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
    2012-08-01 12:02 - 2012-08-01 12:02 - 00000052 ____A C:\Windows\System32\DOErrors.log
    2012-08-01 12:00 - 2011-04-29 06:54 - 00276992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-08-01 11:51 - 2012-08-01 12:56 - 00000000 ____D C:\Program Files\Hewlett-Packard
    2012-08-01 11:51 - 2012-08-01 11:51 - 00000000 ____D C:\Program Files\HP
    2012-08-01 11:45 - 2012-08-01 10:50 - 00000000 ____D C:\Windows\Panther
    2012-08-01 11:44 - 2012-08-01 11:44 - 00008192 __RAS C:\BOOTSECT.BAK
    2012-08-01 11:44 - 2008-01-20 18:24 - 00333203 _RASH C:\bootmgr
    2012-08-01 11:43 - 2012-08-01 11:43 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\Mozilla
    2012-08-01 11:43 - 2012-08-01 11:43 - 00000000 ____D C:\Users\HIIKKO\AppData\Local\Mozilla
    2012-08-01 11:32 - 2012-08-01 11:32 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\Macromedia
    2012-08-01 11:31 - 2012-08-01 16:07 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-08-01 11:27 - 2012-08-01 11:27 - 00000000 ____D C:\Windows\pss
    2012-08-01 11:23 - 2009-06-24 10:38 - 01108512 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpluir.dll
    2012-08-01 11:23 - 2009-06-24 10:38 - 00797216 ____A (NVIDIA Corporation) C:\Windows\System32\nvcplui.exe
    2012-08-01 11:23 - 2009-06-24 10:38 - 00420384 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.cpl
    2012-08-01 11:23 - 2007-09-18 21:05 - 00307200 ____A (NVIDIA Corporation) C:\Windows\System32\nvexpbar.dll
    2012-08-01 11:22 - 2012-08-01 11:23 - 00010169 ____A C:\Windows\bcmwl.log
    2012-08-01 11:22 - 2012-08-01 11:22 - 00000000 ____D C:\Program Files\Broadcom
    2012-08-01 11:22 - 2008-10-23 01:16 - 00087280 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000793 ____A C:\Windows\System32\HCW85HP.log
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ____D C:\Windows\System32\Hauppauge
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ____D C:\Program Files\WinTV
    2012-08-01 11:21 - 2007-05-01 14:26 - 00258104 ____A (Hauppauge Computer Works) C:\Windows\System32\hcwpnp32.dll
    2012-08-01 11:21 - 2006-10-10 17:47 - 00036921 ____A (Hauppauge Computer Works) C:\Windows\System32\hcwutl32.dll
    2012-08-01 11:21 - 2006-10-10 16:47 - 00036921 ____A (Hauppauge Computer Works) C:\Windows\System32\hcwutl32_priv.dll
    2012-08-01 11:21 - 2006-10-10 09:15 - 00098360 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\hcwi2c32.dll
    2012-08-01 11:20 - 2012-08-01 11:21 - 00004204 ____A C:\Windows\DPINST.LOG
    2012-08-01 11:20 - 2012-08-01 11:21 - 00000000 ____D C:\Program Files\Apoint2K
    2012-08-01 11:19 - 2012-08-01 12:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-08-01 11:19 - 2007-03-21 21:02 - 00037376 ____A (REDC) C:\Windows\System32\Drivers\rixdptsk.sys
    2012-08-01 11:19 - 2007-02-24 13:42 - 00039936 ____A (REDC) C:\Windows\System32\Drivers\rimmptsk.sys
    2012-08-01 11:19 - 2007-01-23 15:40 - 00042496 ____A (REDC) C:\Windows\System32\Drivers\rimsptsk.sys
    2012-08-01 11:19 - 2005-05-07 11:06 - 00016480 ____A C:\Windows\System32\rixdicon.dll
    2012-08-01 11:19 - 2004-09-04 02:00 - 00090112 ____A (Sony Corporation) C:\Windows\System32\snymsico.dll
    2012-08-01 11:18 - 2012-08-01 11:18 - 00000000 ____D C:\Program Files\Common Files\InstallShield
    2012-08-01 11:18 - 2007-02-13 03:55 - 00356352 ____A (NVIDIA Corporation) C:\Windows\System32\nvusmu.exe
    2012-08-01 11:18 - 2006-12-14 02:48 - 00000528 ____A C:\Windows\System32\nvsmu.nvu
    2012-08-01 11:18 - 2006-11-07 18:48 - 00356352 ____A (NVIDIA Corporation) C:\Windows\System32\nvusmb.exe
    2012-08-01 11:18 - 2006-10-18 19:36 - 00001864 ____A C:\Windows\System32\nvsmb.nvu
    2012-08-01 11:17 - 2012-08-01 12:45 - 00000000 ____D C:\Program Files\CONEXANT
    2012-08-01 11:17 - 2012-08-01 11:17 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\InstallShield
    2012-08-01 11:15 - 2012-08-01 11:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-08-01 11:15 - 2012-08-01 11:15 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-08-01 11:15 - 2012-08-01 11:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2012-08-01 11:14 - 2012-08-01 17:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-01 11:14 - 2012-08-01 11:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-01 11:14 - 2012-08-01 11:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-01 11:14 - 2012-08-01 11:14 - 00000000 ____D C:\Windows\System32\Macromed
    2012-08-01 11:13 - 2012-08-01 13:25 - 00000000 ____D C:\Users\HIIKKO\AppData\Roaming\WinRAR
    2012-08-01 11:13 - 2012-08-01 11:13 - 00000000 ____D C:\Users\All Users\Sun
    2012-08-01 11:13 - 2012-08-01 11:13 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-08-01 11:13 - 2012-08-01 11:11 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-01 11:13 - 2012-08-01 11:11 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-01 11:13 - 2012-08-01 11:11 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-01 11:12 - 2012-08-01 11:11 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-01 11:12 - 2012-08-01 11:11 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-01 11:11 - 2012-08-01 11:13 - 00000000 ____D C:\Program Files\WinRAR
    2012-08-01 11:11 - 2012-08-01 11:11 - 00000000 ____D C:\Program Files\Java
    2012-08-01 11:02 - 2012-08-01 12:49 - 00007680 ____A C:\Users\HIIKKO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-01 11:02 - 2012-08-01 12:17 - 00000000 ____D C:\Drivers_Vista
    2012-08-01 11:02 - 2009-06-24 10:38 - 13601312 ____A (NVIDIA Corporation)
     
