Win64/Patched.A.Gen

Solved
By darca
Jul 16, 2012
Topic Status:
Not open for further replies.
  1. Hi
    I'm having problem with this kind of threat. It's attacked services.exe in C:\Windows\System32
    I'm running on Win7 Ultimate

    malwarebyte dosen't find anything

    theres GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-16 15:40:51
    Windows 6.1.7601 Service Pack 1
    Running: njwg4zun.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\4
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\6
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\6@ 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\7
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\7@0000000000001800 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\7@000000000000f300 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}\7@0000000600000600 0x00 0x00 0x00 0x00 ...

    ---- EOF - GMER 1.0.15 ----
    here DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Darca at 15:44:38 on 2012-07-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8159.6820 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\ProgramData\DatacardService\DCService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\Last.fm\LastFM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\splwow64.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    uRun: [Steam] "D:\gry\Steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Darca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LASTFM~1.LNK - C:\Program Files (x86)\Last.fm\LastFM.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    LSP: mswsock.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{5CC821B3-7C4C-4A27-A03C-4652ACCC592A} : NameServer = 89.108.195.21 89.108.202.21
    TCP: Interfaces\{98417DC1-FE25-4800-AB1A-7B7D8B946391} : NameServer = 89.108.195.21 89.108.202.21
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Darca\AppData\Roaming\Mozilla\Firefox\Profiles\jbcktsh5.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Darca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-8 229376]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-10 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-10 250056]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-10 113120]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-16 12:30:53--------d-----w-C:\Users\Darca\AppData\Roaming\Malwarebytes
    2012-07-16 12:30:39--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-16 12:30:3824904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-16 12:30:38--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-15 19:06:42--------d-sh--w-C:\$RECYCLE.BIN
    2012-07-15 13:09:26--------d-----w-C:\Users\Darca\AppData\Local\ESET
    2012-07-14 17:45:07--------d-----w-C:\Users\Darca\AppData\Local\Adobe
    2012-07-13 17:02:30--------d-----w-C:\Users\Darca\AppData\Local\ElevatedDiagnostics
    2012-07-13 17:00:56178800----a-w-C:\Windows\SysWow64\CmdLineExt_x64.dll
    2012-07-13 16:57:175632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-07-13 16:53:36749568----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-07-13 16:53:3669715----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-07-13 16:53:3632768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-07-13 16:53:36323716----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-07-13 16:53:36274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-07-13 16:53:36192644----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-07-13 16:53:36180224----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-07-13 15:20:41--------d-----w-C:\Users\Darca\AppData\Roaming\Beat Hazard
    2012-07-13 06:49:2383456----a-w-C:\Windows\System32\drivers\ew_jubusenum.sys
    2012-07-13 06:49:2378848----a-w-C:\Windows\System32\drivers\ew_jucdcacm.sys
    2012-07-13 06:49:2354784----a-w-C:\Windows\System32\drivers\ew_jucdcecm.sys
    2012-07-13 06:49:2329696----a-w-C:\Windows\System32\drivers\ew_juextctrl.sys
    2012-07-13 06:49:23195584----a-w-C:\Windows\System32\drivers\ew_juwwanecm.sys
    2012-07-13 06:49:1932768----a-w-C:\Windows\System32\drivers\ewdcsc.sys
    2012-07-13 06:49:19252928----a-w-C:\Windows\System32\drivers\ewusbnet.sys
    2012-07-13 06:49:1913952----a-w-C:\Windows\System32\drivers\ew_usbenumfilter.sys
    2012-07-13 06:49:19120704----a-w-C:\Windows\System32\drivers\ewusbmdm.sys
    2012-07-13 06:49:13114560----a-w-C:\Windows\System32\drivers\ew_hwusbdev.sys
    2012-07-13 06:18:42--------d-----w-C:\Users\Darca\AppData\Roaming\LolClient
    2012-07-12 13:59:16--------d-----w-C:\Users\Darca\AppData\Local\id Software
    2012-07-12 13:52:51--------d-sh--w-C:\Windows\ftpcache
    2012-07-11 15:28:18--------d-----w-C:\ProgramData\Last.fm
    2012-07-11 02:40:22--------d-----w-C:\Users\Darca\AppData\Roaming\NapiProjekt
    2012-07-11 02:40:20--------d-----w-C:\Program Files (x86)\NapiProjekt
    2012-07-10 19:03:03--------d-----w-C:\Users\Darca\AppData\Local\FalloutNV
    2012-07-10 03:39:08--------d-----w-C:\Program Files (x86)\Damian Pasternak
    2012-07-10 01:40:35519000----a-w-C:\Windows\System32\d3dx10_40.dll
    2012-07-10 01:40:35452440----a-w-C:\Windows\SysWow64\d3dx10_40.dll
    2012-07-10 01:40:352605920----a-w-C:\Windows\System32\D3DCompiler_40.dll
    2012-07-10 01:40:352036576----a-w-C:\Windows\SysWow64\D3DCompiler_40.dll
    2012-07-10 01:40:345631312----a-w-C:\Windows\System32\D3DX9_40.dll
    2012-07-10 01:40:344379984----a-w-C:\Windows\SysWow64\D3DX9_40.dll
    2012-07-10 01:11:47197912----a-w-C:\Windows\SysWow64\physxcudart_20.dll
    2012-07-10 01:11:42197912----a-w-C:\Windows\System32\physxcudart_20.dll
    2012-07-10 01:10:35--------d-----w-C:\Users\Darca\AppData\Roaming\NVIDIA
    2012-07-10 00:51:05283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-07-10 00:51:03--------d-----w-C:\Users\Darca\AppData\Roaming\DAEMON Tools Lite
    2012-07-10 00:51:02--------d-----w-C:\Program Files (x86)\DAEMON Tools Lite
    2012-07-10 00:50:29--------d-----w-C:\ProgramData\DAEMON Tools Lite
    2012-07-09 23:53:44--------d-----w-C:\Users\Darca\AppData\Roaming\uTorrent
    2012-07-09 23:46:32466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-07-09 23:46:32444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-07-09 23:46:32122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-07-09 23:46:32109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-07-09 23:46:32--------d-----w-C:\Program Files (x86)\OpenAL
    2012-07-09 23:45:04--------d-----w-C:\Program Files (x86)\Common Files\Steam
    2012-07-09 23:42:00--------d-----w-C:\Program Files\ESET
    2012-07-09 23:30:595554512----a-w-C:\Windows\System32\d3dcsx_42.dll
    2012-07-09 23:23:28--------d-----w-C:\Windows\SysWow64\directx
    2012-07-09 23:22:49--------d-----w-C:\Users\Darca\AppData\Local\Macromedia
    2012-07-09 23:14:072414360----a-w-C:\Windows\SysWow64\d3dx9_31.dll
    2012-07-09 23:14:071892184----a-w-C:\Windows\SysWow64\D3DX9_42.dll
    2012-07-09 23:13:37--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-07-09 23:10:4792160----a-w-C:\Windows\System32\ff_vfw.dll
    2012-07-09 23:10:47206336----a-w-C:\Windows\System32\unrar.dll
    2012-07-09 23:10:46--------d-----w-C:\Program Files\K-Lite Codec Pack x64
    2012-07-09 23:09:45650752----a-w-C:\Windows\SysWow64\xvidcore.dll
    2012-07-09 23:09:45243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
    2012-07-09 23:09:45178688----a-w-C:\Windows\SysWow64\unrar.dll
    2012-07-09 23:09:45151552----a-w-C:\Windows\SysWow64\ac3acm.acm
    2012-07-09 23:09:4479872----a-w-C:\Windows\SysWow64\ff_vfw.dll
    2012-07-09 23:09:43--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
    2012-07-09 23:05:51889664----a-w-C:\Windows\System32\nvvsvc.exe
    2012-07-09 23:05:5163296----a-w-C:\Windows\System32\nvshext.dll
    2012-07-09 23:05:516151488----a-w-C:\Windows\System32\nvcpl.dll
    2012-07-09 23:05:513149632----a-w-C:\Windows\System32\nvsvc64.dll
    2012-07-09 23:05:512621723----a-w-C:\Windows\System32\nvcoproc.bin
    2012-07-09 23:05:512561856----a-w-C:\Windows\System32\nvsvcr.dll
    2012-07-09 23:05:51118080----a-w-C:\Windows\System32\nvmctray.dll
    2012-07-09 23:03:33--------d-----w-C:\Users\Darca\AppData\Roaming\foobar2000
    2012-07-09 23:03:21--------d-----w-C:\NVIDIA
    2012-07-09 22:59:14--------d-----w-C:\Program Files (x86)\foobar2000
    2012-07-09 22:47:50--------d-----w-C:\Program Files\Defraggler
    2012-07-09 22:47:19--------d-----w-C:\Program Files (x86)\VS Revo Group
    2012-07-09 22:44:33--------d-----w-C:\Program Files\CCleaner
    2012-07-09 22:43:4470344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-09 22:43:44426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-09 22:41:32--------d-----w-C:\Program Files (x86)\Oracle
    2012-07-09 22:41:11772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-09 22:41:11687504----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-07-09 22:40:39--------d-sh--w-C:\Windows\Installer
    2012-07-09 22:29:29--------d-----w-C:\Program Files (x86)\Audacity
    2012-07-09 22:22:56--------d-----w-C:\ProgramData\NVIDIA Corporation
    2012-07-09 22:22:55--------d-----w-C:\Program Files\NVIDIA Corporation
    2012-07-09 22:22:55--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
    2012-07-09 22:21:528199504----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-07-09 22:21:489013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B00918FB-8FB1-4730-A484-67C185B86594}\mpengine.dll
    2012-07-09 22:18:53--------d-----w-C:\Users\Darca\AppData\Local\Last.fm
    2012-07-09 22:18:52--------d-----w-C:\Program Files (x86)\Last.fm
    2012-07-09 22:14:50861696----a-w-C:\Windows\System32\oleaut32.dll
    2012-07-09 22:14:50571904----a-w-C:\Windows\SysWow64\oleaut32.dll
    2012-07-09 22:14:50331776----a-w-C:\Windows\System32\oleacc.dll
    2012-07-09 22:14:50233472----a-w-C:\Windows\SysWow64\oleacc.dll
    2012-07-09 22:14:43976896----a-w-C:\Windows\System32\inetcomm.dll
    2012-07-09 22:14:43741376----a-w-C:\Windows\SysWow64\inetcomm.dll
    2012-07-09 22:14:32690688----a-w-C:\Windows\SysWow64\msvcrt.dll
    2012-07-09 22:14:32634880----a-w-C:\Windows\System32\msvcrt.dll
    2012-07-09 22:13:40936960----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-09 22:13:401732096----a-w-C:\Program Files\Windows Journal\NBDoc.DLL
    2012-07-09 22:13:401402880----a-w-C:\Program Files\Windows Journal\JNWDRV.dll
    2012-07-09 22:13:401393664----a-w-C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-07-09 22:13:401367552----a-w-C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-09 22:13:372048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-07-09 22:13:372048----a-w-C:\Windows\System32\tzres.dll
    2012-07-09 22:13:011918320----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-07-09 22:12:47723456----a-w-C:\Windows\System32\EncDec.dll
    2012-07-09 22:12:47534528----a-w-C:\Windows\SysWow64\EncDec.dll
    2012-07-09 22:12:471731920----a-w-C:\Windows\System32\ntdll.dll
    2012-07-09 22:12:471292080----a-w-C:\Windows\SysWow64\ntdll.dll
    2012-07-09 22:10:2277312----a-w-C:\Windows\System32\packager.dll
    2012-07-09 22:10:2267072----a-w-C:\Windows\SysWow64\packager.dll
    2012-07-09 22:03:39--------d-----w-C:\Users\Darca\AppData\Local\Google
    2012-07-09 22:03:12--------d-----w-C:\Users\Darca\AppData\Local\Apps
    2012-07-09 22:03:11--------d-----w-C:\Users\Darca\AppData\Local\Deployment
    2012-07-09 22:02:482622464----a-w-C:\Windows\System32\wucltux.dll
    2012-07-09 22:02:3999840----a-w-C:\Windows\System32\wudriver.dll
    2012-07-09 22:02:2936864----a-w-C:\Windows\System32\wuapp.exe
    2012-07-09 22:02:29186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-07-09 21:56:021721576----a-w-C:\Windows\System32\WdfCoInstaller01009.dll
    2012-07-09 21:56:021721576----a-w-C:\Windows\System32\drivers\WdfCoInstaller01009.dll
    2012-07-09 21:55:49--------d-----w-C:\Program Files (x86)\PLAY ONLINE
    2012-07-09 21:54:55--------d-----w-C:\ProgramData\DatacardService
    2012-07-09 11:44:30--------d-----w-C:\Windows\Panther
    2012-07-09 11:44:16--------d-----w-C:\Boot
    .
    ==================== Find3M ====================
    .
    2012-05-31 10:25:12279656------w-C:\Windows\System32\MpSigStub.exe
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 00:21:50423744----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2012-04-18 17:08:0831040----a-w-C:\Windows\System32\nvhdap64.dll
    2012-04-18 17:08:03188736----a-w-C:\Windows\System32\drivers\nvhda64v.sys
    2012-04-18 17:08:021451840----a-w-C:\Windows\System32\nvhdagenco6420103.dll
    .
    ============= FINISH: 15:44:47,64 ===============
    Please help ASAP
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  3. darca

