Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stop: c0000135 the program can't start because %hs is missing from your computer


  • This topic is locked This topic is locked
20 replies to this topic

#1 netghost1115

netghost1115

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 02:54 PM

Hi,

Recently got infected with a Trojan which AVG was able to "remove." Unfortunately after it did its removal my computer will not boot instead blue screens on startup. I have already tried disabling AVG and have attempted to diagnose the boot error but have been unsuccessful. I have already ran sfc /scannow but this returned no fixes.

Thanks,

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 20 April 2012 - 02:58 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 03:07 PM

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by SYSTEM at 20-04-2012 16:02:14
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-05-21] ()
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [394768 2010-10-20] (Acronis)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11855976 2011-05-31] (Realtek Semiconductor)
HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [994624 2011-12-19] ()
HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [702272 2011-12-19] ()
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [x]
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [221300 2008-05-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5550984 2011-09-22] (Acronis)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [522192 2011-05-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKU\Administrator\...\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Administrator\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166624 2012-04-03] (Fieldston Software)
HKU\Administrator\...\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe [2887680 2008-05-29] (Leadtek Research Inc.)
HKU\Administrator\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
HKU\Administrator\...\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [x]
HKU\Brian\...\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\Brian\...\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe [2887680 2008-05-29] (Leadtek Research Inc.)
HKU\Brian\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Brian\...\Run: [AdobeBridge] [x]
HKU\Brian\...\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [x]
HKU\Brian\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Brian\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166624 2012-04-03] (Fieldston Software)
HKU\Brian\...\Run: [Syncables] C:\Program Files (x86)\Common Files\syncables Shared\java\Syncables.exe [x]
HKU\Brian\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-21] (Google Inc.)
HKU\UpdatusUser\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166624 2012-04-03] (Fieldston Software)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe [2887680 2008-05-29] (Leadtek Research Inc.)
HKU\UpdatusUser\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\UpdatusUser\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [AdobeBridge] [x]
HKU\UpdatusUser\...\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 128.210.11.72
AppInit_DLLs:
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1118328 2010-10-20] (Acronis)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-10-02] (Acronis)
3 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 Creative Dolby Digital Live Pack Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe" [79360 2010-06-10] (Creative Labs)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd)
2 ForTheRecordIMBot; C:\Program Files (x86)\For The Record\IMBot Service\ForTheRecord.IMBot.exe [65024 2011-12-30] (For The Record)
2 ForTheRecordRecorderTuner; C:\Program Files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.WindowsService.exe [65536 2011-12-30] (For The Record)
2 ForTheRecordServices; C:\Program Files (x86)\For The Record\Services\ForTheRecord.WindowsService.exe [60416 2011-12-30] (For The Record)
2 GuideEnricher; "C:\Program Files (x86)\Guide Enricher\GuideEnricherService.exe" [41472 2011-08-03] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 nHancer; "C:\Program Files\nHancer\nHancerService.exe" [39424 2010-05-02] (KSE - Korndörfer Software Engineering)
2 OpenVPNAccessClient; "C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe" [24064 2011-08-05] ()
2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] ()
2 UltiDev Cassini Web Server for ASP.NET 2.0; "C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" [49152 2007-02-07] (UltiDev LLC)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [465872 2011-05-23] (Cisco Systems, Inc.)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll [x]
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [x]
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [x]
2 tvtfilter; C:\Windows\System32\dcevt32.dll [x]