  3. Hiikko

    Hiikko TS Rookie Topic Starter

    C:\Windows\System32\nvcpl.dll
    2012-08-01 11:02 - 2009-06-24 10:38 - 00520192 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
    2012-08-01 11:02 - 2009-06-24 10:38 - 00485920 ____A (NVIDIA Corporation) C:\Windows\System32\nvuninst.exe
    2012-08-01 11:02 - 2008-03-03 10:34 - 02125312 ____A (Conexant Systems Inc.) C:\Windows\System32\CnxtAp32.dll
    2012-08-01 11:02 - 2007-09-18 21:05 - 01500160 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
    2012-08-01 11:02 - 2007-09-18 21:05 - 00147456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcolor.exe
    2012-08-01 11:02 - 2007-09-18 21:05 - 00036864 ____A (NVIDIA Corporation) C:\Windows\System32\nvcod100.dll
    2012-08-01 11:02 - 2007-08-26 14:20 - 01062048 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvmfdx32.sys
    2012-08-01 11:02 - 2007-08-26 13:43 - 00201728 ____A (NVIDIA Corporation) C:\Windows\System32\fdco1.dll
    2012-08-01 11:02 - 2007-08-26 11:42 - 00356352 ____A (NVIDIA Corporation) C:\Windows\System32\nvunrm.exe
    2012-08-01 11:02 - 2007-08-26 11:42 - 00036864 ____A (NVIDIA Corporation) C:\Windows\System32\nvconrm.dll
    2012-08-01 11:02 - 2007-08-26 11:38 - 00001929 ____A C:\Windows\System32\nvnrm.nvu
    2012-08-01 11:02 - 2007-08-01 07:42 - 00164864 ____A (Conexant Systems Inc.) C:\Windows\System32\Drivers\CHDART.sys
    2012-08-01 11:02 - 2007-07-23 16:08 - 00217088 ____A (Conexant Systems, Inc.) C:\Windows\System32\UCI32A21.dll
    2012-08-01 11:02 - 2007-07-07 12:58 - 00155136 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys
    2012-08-01 11:02 - 2007-02-15 17:50 - 00012032 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvsmu.sys
    2012-08-01 11:02 - 2006-11-02 00:09 - 01419232 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoinstaller01005.dll
    2012-08-01 11:02 - 2006-10-18 12:30 - 00100354 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Vxdif.dll
    2012-08-01 11:00 - 2012-08-01 15:01 - 00049168 ____A C:\Users\HIIKKO\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-01 10:59 - 2012-08-01 15:33 - 00000000 ____D C:\Users\HIIKKO\AppData\Local\VirtualStore
    2012-08-01 10:59 - 2012-08-01 13:32 - 00000000 ____D C:\users\HIIKKO
    2012-08-01 10:59 - 2012-08-01 11:01 - 00000680 ____A C:\Users\HIIKKO\AppData\Local\d3d9caps.dat
    2012-08-01 10:59 - 2012-08-01 10:59 - 00000020 ___SH C:\Users\HIIKKO\ntuser.ini
    2012-08-01 10:47 - 2012-08-01 10:49 - 00001355 ____A C:\Windows\TSSysprep.log