    darca Newcomer, in training Topic Starter Posts: 37

    ok downloaded x64 version, rebootet with system recovery and when I try to open this frst64.exe I'm getting error masage that says "this software is uncompatibile with your operating system..."
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    My apologies that happened. The log said you had an AMD64 processer.

    That's okay though. Go ahead and try the 32-bit version, and do the instructions as here (since different from x64 instructions):

    Download Farbar Recovery Scan Tool 32-bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  5. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Now I'm confused. I'm fully positive that I have i7-2700k
  6. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Ok I don't know how, but I managed to run fabar x64 here's log

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 01
    Ran by SYSTEM at 17-07-2012 15:14:11
    Running from G:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKU\Darca\...\Run: [Steam] "D:\gry\Steam\Steam.exe" -silent [x]
    Tcpip\..\Interfaces\{5CC821B3-7C4C-4A27-A03C-4652ACCC592A}: [NameServer]89.108.195.21 89.108.202.21
    Tcpip\..\Interfaces\{98417DC1-FE25-4800-AB1A-7B7D8B946391}: [NameServer]89.108.195.21 89.108.202.21

    ==================== Services (Whitelisted) ======

    2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)

    ========================== Drivers (Whitelisted) =============

    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-09] (DT Soft Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-13] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-13] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-13] (ESET)
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
    3 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
    3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [83456 2010-05-22] (Huawei Technologies Co., Ltd.)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-16 10:42 - 2012-07-17 05:06 - 00000840 ____A C:\Windows\setupact.log
    2012-07-16 10:42 - 2012-07-16 10:42 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-16 09:34 - 2012-07-16 11:52 - 00000000 ____D C:\Users\Darca\Desktop\vir
    2012-07-16 05:46 - 2012-07-17 05:07 - 00000000 ____D C:\FRST
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Malwarebytes
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-16 04:30 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-15 06:08 - 2012-07-15 06:08 - 00023056 ____A C:\ComboFix.txt
    2012-07-15 06:01 - 2012-07-15 06:10 - 00000000 ____D C:\Qoobox
    2012-07-15 06:00 - 2012-07-15 06:10 - 00000000 ____D C:\Windows\erdnt
    2012-07-15 05:09 - 2012-07-15 05:09 - 00000000 ____D C:\Users\Darca\AppData\Local\ESET
    2012-07-14 09:59 - 2012-07-14 10:00 - 00000000 ____D C:\Users\Darca\Downloads\Botanicula
    2012-07-14 09:45 - 2012-07-14 09:45 - 00000000 ____D C:\Users\Darca\AppData\Local\Adobe
    2012-07-13 09:00 - 2012-07-13 09:00 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-07-13 09:00 - 2012-07-13 09:00 - 00000000 __RHD C:\Users\Darca\AppData\Roaming\SecuROM
    2012-07-13 07:20 - 2012-07-13 07:20 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Beat Hazard
    2012-07-12 22:49 - 2010-05-22 04:50 - 00195584 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00083456 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00078848 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00054784 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00029696 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
    2012-07-12 22:49 - 2010-04-30 06:53 - 00252928 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
    2012-07-12 22:49 - 2010-03-25 00:08 - 00120704 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
    2012-07-12 22:49 - 2010-03-20 02:06 - 00013952 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
    2012-07-12 22:49 - 2010-03-20 01:56 - 00114560 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
    2012-07-12 22:49 - 2010-01-18 08:48 - 00032768 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
    2012-07-12 22:18 - 2012-07-12 22:18 - 00000000 ____D C:\Users\Darca\AppData\Roaming\LolClient
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000635 ____A C:\Users\Darca\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\Documents\id Software
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\AppData\Local\id Software
    2012-07-12 05:58 - 2012-07-12 05:58 - 00000300 ____A C:\Windows\game.ini
    2012-07-12 05:57 - 2012-07-16 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-07-12 05:52 - 2012-07-12 05:52 - 00000000 __SHD C:\Windows\ftpcache
    2012-07-11 12:04 - 2012-07-11 12:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-07-11 07:28 - 2012-07-11 07:28 - 00000000 ____D C:\Users\All Users\Last.fm
    2012-07-10 18:40 - 2012-07-10 18:41 - 00000000 ____D C:\Users\Darca\AppData\Roaming\NapiProjekt
    2012-07-10 18:40 - 2012-07-10 18:40 - 00000000 ____D C:\Program Files (x86)\NapiProjekt
    2012-07-10 11:04 - 2012-07-10 11:04 - 00001045 ____A C:\Users\Darca\Desktop\FalloutNV.lnk
    2012-07-10 11:03 - 2012-07-10 11:03 - 00000000 ____D C:\Users\Darca\AppData\Local\FalloutNV
    2012-07-09 19:51 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Media Player Classic
    2012-07-09 19:43 - 2012-07-16 10:37 - 00000000 ____D C:\Windows\Minidump
    2012-07-09 19:39 - 2012-07-09 19:39 - 00000000 ____D C:\Program Files (x86)\Damian Pasternak
    2012-07-09 17:40 - 2008-10-14 20:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2012-07-09 17:11 - 2009-09-28 00:46 - 00197912 ____A C:\Windows\SysWOW64\physxcudart_20.dll
    2012-07-09 17:11 - 2009-09-28 00:46 - 00197912 ____A C:\Windows\System32\physxcudart_20.dll
    2012-07-09 17:10 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\AppData\Roaming\NVIDIA
    2012-07-09 17:10 - 2012-07-09 17:10 - 00001271 ____A C:\Users\Darca\Desktop\Borderlands.lnk
    2012-07-09 16:51 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\DAEMON Tools Lite
    2012-07-09 16:51 - 2012-07-09 16:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-09 16:51 - 2012-07-09 16:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2012-07-09 16:50 - 2012-07-12 17:14 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-07-09 16:25 - 2012-07-09 16:25 - 00000205 ____A C:\Users\Darca\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
    2012-07-09 15:53 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\uTorrent
    2012-07-09 15:47 - 2012-07-09 15:47 - 00000637 ____A C:\Users\Darca\Desktop\BeatHazard.lnk
    2012-07-09 15:46 - 2012-07-09 15:46 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-07-09 15:45 - 2012-07-16 10:38 - 00000000 ____D C:\Users\Darca\Desktop\gry
    2012-07-09 15:42 - 2012-07-09 15:42 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-09 15:42 - 2012-07-09 15:42 - 00000000 ____D C:\Program Files\ESET
    2012-07-09 15:32 - 2012-07-16 09:18 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-09 15:31 - 2010-06-01 18:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2012-07-09 15:31 - 2009-09-04 07:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2012-07-09 15:31 - 2009-09-04 07:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2012-07-09 15:30 - 2008-07-31 00:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2012-07-09 15:30 - 2008-07-31 00:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2012-07-09 15:30 - 2008-07-10 01:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2012-07-09 15:30 - 2008-05-30 04:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2012-07-09 15:30 - 2008-05-30 04:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2012-07-09 15:30 - 2008-05-30 04:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2012-07-09 15:30 - 2008-05-30 04:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2012-07-09 15:30 - 2008-05-30 04:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2012-07-09 15:30 - 2008-03-05 06:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2012-07-09 15:30 - 2008-03-05 06:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2012-07-09 15:30 - 2008-03-05 06:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2012-07-09 15:30 - 2008-02-05 13:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2012-07-09 15:30 - 2008-02-05 13:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2012-07-09 15:30 - 2007-10-21 17:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2012-07-09 15:30 - 2007-10-21 17:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2012-07-09 15:30 - 2007-10-21 17:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2012-07-09 15:30 - 2007-10-21 17:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2012-07-09 15:30 - 2007-10-01 23:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2012-07-09 15:30 - 2007-10-01 23:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2012-07-09 15:30 - 2007-07-19 14:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2012-07-09 15:30 - 2007-07-19 14:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2012-07-09 15:30 - 2007-06-20 10:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2012-07-09 15:30 - 2007-06-20 10:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2012-07-09 15:30 - 2007-04-04 08:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2012-07-09 15:30 - 2007-04-04 08:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2012-07-09 15:30 - 2007-04-04 08:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2012-07-09 15:30 - 2007-04-04 08:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2012-07-09 15:30 - 2007-03-15 06:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2012-07-09 15:30 - 2007-03-15 06:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2012-07-09 15:30 - 2007-03-05 02:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2012-07-09 15:30 - 2007-03-05 02:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2012-07-09 15:30 - 2007-01-24 05:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2012-07-09 15:30 - 2007-01-24 05:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2012-07-09 15:30 - 2006-12-08 02:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2012-07-09 15:30 - 2006-12-08 02:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2012-07-09 15:30 - 2006-09-28 06:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2012-07-09 15:30 - 2006-09-28 06:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2012-07-09 15:30 - 2006-09-28 06:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2012-07-09 15:30 - 2006-07-27 23:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2012-07-09 15:30 - 2006-05-30 21:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2012-07-09 15:30 - 2006-05-30 21:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2012-07-09 15:30 - 2006-03-31 02:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2012-07-09 15:30 - 2006-03-31 02:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2012-07-09 15:30 - 2006-03-31 02:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2012-07-09 15:30 - 2006-02-02 22:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2012-07-09 15:30 - 2006-02-02 22:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2012-07-09 15:30 - 2006-02-02 22:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2012-07-09 15:30 - 2006-02-02 22:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2012-07-09 15:30 - 2006-02-02 22:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2012-07-09 15:30 - 2006-02-02 22:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2012-07-09 15:30 - 2005-12-05 08:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2012-07-09 15:30 - 2005-12-05 08:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2012-07-09 15:30 - 2005-07-22 09:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2012-07-09 15:30 - 2005-07-22 09:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2012-07-09 15:30 - 2005-05-26 05:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2012-07-09 15:30 - 2005-05-26 05:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2012-07-09 15:30 - 2005-03-18 07:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2012-07-09 15:30 - 2005-03-18 07:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2012-07-09 15:30 - 2005-02-05 09:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2012-07-09 15:30 - 2005-02-05 09:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2012-07-09 15:23 - 2012-07-09 15:31 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-07-09 15:22 - 2012-07-09 15:22 - 00000000 ____D C:\Users\Darca\AppData\Local\Macromedia