    ============ 3 Months Modified Files ========================

    2012-08-02 14:32 - 2006-11-02 05:01 - 00007814 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-02 14:32 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-02 14:32 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-02 14:32 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-02 14:31 - 2012-08-02 14:31 - 00134144 ____A C:\Windows\Minidump\Mini080212-01.dmp
    2012-08-02 14:31 - 2012-08-01 18:37 - 104549363 ____A C:\Windows\MEMORY.DMP
    2012-08-02 14:31 - 2012-08-01 12:55 - 00031966 ____A C:\Users\All Users\nvModes.001
    2012-08-01 18:41 - 2008-01-20 17:35 - 01292633 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 18:39 - 2012-08-01 12:55 - 00031966 ____A C:\Users\All Users\nvModes.dat
    2012-08-01 18:38 - 2012-08-01 18:38 - 00138216 ____A C:\Windows\Minidump\Mini080112-01.dmp
    2012-08-01 18:29 - 2012-08-01 18:29 - 00302592 ____A C:\Users\HIIKKO\Desktop\ezjz3247.exe
    2012-08-01 18:13 - 2006-11-02 02:33 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-01 18:12 - 2012-08-01 18:12 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-01 18:04 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
    2012-08-01 18:01 - 2012-08-01 18:01 - 00001829 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-08-01 17:47 - 2012-08-01 17:43 - 89340632 ____A C:\Users\HIIKKO\Desktop\avast_free_antivirus_setup.exe
    2012-08-01 17:44 - 2012-08-01 17:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\HIIKKO\Desktop\mbam-setup-1.62.0.1300.exe
    2012-08-01 17:42 - 2012-08-01 11:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-01 15:25 - 2012-08-01 13:02 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\QSwitch.txt
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\DSwitch.txt
    2012-08-01 15:02 - 2012-08-01 15:02 - 00000000 ____A C:\Users\HIIKKO\AppData\Local\AtStart.txt
    2012-08-01 15:01 - 2012-08-01 11:00 - 00049168 ____A C:\Users\HIIKKO\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-01 15:00 - 2006-11-02 04:47 - 00228176 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-01 14:59 - 2008-01-20 18:47 - 00031800 ____A C:\Windows\PFRO.log
    2012-08-01 14:55 - 2012-08-01 12:54 - 00000916 ____A C:\Windows\setupact.log
    2012-08-01 13:24 - 2012-08-01 13:24 - 00388751 ____A C:\Users\HIIKKO\Downloads\11679_Sixaxis_PS3_Win32_Driver_For_PC.rar
    2012-08-01 12:56 - 2012-08-01 12:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
    2012-08-01 12:55 - 2012-08-01 12:55 - 22617148 ____A C:\Users\HIIKKO\Downloads\vlc-2.0.3-win32.exe
    2012-08-01 12:54 - 2012-08-01 12:54 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-01 12:49 - 2012-08-01 11:02 - 00007680 ____A C:\Users\HIIKKO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-01 12:27 - 2012-08-01 12:25 - 00027430 ____A C:\Users\HIIKKO\AppData\Roaming\nvModes.dat
    2012-08-01 12:27 - 2012-08-01 12:25 - 00027430 ____A C:\Users\HIIKKO\AppData\Roaming\nvModes.001
    2012-08-01 12:02 - 2012-08-01 12:02 - 00000052 ____A C:\Windows\System32\DOErrors.log
    2012-08-01 11:44 - 2012-08-01 11:44 - 00008192 __RAS C:\BOOTSECT.BAK
    2012-08-01 11:44 - 2006-11-02 04:43 - 00041984 ___AH C:\Windows\System32\config\BCD-Template.LOG
    2012-08-01 11:44 - 2006-11-02 04:37 - 00262144 ____A C:\Windows\System32\config\BCD-Template
    2012-08-01 11:23 - 2012-08-01 11:22 - 00010169 ____A C:\Windows\bcmwl.log
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000793 ____A C:\Windows\System32\HCW85HP.log
    2012-08-01 11:21 - 2012-08-01 11:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
    2012-08-01 11:21 - 2012-08-01 11:20 - 00004204 ____A C:\Windows\DPINST.LOG
    2012-08-01 11:14 - 2012-08-01 11:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-01 11:14 - 2012-08-01 11:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-01 11:11 - 2012-08-01 11:13 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-01 11:11 - 2012-08-01 11:13 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-01 11:11 - 2012-08-01 11:13 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-01 11:11 - 2012-08-01 11:12 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-01 11:11 - 2012-08-01 11:12 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-01 11:01 - 2012-08-01 10:59 - 00000680 ____A C:\Users\HIIKKO\AppData\Local\d3d9caps.dat
    2012-08-01 10:59 - 2012-08-01 10:59 - 00000020 ___SH C:\Users\HIIKKO\ntuser.ini
    2012-08-01 10:49 - 2012-08-01 10:47 - 00001355 ____A C:\Windows\TSSysprep.log
    2012-08-01 10:47 - 2006-11-02 04:48 - 00003257 ____A C:\Windows\DtcInstall.log
    2012-07-03 12:46 - 2012-08-01 18:12 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:21 - 2012-08-01 18:05 - 00113776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2012-07-03 08:21 - 2012-08-01 18:04 - 00202928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2012-07-03 08:21 - 2012-08-01 18:04 - 00018544 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-03 08:21 - 2012-08-01 17:54 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-08-01 17:53 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-08-01 17:53 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-03 02:13 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-27 12:33 - 2012-08-01 18:04 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
    2012-05-31 11:25 - 2012-08-01 13:32 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 3006.18 MB
    Available physical RAM: 2602.31 MB
    Total Pagefile: 2784.84 MB
    Available Pagefile: 2636.9 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1974.31 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:137.11 GB) (Free:104.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (Windows BT Vista Full) (CDROM) (Total:4.11 GB) (Free:0 GB) UDF
    4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Disk 1 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 137 GB 32 KB
    Partition 2 Primary 12 GB 137 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 137 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3822 MB 64 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 3822 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-01 18:13