    2012-07-09 15:21 - 2012-07-09 19:58 - 01637934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-09 15:14 - 2009-09-04 07:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2012-07-09 15:14 - 2006-09-28 06:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2012-07-09 15:13 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Winamp
    2012-07-09 15:13 - 2012-07-09 15:18 - 00000000 ____D C:\Program Files (x86)\Winamp
    2012-07-09 15:12 - 2012-07-09 15:12 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-07-09 15:11 - 2012-07-14 13:18 - 00000000 ____D C:\Users\All Users\Adobe
    2012-07-09 15:10 - 2012-07-09 15:10 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
    2012-07-09 15:10 - 2012-06-25 10:00 - 00092160 ____A C:\Windows\System32\ff_vfw.dll
    2012-07-09 15:10 - 2012-06-09 09:21 - 00206336 ____A C:\Windows\System32\unrar.dll
    2012-07-09 15:09 - 2012-07-09 15:09 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2012-07-09 15:09 - 2012-06-25 10:00 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-07-09 15:09 - 2012-06-09 09:21 - 00178688 ____A C:\Windows\SysWOW64\unrar.dll
    2012-07-09 15:09 - 2011-12-21 09:14 - 00151552 ____A (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
    2012-07-09 15:09 - 2011-06-24 06:44 - 00243200 ____A C:\Windows\SysWOW64\xvidvfw.dll
    2012-07-09 15:09 - 2011-06-24 06:28 - 00650752 ____A C:\Windows\SysWOW64\xvidcore.dll
    2012-07-09 15:08 - 2012-07-09 15:08 - 00000000 ____D C:\Program Files\7-Zip
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Ustawienia lokalne
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Szablony
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Moje dokumenty
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Menu Start
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moje wideo
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moje obrazy
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moja muzyka
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Dane aplikacji
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Historia
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Dane aplikacji
    2012-07-09 15:05 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-07-09 15:05 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-07-09 15:05 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-07-09 15:05 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-09 15:04 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-07-09 15:04 - 2012-04-18 09:08 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-07-09 15:04 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-07-09 15:04 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-07-09 15:03 - 2012-07-17 05:12 - 00000000 ____D C:\Users\Darca\AppData\Roaming\foobar2000
    2012-07-09 15:03 - 2012-07-09 15:03 - 00000000 ____D C:\NVIDIA
    2012-07-09 14:59 - 2012-07-09 14:59 - 00000000 ____D C:\Program Files (x86)\foobar2000
    2012-07-09 14:52 - 2012-07-09 14:52 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\Darca\AppData\Local\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-07-09 14:47 - 2012-07-09 14:47 - 00001268 ____A C:\Users\Darca\Desktop\Revo Uninstaller.lnk
    2012-07-09 14:47 - 2012-07-09 14:47 - 00000000 ____D C:\Program Files\Defraggler
    2012-07-09 14:47 - 2012-07-09 14:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2012-07-09 14:45 - 2012-07-09 14:45 - 00338253 __RSH C:\RKLHD
    2012-07-09 14:44 - 2012-07-09 14:44 - 00000000 ____D C:\Program Files\CCleaner
    2012-07-09 14:43 - 2012-07-11 20:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-09 14:43 - 2012-07-11 20:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000646 ____A C:\Users\Darca\Desktop\pobrane.lnk
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-09 14:42 - 2012-07-17 04:45 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-07-09 14:42 - 2012-07-09 14:42 - 00000000 ____D C:\Users\All Users\Sun
    2012-07-09 14:41 - 2012-07-09 14:41 - 00000000 ____D C:\Windows\Sun
    2012-07-09 14:41 - 2012-07-09 14:41 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-07-09 14:41 - 2012-07-09 14:40 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-09 14:41 - 2012-07-09 14:40 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-09 14:41 - 2012-05-04 09:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-09 14:41 - 2012-05-04 09:29 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-09 14:41 - 2012-05-04 09:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-09 14:40 - 2012-07-09 14:40 - 00000000 ____D C:\Program Files (x86)\Java
    2012-07-09 14:29 - 2012-07-14 09:43 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Audacity
    2012-07-09 14:29 - 2012-07-09 14:31 - 00000000 ____D C:\Program Files (x86)\Audacity
    2012-07-09 14:23 - 2012-06-03 13:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-09 14:22 - 2012-07-09 15:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-07-09 14:22 - 2012-07-09 15:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-07-09 14:22 - 2012-07-09 14:22 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-07-09 14:20 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-09 14:20 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-09 14:20 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-09 14:20 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-09 14:20 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-09 14:20 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-09 14:20 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-09 14:20 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-09 14:20 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-09 14:20 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-09 14:20 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-09 14:20 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-09 14:20 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-09 14:20 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-09 14:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-09 14:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-09 14:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-09 14:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-09 14:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-09 14:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-09 14:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-09 14:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-09 14:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-09 14:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-09 14:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-09 14:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-09 14:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-09 14:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-09 14:18 - 2012-07-15 11:03 - 00000000 ____D C:\Users\Darca\AppData\Local\Last.fm
    2012-07-09 14:18 - 2012-07-09 14:18 - 00000000 ____D C:\Program Files (x86)\Last.fm
    2012-07-09 14:14 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-07-09 14:14 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2012-07-09 14:14 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2012-07-09 14:14 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2012-07-09 14:14 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2012-07-09 14:14 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2012-07-09 14:14 - 2011-05-02 21:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2012-07-09 14:14 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2012-07-09 14:13 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-07-09 14:13 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-07-09 14:13 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-07-09 14:12 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2012-07-09 14:12 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2012-07-09 14:12 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2012-07-09 14:12 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2012-07-09 14:10 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2012-07-09 14:10 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2012-07-09 14:06 - 2012-07-14 09:45 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Adobe
    2012-07-09 14:06 - 2012-07-09 14:06 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Macromedia
    2012-07-09 14:03 - 2012-07-17 04:45 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000UA.job
    2012-07-09 14:03 - 2012-07-17 04:45 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000Core.job
    2012-07-09 14:03 - 2012-07-09 14:04 - 00000000 ____D C:\Users\Darca\AppData\Local\Google
    2012-07-09 14:03 - 2012-07-09 14:03 - 00000000 ____D C:\Users\Darca\AppData\Local\Deployment
    2012-07-09 14:03 - 2012-07-09 14:03 - 00000000 ____D C:\Users\Darca\AppData\Local\Apps\2.0
    2012-07-09 14:02 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-09 14:02 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-07-09 14:02 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-09 14:02 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-07-09 14:02 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-09 14:02 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-07-09 13:56 - 2012-07-09 13:56 - 00057560 ____A C:\Users\Darca\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-09 13:56 - 2012-07-09 13:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
    2012-07-09 13:56 - 2009-07-14 04:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-07-09 13:56 - 2009-07-14 04:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01009.dll
    2012-07-09 13:55 - 2012-07-16 14:08 - 00000000 ____D C:\Program Files (x86)\PLAY ONLINE
    2012-07-09 13:55 - 2012-07-16 05:36 - 00000000 ____D C:\Users\Darca\Desktop\prog
    2012-07-09 13:54 - 2012-07-12 22:49 - 00000000 ____D C:\Users\All Users\DatacardService
    2012-07-09 13:54 - 2012-07-09 13:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-07-09 03:44 - 2012-07-09 14:46 - 00000000 ____D C:\Windows\Panther
    2012-07-09 03:44 - 2012-07-09 03:44 - 00008192 _RASH C:\BOOTSECT.BAK
    2012-07-09 03:44 - 2010-11-20 19:23 - 00383786 _RASH C:\bootmgr
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Oddworld
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\My Games
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Fax
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\BotaniculaSaves
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Battlefield 2
    2012-07-09 02:54 - 2011-03-16 09:20 - 00000055 ____A C:\Users\Darca\Documents\equalizer.feq
    2012-07-09 02:51 - 2012-07-17 05:12 - 01776175 ____A C:\Windows\WindowsUpdate.log
    2012-07-09 02:50 - 2012-07-16 04:10 - 00000000 ____D C:\users\Darca
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000020 ___SH C:\Users\Darca\ntuser.ini
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Ustawienia lokalne
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Moje dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Ustawienia lokalne
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Moje dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Ulubione
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Pulpit
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 ____D C:\Users\Darca\AppData\Local\VirtualStore
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 ____D C:\Recovery
  7. darca

    darca Newcomer, in training Topic Starter Posts: 37

    ============ 3 Months Modified Files ========================

    2012-07-17 05:12 - 2012-07-09 02:51 - 01776175 ____A C:\Windows\WindowsUpdate.log
    2012-07-17 05:06 - 2012-07-16 10:42 - 00000840 ____A C:\Windows\setupact.log
    2012-07-17 04:54 - 2009-07-13 20:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 04:54 - 2009-07-13 20:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-17 04:45 - 2012-07-09 14:03 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000UA.job
    2012-07-17 04:45 - 2012-07-09 14:03 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000Core.job
    2012-07-17 04:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-16 10:42 - 2012-07-16 10:42 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-16 09:18 - 2012-07-09 15:32 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-15 06:08 - 2012-07-15 06:08 - 00023056 ____A C:\ComboFix.txt
    2012-07-15 06:06 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-07-15 04:34 - 2011-02-04 09:55 - 00725544 ____A C:\Windows\System32\perfh015.dat
    2012-07-15 04:34 - 2011-02-04 09:55 - 00150428 ____A C:\Windows\System32\perfc015.dat
    2012-07-15 04:34 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-13 09:00 - 2012-07-13 09:00 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000635 ____A C:\Users\Darca\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
    2012-07-12 05:58 - 2012-07-12 05:58 - 00000300 ____A C:\Windows\game.ini
    2012-07-11 20:48 - 2012-07-09 14:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 20:48 - 2012-07-09 14:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 12:04 - 2012-07-11 12:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-07-10 11:04 - 2012-07-10 11:04 - 00001045 ____A C:\Users\Darca\Desktop\FalloutNV.lnk
    2012-07-09 19:58 - 2012-07-09 15:21 - 01637934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-09 17:10 - 2012-07-09 17:10 - 00001271 ____A C:\Users\Darca\Desktop\Borderlands.lnk
    2012-07-09 16:51 - 2012-07-09 16:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-09 16:25 - 2012-07-09 16:25 - 00000205 ____A C:\Users\Darca\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
    2012-07-09 15:47 - 2012-07-09 15:47 - 00000637 ____A C:\Users\Darca\Desktop\BeatHazard.lnk
    2012-07-09 15:46 - 2012-07-09 15:46 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-09 14:52 - 2012-07-09 14:52 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-09 14:47 - 2012-07-09 14:47 - 00001268 ____A C:\Users\Darca\Desktop\Revo Uninstaller.lnk
    2012-07-09 14:45 - 2012-07-09 14:45 - 00338253 __RSH C:\RKLHD
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000646 ____A C:\Users\Darca\Desktop\pobrane.lnk
    2012-07-09 14:40 - 2012-07-09 14:41 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-09 14:40 - 2012-07-09 14:41 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-09 13:56 - 2012-07-09 13:56 - 00057560 ____A C:\Users\Darca\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-09 13:56 - 2012-07-09 13:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
    2012-07-09 13:54 - 2012-07-09 13:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-07-09 03:44 - 2012-07-09 03:44 - 00008192 _RASH C:\BOOTSECT.BAK
    2012-07-09 03:44 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2012-07-09 03:44 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000020 ___SH C:\Users\Darca\ntuser.ini
    2012-07-09 02:45 - 2009-07-13 20:45 - 00274840 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-03 03:46 - 2012-07-16 04:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 10:00 - 2012-07-09 15:10 - 00092160 ____A C:\Windows\System32\ff_vfw.dll
    2012-06-25 10:00 - 2012-07-09 15:09 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-06-09 09:21 - 2012-07-09 15:10 - 00206336 ____A C:\Windows\System32\unrar.dll
    2012-06-09 09:21 - 2012-07-09 15:09 - 00178688 ____A C:\Windows\SysWOW64\unrar.dll
    2012-06-03 13:28 - 2012-07-09 14:23 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-07-09 14:02 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-09 14:02 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-07-09 14:02 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-07-09 14:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 05:19 - 2012-07-09 14:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 05:15 - 2012-07-09 14:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 02:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-17 18:47 - 2012-07-09 14:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-07-09 14:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-07-09 14:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-07-09 14:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-07-09 14:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-07-09 14:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-07-09 14:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-07-09 14:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-07-09 14:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-07-09 14:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-07-09 14:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-07-09 14:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-07-09 14:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-07-09 14:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-07-09 14:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-07-09 14:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-07-09 14:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-07-09 14:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-07-09 14:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-07-09 14:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-07-09 14:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-07-09 14:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-07-09 14:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-07-09 14:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-07-09 14:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-07-09 14:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-07-09 14:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-07-09 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-07-09 15:04 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2012-02-09 12:43 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2012-07-09 15:05 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-07-09 15:05 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2012-07-09 15:05 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 16:21 - 2012-05-14 16:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-04 09:29 - 2012-07-09 14:41 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-04 09:29 - 2012-07-09 14:41 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 09:29 - 2012-07-09 14:41 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe


    ZeroAccess:
    C:\Windows\Installer\{7a735b62-3a29-38df-7b9c-a99796270e14}
    C:\Windows\Installer\{7a735b62-3a29-38df-7b9c-a99796270e14}\L
    C:\Windows\Installer\{7a735b62-3a29-38df-7b9c-a99796270e14}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8159.14 MB
    Available physical RAM: 7395.46 MB
    Total Pagefile: 8157.34 MB
    Available Pagefile: 7385.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:200.2 GB) (Free:169.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:1400 GB) (Free:1335.61 GB) NTFS
    3 Drive e: () (Fixed) (Total:230 GB) (Free:141.12 GB) NTFS
    5 Drive g: (PENDRAJW) (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 32 GB
    Disk 1 Online 1900 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 GB 1024 KB
    Partition 2 Primary 1400 GB 200 GB
    Partition 3 Primary 230 GB 1600 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 200 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D NTFS Partition 1400 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 230 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1899 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G PENDRAJW FAT32 Removable 1899 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-10 13:10

    ======================= End Of Log ==========================
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cool!

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  9. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Farbar Recovery Scan Tool Version: 16-07-2012 01
    Ran by SYSTEM at 2012-07-18 16:26:29
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======

    and I have a question, it's possible that this virus may cause system instability?
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Very much so! Instability is usually always a sign of malware or memory leaks.

    Many of the signs of malware commonly include:

    -System instability
    -Security alerts
    -Random error messages

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  11. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Ok runned Sys Rec Opt, and applied fix in frst64, but... and here I'm not sure if it happend before or after fix, I think short time before, win explorer is constantly suspend, every time I want enter to folder.

    Most important is that the antivirus is no longer showing messages that pc is infected!!

    here's log

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
    Ran by SYSTEM at 2012-07-19 09:54:15 Run:1
    Running from I:\

    ==============================================

    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\Installer\{7a735b62-3a29-38df-7b9c-a99796270e14} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====


    O end every time when computer is shut down for longer time, it's need to several failed boot to run normaly. And when it's coming to run normaly monitor is going to sleep mode before right after "loading screen" and turn back on when "welcome screen" is loading. It's caused virus or some soft/hardwere issue?

    P.S.
    Sorry for My english :)
     
  12. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Ok, glitch with monitor stops, but using explorer or programs that requires it to run or functioning properly is nightmare :'( . Every action is preceded by few seconds freezes.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Cease normal use of the computer for now.

    Please re-run FRST and post a new log (as instructed above).
  14. darca

    darca Newcomer, in training Topic Starter Posts: 37

    OK but those freeze's will stop due normal using of computer?

    LOG:

    Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
    Ran by SYSTEM at 20-07-2012 17:49:53
    Running from G:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKU\Darca\...\Run: [Steam] "D:\gry\Steam\Steam.exe" -silent [x]
    Tcpip\..\Interfaces\{5CC821B3-7C4C-4A27-A03C-4652ACCC592A}: [NameServer]89.108.195.21 89.108.202.21
    Tcpip\..\Interfaces\{98417DC1-FE25-4800-AB1A-7B7D8B946391}: [NameServer]89.108.195.21 89.108.202.21

    ==================== Services (Whitelisted) ======

    2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    3 WdiSystemHost; %?ystemRoot%\system32\wdi.dll [x]