    ======================= End Of Log ==========================
    Next post is search services.exe
     
  4. Hiikko

    Hiikko TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-02 15:38:39
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    === End Of Search ===
    Hmm... Strange. I was expecting more info. Did I do something?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    I don't actually see anything malicious there.

    What is the actual state of your computer?
    What are the current issues?
     
  6. Hiikko

    Hiikko TS Rookie Topic Starter

    My laptop seems fine but, whenever I try running the program Gmer, my laptop just shuts off. I attempted this twice in normal mode. Today I tried running Gmer in safemode. It was scanning as usual and a little longer than yesturday. But no luck trying to get Gmer to run properly. You ask what the current condition is of my laptop is and what issues I have with it. Now that I think about it. There are none at the moment. I'm just trying to be sure I got rid of any renments of infection from my last reformat. So is running Gmer the only way to proceed with the steps. Thats about the only issue I've come across so far. If you don't find anything suspicous then I suppose I'm just paranoid. Still, I don't understand why Gmer can't seem to finish it's scan.

    Anyhow, Thanks for replying. If I do come across any trouble I'll be sure to post. Should I close this thread or leave it for forum masters to handle?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    GMER sometimes has those issues so I wouldn't worry about it.

    Just to make sure we can run couple of checks.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Skip GMER.

    In addition....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...