    ========================== Drivers (Whitelisted) =============

    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-09] (DT Soft Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-13] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-13] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-13] (ESET)
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
    3 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
    3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [83456 2010-05-22] (Huawei Technologies Co., Ltd.)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-20 07:44 - 2012-07-20 07:45 - 00293336 ____A C:\Windows\Minidump\072012-13650-01.dmp
    2012-07-18 23:42 - 2012-07-18 23:42 - 00287480 ____A C:\Windows\Minidump\071912-14960-01.dmp
    2012-07-18 23:38 - 2012-07-18 23:38 - 00286856 ____A C:\Windows\Minidump\071912-28563-01.dmp
    2012-07-18 07:38 - 2012-07-20 07:44 - 394494771 ____A C:\Windows\MEMORY.DMP
    2012-07-18 07:38 - 2012-07-18 07:38 - 00290472 ____A C:\Windows\Minidump\071812-11918-01.dmp
    2012-07-17 05:15 - 2012-07-18 23:36 - 00001440 ____A C:\Windows\PFRO.log
    2012-07-16 10:42 - 2012-07-20 07:44 - 00002892 ____A C:\Windows\setupact.log
    2012-07-16 10:42 - 2012-07-16 10:42 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-16 09:34 - 2012-07-19 00:45 - 00000000 ____D C:\Users\Darca\Desktop\vir
    2012-07-16 05:46 - 2012-07-17 05:07 - 00000000 ____D C:\FRST
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Malwarebytes
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-16 04:30 - 2012-07-16 04:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-16 04:30 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-15 06:08 - 2012-07-15 06:08 - 00023056 ____A C:\ComboFix.txt
    2012-07-15 06:01 - 2012-07-15 06:10 - 00000000 ____D C:\Qoobox
    2012-07-15 06:00 - 2012-07-15 06:10 - 00000000 ____D C:\Windows\erdnt
    2012-07-15 05:09 - 2012-07-15 05:09 - 00000000 ____D C:\Users\Darca\AppData\Local\ESET
    2012-07-14 09:59 - 2012-07-14 10:00 - 00000000 ____D C:\Users\Darca\Downloads\Botanicula
    2012-07-14 09:45 - 2012-07-14 09:45 - 00000000 ____D C:\Users\Darca\AppData\Local\Adobe
    2012-07-13 09:00 - 2012-07-13 09:00 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-07-13 09:00 - 2012-07-13 09:00 - 00000000 __RHD C:\Users\Darca\AppData\Roaming\SecuROM
    2012-07-13 07:20 - 2012-07-13 07:20 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Beat Hazard
    2012-07-12 22:49 - 2010-05-22 04:50 - 00195584 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00083456 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00078848 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00054784 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
    2012-07-12 22:49 - 2010-05-22 04:49 - 00029696 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
    2012-07-12 22:49 - 2010-04-30 06:53 - 00252928 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
    2012-07-12 22:49 - 2010-03-25 00:08 - 00120704 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
    2012-07-12 22:49 - 2010-03-20 02:06 - 00013952 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
    2012-07-12 22:49 - 2010-03-20 01:56 - 00114560 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
    2012-07-12 22:49 - 2010-01-18 08:48 - 00032768 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
    2012-07-12 22:18 - 2012-07-12 22:18 - 00000000 ____D C:\Users\Darca\AppData\Roaming\LolClient
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000635 ____A C:\Users\Darca\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\Documents\id Software
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\AppData\Local\id Software
    2012-07-12 05:58 - 2012-07-12 05:58 - 00000300 ____A C:\Windows\game.ini
    2012-07-12 05:57 - 2012-07-16 14:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-07-12 05:52 - 2012-07-12 05:52 - 00000000 __SHD C:\Windows\ftpcache
    2012-07-11 12:04 - 2012-07-11 12:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-07-11 07:28 - 2012-07-11 07:28 - 00000000 ____D C:\Users\All Users\Last.fm
    2012-07-10 18:40 - 2012-07-10 18:41 - 00000000 ____D C:\Users\Darca\AppData\Roaming\NapiProjekt
    2012-07-10 18:40 - 2012-07-10 18:40 - 00000000 ____D C:\Program Files (x86)\NapiProjekt
    2012-07-10 11:04 - 2012-07-10 11:04 - 00001045 ____A C:\Users\Darca\Desktop\FalloutNV.lnk
    2012-07-10 11:03 - 2012-07-10 11:03 - 00000000 ____D C:\Users\Darca\AppData\Local\FalloutNV
    2012-07-09 19:51 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Media Player Classic
    2012-07-09 19:43 - 2012-07-20 07:44 - 00000000 ____D C:\Windows\Minidump
    2012-07-09 19:39 - 2012-07-09 19:39 - 00000000 ____D C:\Program Files (x86)\Damian Pasternak
    2012-07-09 17:40 - 2008-10-14 20:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2012-07-09 17:40 - 2008-10-14 20:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2012-07-09 17:11 - 2009-09-28 00:46 - 00197912 ____A C:\Windows\SysWOW64\physxcudart_20.dll
    2012-07-09 17:11 - 2009-09-28 00:46 - 00197912 ____A C:\Windows\System32\physxcudart_20.dll
    2012-07-09 17:10 - 2012-07-12 05:59 - 00000000 ____D C:\Users\Darca\AppData\Roaming\NVIDIA
    2012-07-09 17:10 - 2012-07-09 17:10 - 00001271 ____A C:\Users\Darca\Desktop\Borderlands.lnk
    2012-07-09 16:51 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\DAEMON Tools Lite
    2012-07-09 16:51 - 2012-07-09 16:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-09 16:51 - 2012-07-09 16:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2012-07-09 16:50 - 2012-07-12 17:14 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-07-09 16:25 - 2012-07-09 16:25 - 00000205 ____A C:\Users\Darca\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
    2012-07-09 15:53 - 2012-07-16 10:37 - 00000000 ____D C:\Users\Darca\AppData\Roaming\uTorrent
    2012-07-09 15:47 - 2012-07-09 15:47 - 00000637 ____A C:\Users\Darca\Desktop\BeatHazard.lnk
    2012-07-09 15:46 - 2012-07-09 15:46 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-07-09 15:45 - 2012-07-16 10:38 - 00000000 ____D C:\Users\Darca\Desktop\gry
    2012-07-09 15:42 - 2012-07-09 15:42 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-09 15:42 - 2012-07-09 15:42 - 00000000 ____D C:\Program Files\ESET
    2012-07-09 15:32 - 2012-07-16 09:18 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-09 15:31 - 2010-06-01 18:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2012-07-09 15:31 - 2010-06-01 18:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2012-07-09 15:31 - 2010-05-26 01:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2012-07-09 15:31 - 2010-02-04 00:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2012-07-09 15:31 - 2009-09-04 07:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2012-07-09 15:31 - 2009-09-04 07:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2012-07-09 15:30 - 2009-09-04 07:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2012-07-09 15:30 - 2009-09-04 07:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2012-07-09 15:30 - 2009-03-16 04:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2012-07-09 15:30 - 2009-03-09 05:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2012-07-09 15:30 - 2008-10-27 00:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2012-07-09 15:30 - 2008-07-31 00:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2012-07-09 15:30 - 2008-07-31 00:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2012-07-09 15:30 - 2008-07-31 00:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2012-07-09 15:30 - 2008-07-10 01:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2012-07-09 15:30 - 2008-07-10 01:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2012-07-09 15:30 - 2008-05-30 04:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2012-07-09 15:30 - 2008-05-30 04:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2012-07-09 15:30 - 2008-05-30 04:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2012-07-09 15:30 - 2008-05-30 04:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2012-07-09 15:30 - 2008-05-30 04:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2012-07-09 15:30 - 2008-05-30 04:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2012-07-09 15:30 - 2008-05-30 04:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2012-07-09 15:30 - 2008-03-05 06:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2012-07-09 15:30 - 2008-03-05 06:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2012-07-09 15:30 - 2008-03-05 06:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2012-07-09 15:30 - 2008-03-05 06:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2012-07-09 15:30 - 2008-03-05 05:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2012-07-09 15:30 - 2008-02-05 13:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2012-07-09 15:30 - 2008-02-05 13:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2012-07-09 15:30 - 2007-10-21 17:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2012-07-09 15:30 - 2007-10-21 17:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2012-07-09 15:30 - 2007-10-21 17:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2012-07-09 15:30 - 2007-10-21 17:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2012-07-09 15:30 - 2007-10-12 05:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2012-07-09 15:30 - 2007-10-01 23:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2012-07-09 15:30 - 2007-10-01 23:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2012-07-09 15:30 - 2007-07-19 14:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2012-07-09 15:30 - 2007-07-19 14:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2012-07-09 15:30 - 2007-07-19 08:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2012-07-09 15:30 - 2007-06-20 10:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2012-07-09 15:30 - 2007-06-20 10:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2012-07-09 15:30 - 2007-05-16 06:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2012-07-09 15:30 - 2007-04-04 08:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2012-07-09 15:30 - 2007-04-04 08:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2012-07-09 15:30 - 2007-04-04 08:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2012-07-09 15:30 - 2007-04-04 08:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2012-07-09 15:30 - 2007-03-15 06:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2012-07-09 15:30 - 2007-03-15 06:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2012-07-09 15:30 - 2007-03-12 06:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2012-07-09 15:30 - 2007-03-05 02:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2012-07-09 15:30 - 2007-03-05 02:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2012-07-09 15:30 - 2007-01-24 05:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2012-07-09 15:30 - 2007-01-24 05:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2012-07-09 15:30 - 2006-12-08 02:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2012-07-09 15:30 - 2006-12-08 02:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2012-07-09 15:30 - 2006-11-29 03:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2012-07-09 15:30 - 2006-09-28 06:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2012-07-09 15:30 - 2006-09-28 06:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2012-07-09 15:30 - 2006-09-28 06:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2012-07-09 15:30 - 2006-07-27 23:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2012-07-09 15:30 - 2006-07-27 23:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2012-07-09 15:30 - 2006-05-30 21:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2012-07-09 15:30 - 2006-05-30 21:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2012-07-09 15:30 - 2006-03-31 02:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2012-07-09 15:30 - 2006-03-31 02:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2012-07-09 15:30 - 2006-03-31 02:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2012-07-09 15:30 - 2006-03-31 02:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2012-07-09 15:30 - 2006-02-02 22:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2012-07-09 15:30 - 2006-02-02 22:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2012-07-09 15:30 - 2006-02-02 22:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2012-07-09 15:30 - 2006-02-02 22:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2012-07-09 15:30 - 2006-02-02 22:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2012-07-09 15:30 - 2006-02-02 22:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2012-07-09 15:30 - 2005-12-05 08:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2012-07-09 15:30 - 2005-12-05 08:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2012-07-09 15:30 - 2005-07-22 09:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2012-07-09 15:30 - 2005-07-22 09:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2012-07-09 15:30 - 2005-05-26 05:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2012-07-09 15:30 - 2005-05-26 05:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2012-07-09 15:30 - 2005-03-18 07:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2012-07-09 15:30 - 2005-03-18 07:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2012-07-09 15:30 - 2005-02-05 09:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2012-07-09 15:30 - 2005-02-05 09:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2012-07-09 15:23 - 2012-07-09 15:31 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-07-09 15:22 - 2012-07-09 15:22 - 00000000 ____D C:\Users\Darca\AppData\Local\Macromedia
    2012-07-09 15:21 - 2012-07-09 19:58 - 01637934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-09 15:14 - 2009-09-04 07:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2012-07-09 15:14 - 2006-09-28 06:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2012-07-09 15:13 - 2012-07-19 00:41 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Winamp
    2012-07-09 15:13 - 2012-07-09 15:18 - 00000000 ____D C:\Program Files (x86)\Winamp
    2012-07-09 15:12 - 2012-07-09 15:12 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-07-09 15:11 - 2012-07-14 13:18 - 00000000 ____D C:\Users\All Users\Adobe
    2012-07-09 15:10 - 2012-07-09 15:10 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
    2012-07-09 15:10 - 2012-06-25 10:00 - 00092160 ____A C:\Windows\System32\ff_vfw.dll
    2012-07-09 15:10 - 2012-06-09 09:21 - 00206336 ____A C:\Windows\System32\unrar.dll
    2012-07-09 15:09 - 2012-07-09 15:09 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2012-07-09 15:09 - 2012-06-25 10:00 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-07-09 15:09 - 2012-06-09 09:21 - 00178688 ____A C:\Windows\SysWOW64\unrar.dll
    2012-07-09 15:09 - 2011-12-21 09:14 - 00151552 ____A (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
    2012-07-09 15:09 - 2011-06-24 06:44 - 00243200 ____A C:\Windows\SysWOW64\xvidvfw.dll
    2012-07-09 15:09 - 2011-06-24 06:28 - 00650752 ____A C:\Windows\SysWOW64\xvidcore.dll
    2012-07-09 15:08 - 2012-07-09 15:08 - 00000000 ____D C:\Program Files\7-Zip
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Ustawienia lokalne
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Szablony
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Moje dokumenty
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Menu Start
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moje wideo
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moje obrazy
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Moja muzyka
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\Dane aplikacji
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Historia
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Dane aplikacji
    2012-07-09 15:05 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-07-09 15:05 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-07-09 15:05 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-07-09 15:05 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-07-09 15:05 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-07-09 15:04 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-07-09 15:04 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-07-09 15:04 - 2012-04-18 09:08 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-07-09 15:04 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-07-09 15:04 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-07-09 15:03 - 2012-07-20 07:48 - 00000000 ____D C:\Users\Darca\AppData\Roaming\foobar2000
    2012-07-09 15:03 - 2012-07-09 15:03 - 00000000 ____D C:\NVIDIA
    2012-07-09 14:59 - 2012-07-09 14:59 - 00000000 ____D C:\Program Files (x86)\foobar2000
    2012-07-09 14:52 - 2012-07-09 14:52 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\Darca\AppData\Local\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-07-09 14:52 - 2012-07-09 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-07-09 14:47 - 2012-07-09 14:47 - 00001268 ____A C:\Users\Darca\Desktop\Revo Uninstaller.lnk
    2012-07-09 14:47 - 2012-07-09 14:47 - 00000000 ____D C:\Program Files\Defraggler
    2012-07-09 14:47 - 2012-07-09 14:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2012-07-09 14:45 - 2012-07-09 14:45 - 00338253 __RSH C:\RKLHD
    2012-07-09 14:44 - 2012-07-09 14:44 - 00000000 ____D C:\Program Files\CCleaner
    2012-07-09 14:43 - 2012-07-11 20:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-09 14:43 - 2012-07-11 20:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000646 ____A C:\Users\Darca\Desktop\pobrane.lnk
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-09 14:42 - 2012-07-20 07:44 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-07-09 14:42 - 2012-07-09 14:42 - 00000000 ____D C:\Users\All Users\Sun
    2012-07-09 14:41 - 2012-07-09 14:41 - 00000000 ____D C:\Windows\Sun
    2012-07-09 14:41 - 2012-07-09 14:41 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-07-09 14:41 - 2012-07-09 14:40 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-09 14:41 - 2012-07-09 14:40 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-09 14:41 - 2012-05-04 09:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-09 14:41 - 2012-05-04 09:29 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-09 14:41 - 2012-05-04 09:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-09 14:40 - 2012-07-09 14:40 - 00000000 ____D C:\Program Files (x86)\Java
    2012-07-09 14:29 - 2012-07-14 09:43 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Audacity
    2012-07-09 14:29 - 2012-07-09 14:31 - 00000000 ____D C:\Program Files (x86)\Audacity
    2012-07-09 14:23 - 2012-06-03 13:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-09 14:22 - 2012-07-09 15:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-07-09 14:22 - 2012-07-09 15:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-07-09 14:22 - 2012-07-09 14:22 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-07-09 14:20 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-09 14:20 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-09 14:20 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-09 14:20 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-09 14:20 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-09 14:20 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-09 14:20 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-09 14:20 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-09 14:20 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-09 14:20 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-09 14:20 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-09 14:20 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-09 14:20 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-09 14:20 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-09 14:20 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-09 14:20 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-09 14:20 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-09 14:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-09 14:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-09 14:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-09 14:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-09 14:20 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-09 14:20 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-09 14:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-09 14:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-09 14:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-09 14:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-09 14:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-09 14:18 - 2012-07-19 06:51 - 00000000 ____D C:\Users\Darca\AppData\Local\Last.fm
    2012-07-09 14:18 - 2012-07-09 14:18 - 00000000 ____D C:\Program Files (x86)\Last.fm
    2012-07-09 14:14 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-07-09 14:14 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2012-07-09 14:14 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2012-07-09 14:14 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2012-07-09 14:14 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2012-07-09 14:14 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2012-07-09 14:14 - 2011-05-02 21:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2012-07-09 14:14 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2012-07-09 14:13 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-07-09 14:13 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-07-09 14:13 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-07-09 14:12 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2012-07-09 14:12 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2012-07-09 14:12 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2012-07-09 14:12 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2012-07-09 14:10 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2012-07-09 14:10 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2012-07-09 14:06 - 2012-07-14 09:45 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Adobe
    2012-07-09 14:06 - 2012-07-09 14:06 - 00000000 ____D C:\Users\Darca\AppData\Roaming\Macromedia
    2012-07-09 14:03 - 2012-07-17 04:45 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000UA.job
    2012-07-09 14:03 - 2012-07-17 04:45 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000Core.job
    2012-07-09 14:03 - 2012-07-09 14:04 - 00000000 ____D C:\Users\Darca\AppData\Local\Google
    2012-07-09 14:03 - 2012-07-09 14:03 - 00000000 ____D C:\Users\Darca\AppData\Local\Deployment
    2012-07-09 14:03 - 2012-07-09 14:03 - 00000000 ____D C:\Users\Darca\AppData\Local\Apps\2.0
    2012-07-09 14:02 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-09 14:02 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-09 14:02 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-07-09 14:02 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-09 14:02 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-07-09 14:02 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-09 14:02 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-07-09 13:56 - 2012-07-09 13:56 - 00057560 ____A C:\Users\Darca\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-09 13:56 - 2012-07-09 13:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
    2012-07-09 13:56 - 2009-07-14 04:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-07-09 13:56 - 2009-07-14 04:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01009.dll
    2012-07-09 13:55 - 2012-07-16 14:08 - 00000000 ____D C:\Program Files (x86)\PLAY ONLINE
    2012-07-09 13:55 - 2012-07-16 05:36 - 00000000 ____D C:\Users\Darca\Desktop\prog
    2012-07-09 13:54 - 2012-07-12 22:49 - 00000000 ____D C:\Users\All Users\DatacardService
    2012-07-09 13:54 - 2012-07-09 13:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-07-09 03:44 - 2012-07-09 14:46 - 00000000 ____D C:\Windows\Panther
    2012-07-09 03:44 - 2012-07-09 03:44 - 00008192 _RASH C:\BOOTSECT.BAK
    2012-07-09 03:44 - 2010-11-20 19:23 - 00383786 _RASH C:\bootmgr
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Oddworld
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\My Games
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Fax
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\BotaniculaSaves
    2012-07-09 02:54 - 2012-07-09 02:54 - 00000000 ____D C:\Users\Darca\Documents\Battlefield 2
    2012-07-09 02:54 - 2011-03-16 09:20 - 00000055 ____A C:\Users\Darca\Documents\equalizer.feq
    2012-07-09 02:51 - 2012-07-20 07:48 - 02072727 ____A C:\Windows\WindowsUpdate.log
    2012-07-09 02:50 - 2012-07-16 04:10 - 00000000 ____D C:\users\Darca
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000020 ___SH C:\Users\Darca\ntuser.ini
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Public\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Ustawienia lokalne
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Moje dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Default User\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Ustawienia lokalne
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Moje dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moje wideo
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moje obrazy
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Documents\Moja muzyka
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\AppData\Local\Historia
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\Darca\AppData\Local\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Ulubione
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Szablony
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Pulpit
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Menu Start
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Dokumenty
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 __SHD C:\Users\All Users\Dane aplikacji
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 ____D C:\Users\Darca\AppData\Local\VirtualStore
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000000 ____D C:\Recovery
  15. darca

    darca Newcomer, in training Topic Starter Posts: 37

    ============ 3 Months Modified Files ========================

    2012-07-20 07:48 - 2012-07-09 02:51 - 02072727 ____A C:\Windows\WindowsUpdate.log
    2012-07-20 07:48 - 2009-07-13 20:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 07:48 - 2009-07-13 20:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-20 07:45 - 2012-07-20 07:44 - 00293336 ____A C:\Windows\Minidump\072012-13650-01.dmp
    2012-07-20 07:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-20 07:44 - 2012-07-18 07:38 - 394494771 ____A C:\Windows\MEMORY.DMP
    2012-07-20 07:44 - 2012-07-16 10:42 - 00002892 ____A C:\Windows\setupact.log
    2012-07-18 23:42 - 2012-07-18 23:42 - 00287480 ____A C:\Windows\Minidump\071912-14960-01.dmp
    2012-07-18 23:38 - 2012-07-18 23:38 - 00286856 ____A C:\Windows\Minidump\071912-28563-01.dmp
    2012-07-18 23:36 - 2012-07-17 05:15 - 00001440 ____A C:\Windows\PFRO.log
    2012-07-18 07:38 - 2012-07-18 07:38 - 00290472 ____A C:\Windows\Minidump\071812-11918-01.dmp
    2012-07-17 04:45 - 2012-07-09 14:03 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000UA.job
    2012-07-17 04:45 - 2012-07-09 14:03 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000Core.job
    2012-07-16 10:42 - 2012-07-16 10:42 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-16 09:18 - 2012-07-09 15:32 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-15 06:08 - 2012-07-15 06:08 - 00023056 ____A C:\ComboFix.txt
    2012-07-15 06:06 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-07-15 04:34 - 2011-02-04 09:55 - 00725544 ____A C:\Windows\System32\perfh015.dat
    2012-07-15 04:34 - 2011-02-04 09:55 - 00150428 ____A C:\Windows\System32\perfc015.dat
    2012-07-15 04:34 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-13 09:00 - 2012-07-13 09:00 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-07-12 05:59 - 2012-07-12 05:59 - 00000635 ____A C:\Users\Darca\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
    2012-07-12 05:58 - 2012-07-12 05:58 - 00000300 ____A C:\Windows\game.ini
    2012-07-11 20:48 - 2012-07-09 14:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 20:48 - 2012-07-09 14:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 12:04 - 2012-07-11 12:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-07-10 11:04 - 2012-07-10 11:04 - 00001045 ____A C:\Users\Darca\Desktop\FalloutNV.lnk
    2012-07-09 19:58 - 2012-07-09 15:21 - 01637934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-09 17:10 - 2012-07-09 17:10 - 00001271 ____A C:\Users\Darca\Desktop\Borderlands.lnk
    2012-07-09 16:51 - 2012-07-09 16:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-09 16:25 - 2012-07-09 16:25 - 00000205 ____A C:\Users\Darca\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
    2012-07-09 15:47 - 2012-07-09 15:47 - 00000637 ____A C:\Users\Darca\Desktop\BeatHazard.lnk
    2012-07-09 15:46 - 2012-07-09 15:46 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-09 15:46 - 2012-07-09 15:46 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-09 15:06 - 2012-07-09 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-09 14:52 - 2012-07-09 14:52 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-09 14:47 - 2012-07-09 14:47 - 00001268 ____A C:\Users\Darca\Desktop\Revo Uninstaller.lnk
    2012-07-09 14:45 - 2012-07-09 14:45 - 00338253 __RSH C:\RKLHD
    2012-07-09 14:43 - 2012-07-09 14:43 - 00000646 ____A C:\Users\Darca\Desktop\pobrane.lnk
    2012-07-09 14:40 - 2012-07-09 14:41 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-09 14:40 - 2012-07-09 14:41 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-09 13:56 - 2012-07-09 13:56 - 00057560 ____A C:\Users\Darca\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-09 13:56 - 2012-07-09 13:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
    2012-07-09 13:54 - 2012-07-09 13:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-07-09 03:44 - 2012-07-09 03:44 - 00008192 _RASH C:\BOOTSECT.BAK
    2012-07-09 03:44 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2012-07-09 03:44 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2012-07-09 02:50 - 2012-07-09 02:50 - 00000020 ___SH C:\Users\Darca\ntuser.ini
    2012-07-09 02:48 - 2009-07-13 21:01 - 00067908 ____A C:\Windows\SysWOW64\license.rtf
    2012-07-09 02:48 - 2009-07-13 21:01 - 00067908 ____A C:\Windows\System32\license.rtf
    2012-07-09 02:45 - 2009-07-13 20:45 - 00274840 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-03 03:46 - 2012-07-16 04:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 10:00 - 2012-07-09 15:10 - 00092160 ____A C:\Windows\System32\ff_vfw.dll
    2012-06-25 10:00 - 2012-07-09 15:09 - 00079872 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-06-09 09:21 - 2012-07-09 15:10 - 00206336 ____A C:\Windows\System32\unrar.dll
    2012-06-09 09:21 - 2012-07-09 15:09 - 00178688 ____A C:\Windows\SysWOW64\unrar.dll
    2012-06-03 13:28 - 2012-07-09 14:23 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-07-09 14:02 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-09 14:02 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-09 14:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-07-09 14:02 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-07-09 14:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 05:19 - 2012-07-09 14:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 05:15 - 2012-07-09 14:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 02:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-17 18:47 - 2012-07-09 14:20 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-07-09 14:20 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-07-09 14:20 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-07-09 14:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-07-09 14:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-07-09 14:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-07-09 14:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-07-09 14:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-07-09 14:20 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-07-09 14:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-07-09 14:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-07-09 14:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-07-09 14:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-07-09 14:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-07-09 14:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-07-09 14:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-07-09 14:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-07-09 14:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-07-09 14:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-07-09 14:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-07-09 14:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-07-09 14:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-07-09 14:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-07-09 14:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-07-09 14:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-07-09 14:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-07-09 14:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-07-09 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-07-09 15:04 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-07-09 15:04 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2012-02-09 12:43 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-02-09 12:43 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2012-07-09 15:05 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-07-09 15:05 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-07-09 15:05 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2012-07-09 15:05 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 16:21 - 2012-05-14 16:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
    2012-05-04 09:29 - 2012-07-09 14:41 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-04 09:29 - 2012-07-09 14:41 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 09:29 - 2012-07-09 14:41 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8159.14 MB
    Available physical RAM: 7396.83 MB
    Total Pagefile: 8157.34 MB
    Available Pagefile: 7385.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:200.2 GB) (Free:168.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:1400 GB) (Free:1335.61 GB) NTFS
    3 Drive e: () (Fixed) (Total:230 GB) (Free:141.12 GB) NTFS
    5 Drive g: (PENDRAJW) (Removable) (Total:1.85 GB) (Free:1.77 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 32 GB
    Disk 1 Online 1900 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 GB 1024 KB
    Partition 2 Primary 1400 GB 200 GB
    Partition 3 Primary 230 GB 1600 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 200 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D NTFS Partition 1400 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 230 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1899 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G PENDRAJW FAT32 Removable 1899 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-10 13:10

    ======================= End Of Log ==========================
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please boot normally to Windows...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  17. darca

    darca Newcomer, in training Topic Starter Posts: 37

    ComboFix 12-07-20.02 - Darca 2012-07-20 19:49:14.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.8159.6882 [GMT 2:00]
    Uruchomiony z: c:\users\Darca\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Utworzono nowy punkt przywracania
    .
    .
    ((((((((((((((((((((((((( Pliki utworzone od 2012-06-20 do 2012-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 17:51 . 2012-07-20 17:51--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-13 17:00 . 2012-07-13 17:00178800----a-w-c:\windows\SysWow64\CmdLineExt_x64.dll
    2012-07-13 16:53 . 2012-07-16 22:08--------d-----w-c:\program files (x86)\Common Files\InstallShield
    2012-07-13 06:49 . 2010-05-22 12:50195584----a-w-c:\windows\system32\drivers\ew_juwwanecm.sys
    2012-07-13 06:49 . 2010-05-22 12:4929696----a-w-c:\windows\system32\drivers\ew_juextctrl.sys
    2012-07-13 06:49 . 2010-05-22 12:4954784----a-w-c:\windows\system32\drivers\ew_jucdcecm.sys
    2012-07-13 06:49 . 2010-05-22 12:4983456----a-w-c:\windows\system32\drivers\ew_jubusenum.sys
    2012-07-13 06:49 . 2010-05-22 12:4978848----a-w-c:\windows\system32\drivers\ew_jucdcacm.sys
    2012-07-13 06:49 . 2010-04-30 14:53252928----a-w-c:\windows\system32\drivers\ewusbnet.sys
    2012-07-13 06:49 . 2010-03-25 08:08120704----a-w-c:\windows\system32\drivers\ewusbmdm.sys
    2012-07-13 06:49 . 2010-03-20 10:0613952----a-w-c:\windows\system32\drivers\ew_usbenumfilter.sys
    2012-07-13 06:49 . 2010-01-18 16:4832768----a-w-c:\windows\system32\drivers\ewdcsc.sys
    2012-07-13 06:49 . 2010-03-20 09:56114560----a-w-c:\windows\system32\drivers\ew_hwusbdev.sys
    2012-07-12 13:57 . 2012-07-16 22:08--------d--h--w-c:\program files (x86)\InstallShield Installation Information
    2012-07-12 13:52 . 2012-07-12 13:52--------d-sh--w-c:\windows\ftpcache
    2012-07-11 15:28 . 2012-07-11 15:28--------d-----w-c:\programdata\Last.fm
    2012-07-11 02:40 . 2012-07-11 02:40--------d-----w-c:\program files (x86)\NapiProjekt
    2012-07-10 03:39 . 2012-07-10 03:39--------d-----w-c:\program files (x86)\Damian Pasternak
    2012-07-10 01:40 . 2008-10-15 04:22519000----a-w-c:\windows\system32\d3dx10_40.dll
    2012-07-10 01:40 . 2008-10-15 04:22452440----a-w-c:\windows\SysWow64\d3dx10_40.dll
    2012-07-10 01:40 . 2008-10-15 04:222605920----a-w-c:\windows\system32\D3DCompiler_40.dll
    2012-07-10 01:40 . 2008-10-15 04:222036576----a-w-c:\windows\SysWow64\D3DCompiler_40.dll
    2012-07-10 01:40 . 2008-10-15 04:225631312----a-w-c:\windows\system32\D3DX9_40.dll
    2012-07-10 01:40 . 2008-10-15 04:224379984----a-w-c:\windows\SysWow64\D3DX9_40.dll
    2012-07-10 01:11 . 2009-09-28 08:46197912----a-w-c:\windows\SysWow64\physxcudart_20.dll
    2012-07-10 01:11 . 2009-09-28 08:46197912----a-w-c:\windows\system32\physxcudart_20.dll
    2012-07-10 00:51 . 2012-07-10 00:51283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-10 00:51 . 2012-07-10 00:51--------d-----w-c:\program files (x86)\DAEMON Tools Lite
    2012-07-10 00:50 . 2012-07-13 01:14--------d-----w-c:\programdata\DAEMON Tools Lite
    2012-07-09 23:46 . 2012-07-09 23:46466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-07-09 23:46 . 2012-07-09 23:46444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-07-09 23:46 . 2012-07-09 23:46122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-07-09 23:46 . 2012-07-09 23:46109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-07-09 23:46 . 2012-07-09 23:46--------d-----w-c:\program files (x86)\OpenAL
    2012-07-09 23:45 . 2012-07-09 23:45--------d-----w-c:\program files (x86)\Common Files\Steam
    2012-07-09 23:42 . 2012-07-09 23:42--------d-----w-c:\program files\ESET
    2012-07-09 23:30 . 2009-09-04 15:44238936----a-w-c:\windows\SysWow64\xactengine3_5.dll
    2012-07-09 23:19 . 2012-07-09 23:19--------d-----w-c:\program files (x86)\Microsoft.NET
    2012-07-09 23:14 . 2009-09-04 15:291892184----a-w-c:\windows\SysWow64\D3DX9_42.dll
    2012-07-09 23:14 . 2006-09-28 14:052414360----a-w-c:\windows\SysWow64\d3dx9_31.dll
    2012-07-09 23:13 . 2012-07-09 23:13--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2012-07-09 23:13 . 2012-07-09 23:18--------d-----w-c:\program files (x86)\Winamp
    2012-07-09 23:12 . 2012-07-09 23:12--------d-----w-c:\program files (x86)\Common Files\Adobe
    2012-07-09 23:10 . 2012-06-25 18:0092160----a-w-c:\windows\system32\ff_vfw.dll
    2012-07-09 23:10 . 2012-06-09 17:21206336----a-w-c:\windows\system32\unrar.dll
    2012-07-09 23:10 . 2012-07-09 23:10--------d-----w-c:\program files\K-Lite Codec Pack x64
    2012-07-09 23:09 . 2012-06-09 17:21178688----a-w-c:\windows\SysWow64\unrar.dll
    2012-07-09 23:09 . 2011-12-21 17:14151552----a-w-c:\windows\SysWow64\ac3acm.acm
    2012-07-09 23:09 . 2011-06-24 14:44243200----a-w-c:\windows\SysWow64\xvidvfw.dll
    2012-07-09 23:09 . 2011-06-24 14:28650752----a-w-c:\windows\SysWow64\xvidcore.dll
    2012-07-09 23:09 . 2012-06-25 18:0079872----a-w-c:\windows\SysWow64\ff_vfw.dll
    2012-07-09 23:09 . 2012-07-09 23:09--------d-----w-c:\program files (x86)\K-Lite Codec Pack
    2012-07-09 23:08 . 2012-07-09 23:08--------d-----w-c:\program files\7-Zip
    2012-07-09 23:06 . 2012-07-16 12:15--------d-----w-c:\users\UpdatusUser
    2012-07-09 23:05 . 2012-05-15 09:29889664----a-w-c:\windows\system32\nvvsvc.exe
    2012-07-09 23:05 . 2012-05-15 09:2963296----a-w-c:\windows\system32\nvshext.dll
    2012-07-09 23:05 . 2012-05-15 09:292561856----a-w-c:\windows\system32\nvsvcr.dll
    2012-07-09 23:05 . 2012-05-15 09:29118080----a-w-c:\windows\system32\nvmctray.dll
    2012-07-09 23:05 . 2012-05-15 09:292621723----a-w-c:\windows\system32\nvcoproc.bin
    2012-07-09 23:05 . 2012-05-15 09:293149632----a-w-c:\windows\system32\nvsvc64.dll
    2012-07-09 23:05 . 2012-05-15 09:286151488----a-w-c:\windows\system32\nvcpl.dll
    2012-07-09 22:59 . 2012-07-09 22:59--------d-----w-c:\program files (x86)\foobar2000
    2012-07-09 22:52 . 2012-07-09 22:52--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2012-07-09 22:47 . 2012-07-09 22:47--------d-----w-c:\program files\Defraggler
    2012-07-09 22:47 . 2012-07-09 22:47--------d-----w-c:\program files (x86)\VS Revo Group
    2012-07-09 22:44 . 2012-07-09 22:44--------d-----w-c:\program files\CCleaner
    2012-07-09 22:43 . 2012-07-12 04:4870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-09 22:43 . 2012-07-12 04:48426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-09 22:43 . 2012-07-09 22:43--------d-----w-c:\windows\SysWow64\Macromed
    2012-07-09 22:43 . 2012-07-09 22:43--------d-----w-c:\windows\system32\Macromed
    2012-07-09 22:42 . 2012-07-09 22:42--------d-----w-c:\program files (x86)\Common Files\Java
    2012-07-09 22:42 . 2012-07-20 17:36--------d-----w-c:\programdata\NVIDIA
    2012-07-09 22:41 . 2012-07-09 22:41--------d-----w-c:\windows\Sun
    2012-07-09 22:41 . 2012-07-09 22:41--------d-----w-c:\program files (x86)\Oracle
    2012-07-09 22:41 . 2012-05-04 17:29772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-07-09 22:41 . 2012-05-04 17:29687504----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-07-09 22:40 . 2012-07-09 22:40--------d-----w-c:\program files (x86)\Java
    2012-07-09 22:40 . 2012-07-19 17:54--------d-sh--w-c:\windows\Installer
    2012-07-09 22:29 . 2012-07-09 22:31--------d-----w-c:\program files (x86)\Audacity
    2012-07-09 22:23 . 2012-06-03 21:2858957832----a-w-c:\windows\system32\MRT.exe
    2012-07-09 22:22 . 2012-07-09 22:22--------d-----w-c:\programdata\NVIDIA Corporation
    2012-07-09 22:22 . 2012-07-09 23:06--------d-----w-c:\program files (x86)\NVIDIA Corporation
    2012-07-09 22:22 . 2012-07-09 23:06--------d-----w-c:\program files\NVIDIA Corporation
    2012-07-09 22:21 . 2012-06-18 01:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{B00918FB-8FB1-4730-A484-67C185B86594}\mpengine.dll
    2012-07-09 22:18 . 2012-07-09 22:18--------d-----w-c:\program files (x86)\Last.fm
    2012-07-09 22:14 . 2011-08-27 05:37861696----a-w-c:\windows\system32\oleaut32.dll
    2012-07-09 22:14 . 2011-08-27 05:37331776----a-w-c:\windows\system32\oleacc.dll
    2012-07-09 22:14 . 2011-08-27 04:26571904----a-w-c:\windows\SysWow64\oleaut32.dll
    2012-07-09 22:14 . 2011-08-27 04:26233472----a-w-c:\windows\SysWow64\oleacc.dll
    2012-07-09 22:14 . 2011-05-03 05:29976896----a-w-c:\windows\system32\inetcomm.dll
    2012-07-09 22:14 . 2011-05-03 04:30741376----a-w-c:\windows\SysWow64\inetcomm.dll
    2012-07-09 22:14 . 2011-12-16 08:46634880----a-w-c:\windows\system32\msvcrt.dll
    2012-07-09 22:14 . 2011-12-16 07:52690688----a-w-c:\windows\SysWow64\msvcrt.dll
    2012-07-09 22:13 . 2012-03-31 05:421732096----a-w-c:\program files\Windows Journal\NBDoc.DLL
    2012-07-09 22:13 . 2012-03-31 05:401402880----a-w-c:\program files\Windows Journal\JNWDRV.dll
    2012-07-09 22:13 . 2012-03-31 05:401367552----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-09 22:13 . 2012-03-31 05:401393664----a-w-c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-09 22:13 . 2012-03-31 04:29936960----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-09 22:13 . 2011-11-05 05:322048----a-w-c:\windows\system32\tzres.dll
    2012-07-09 22:13 . 2011-11-05 04:262048----a-w-c:\windows\SysWow64\tzres.dll
    2012-07-09 22:13 . 2012-03-30 11:351918320----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-07-09 22:12 . 2011-11-17 06:411731920----a-w-c:\windows\system32\ntdll.dll
    2012-07-09 22:12 . 2011-11-17 05:381292080----a-w-c:\windows\SysWow64\ntdll.dll
    2012-07-09 22:12 . 2011-10-15 06:31723456----a-w-c:\windows\system32\EncDec.dll
    2012-07-09 22:12 . 2011-10-15 05:38534528----a-w-c:\windows\SysWow64\EncDec.dll
    2012-07-09 22:10 . 2011-11-19 14:5877312----a-w-c:\windows\system32\packager.dll
    2012-07-09 22:10 . 2011-11-19 14:0167072----a-w-c:\windows\SysWow64\packager.dll
    2012-07-09 22:02 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-07-09 22:02 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-07-09 22:02 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-07-09 22:02 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-07-09 22:02 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-07-09 22:02 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-07-09 22:02 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-07-09 22:02 . 2012-06-02 13:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-07-09 22:02 . 2012-06-02 13:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-07-09 21:56 . 2009-07-14 12:211721576----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2012-07-09 21:56 . 2009-07-14 12:211721576----a-w-c:\windows\system32\drivers\WdfCoInstaller01009.dll
    2012-07-09 21:55 . 2012-07-16 22:08--------d-----w-c:\program files (x86)\PLAY ONLINE
    2012-07-09 21:54 . 2012-07-13 06:49--------d-----w-c:\programdata\DatacardService
    2012-07-09 11:44 . 2012-07-09 22:46--------d-----w-c:\windows\Panther
    2012-07-09 11:44 . 2012-07-20 17:33--------d-----w-C:\Boot
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-31 10:25 . 2010-11-21 03:27279656------w-c:\windows\system32\MpSigStub.exe
    2012-05-15 10:48 . 2012-02-09 20:438105280----a-w-c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-02-09 20:4368928----a-w-c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-02-09 20:4361248----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-02-09 20:431738048----a-w-c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2012-02-09 20:4315322432----a-w-c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-02-09 20:431468224----a-w-c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2012-02-09 20:4310194752----a-w-c:\windows\system32\nvwgf2umx.dll
    2012-05-15 00:21 . 2012-05-15 00:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="d:\gry\Steam\Steam.exe" [2012-07-09 1242448]
    .
    c:\users\Darca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Last.fm.lnk - c:\program files (x86)\Last.fm\LastFM.exe [2012-7-10 1155072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 252928]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-10 283200]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    .
    .
    Zawartość folderu 'Zaplanowane zadania'
    .
    2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 04:48]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000Core.job
    - c:\users\Darca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 22:03]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2512827544-3146586417-1206672399-1000UA.job
    - c:\users\Darca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 22:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    .
    ------- Skan uzupełniający -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: Interfaces\{5CC821B3-7C4C-4A27-A03C-4652ACCC592A}: NameServer = 89.108.195.21 89.108.202.21
    TCP: Interfaces\{98417DC1-FE25-4800-AB1A-7B7D8B946391}: NameServer = 89.108.202.20 89.108.195.20
    FF - ProfilePath - c:\users\Darca\AppData\Roaming\Mozilla\Firefox\Profiles\jbcktsh5.default\
    .
    .
    --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Czas ukończenia: 2012-07-20 19:52:14
    ComboFix-quarantined-files.txt 2012-07-20 17:52
    ComboFix2.txt 2012-07-15 14:08
    .
    Przed: 181 432 651 776 bajtów wolnych
    Po: 181 364 490 240 bajtów wolnych
    .
    - - End Of File - - AEEF8D16FE06EC3D8FCECA6C740FB3ED
    Hope that descriptions in the my native language won't be a problem
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  19. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Darca :: CERBERUS [administrator]

    2012-07-21 14:55:42
    mbam-log-2012-07-21 (14-55-42).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 280067
    Time elapsed: 13 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okie dokie. Want to make sure no other malware is present...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  21. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Eset also found nothing

    heres log

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=66c962ec16563e4195727ef5a956c841
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-07-22 10:30:36
    # local_time=2012-07-23 12:30:36 )
    # country="Poland"
    # lang=1045
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 675789 94624918 0 0
    # compatibility_mode=8204 22379901 100 73 304078 11871058 0 0
    # scanned=119784
    # found=0
    # cleaned=0
    # scan_time=1167
    # nod_component=V3 Build:0x30000000

    could virus couses bad sectors on disc?
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  23. darca

    darca Newcomer, in training Topic Starter Posts: 37

    Could you recommend some program that would search for this kind of insects and deal with them?
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  25. darca

    darca Newcomer, in training Topic Starter Posts: 37

    unfortunly I was forced to do a fresh win instal but I'm fully appreciate and grateful for Your help
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.