========================== Drivers (Whitelisted) =============

3 3xHybr64; C:\Windows\System32\Drivers\3xHybr64.sys [1311616 2009-08-17] (NXP Semiconductors Germany GmbH)
3 acsock; C:\Windows\System32\DRIVERS\acsock64.sys [94864 2011-05-23] (Cisco Systems, Inc.)
3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2011-10-02] (Acronis)
3 Cam3820; C:\Windows\System32\Drivers\cam3820a.sys [413184 2009-09-22] (CamVendor)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [230488 2010-07-07] (Creative Technology Ltd.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-04-16] (Citrix Systems, Inc.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2012-01-07] (DT Soft Ltd)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
2 iPodDrv; C:\Windows\System32\Drivers\iPodDrv.sys [14952 2011-07-27] (Windows ® Codename Longhorn DDK provider)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120408 2010-11-25] (JMicron Technology Corp.)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8962 2010-06-13] ()
3 RDPDISPM; C:\Windows\System32\Drivers\RDPDISPM.sys [10752 2010-08-31] (Microsoft Corporation)
3 SaiH0763; C:\Windows\System32\Drivers\SaiH0763.sys [178304 2008-02-15] (Saitek)
3 SaiH0C2D; C:\Windows\System32\Drivers\SaiH0C2D.sys [176128 2007-07-02] (Saitek)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2011-05-24] (Acronis)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-06-10] (Duplex Secure Ltd.)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2011-10-02] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2011-10-02] (Acronis)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-05-21] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [x]
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [x]
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [x]
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [x]
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [x]
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [x]
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [x]
1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [x]
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: tvtfilter

============ One Month Created Files and Folders ==============

2012-04-17 13:50 - 2012-03-07 19:06 - 0001211 ____A C:\Users\Brian\Desktop\Farming Simulator 2011 Platinum Edition.lnk
2012-04-17 13:50 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-17 13:49 - 2012-04-18 20:51 - 0000000 ____D C:\Windows\system64
2012-04-17 13:49 - 2011-10-22 07:16 - 0000000 ____A C:\Users\Brian\AppData\Roaming\ydlmp.txt
2012-04-17 07:55 - 2011-11-16 19:46 - 0000000 ____D C:\Users\Brian\AppData\Local\{DEBCEFBD-EEBF-4D7A-B716-73556272C5DA}
2012-04-17 07:55 - 2011-11-01 18:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{CCDC919A-373F-40A6-A5C5-CBEC73EDC343}
2012-04-16 19:55 - 2011-10-18 06:16 - 0000000 ____D C:\Users\Brian\AppData\Local\{4D8D7938-1296-44C8-B74A-0C4855F825E6}
2012-04-16 19:54 - 2011-11-20 13:45 - 0000000 ____D C:\Users\Brian\AppData\Local\{2BBA2681-DA6F-4134-90C6-61230A5B2CF1}
2012-04-16 07:54 - 2011-11-14 19:44 - 0000000 ____D C:\Users\Brian\AppData\Local\{FD4638C4-F8A8-486C-97A8-30533E08E2CF}
2012-04-16 07:54 - 2011-11-08 15:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{65FF7717-64FC-4880-ABDF-915415C59908}
2012-04-15 19:54 - 2011-12-08 18:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{530C659E-19C5-4794-9F86-19E75BBA8586}
2012-04-15 19:54 - 2011-08-27 06:17 - 0000000 ____D C:\Users\Brian\AppData\Local\{DC9C6E5A-F3D5-4F12-87BC-B212318617DF}
2012-04-15 11:03 - 2012-04-15 11:03 - 0005257 ____A C:\Users\Brian\ovpntray.log
2012-04-15 11:03 - 2011-05-20 20:18 - 0000255 ____A C:\Users\Brian\openvpn-connect.json
2012-04-15 11:03 - 2011-03-25 17:04 - 0002309 ____A C:\Users\All Users\Start Menu\Programs\Startup\OpenVPN Connect.lnk
2012-04-15 11:02 - 2012-04-18 20:52 - 0000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2012-04-15 09:30 - 2010-10-17 15:08 - 19046064 ____A (GIANTS Software ) C:\Users\Brian\Desktop\FarmingSimulator2011Patch2.2EN.exe
2012-04-15 07:54 - 2012-02-07 19:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{0DDC92D4-DEA4-4EBB-B511-3FCDCC757AEB}
2012-04-15 07:54 - 2011-11-06 11:43 - 0000000 ____D C:\Users\Brian\AppData\Local\{44E0B2DE-D13A-4710-AE08-952B9EC21B2E}
2012-04-15 07:46 - 2012-03-19 05:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{E7078753-4CCD-46C6-9C96-172AE88D5440}
2012-04-15 07:45 - 2012-02-26 18:51 - 0000000 ____D C:\Users\Brian\AppData\Local\{9422CA27-354C-4678-95C7-D0DEDCEE7233}
2012-04-14 06:29 - 2011-05-04 18:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{DD0ABFF6-7111-4700-939A-F7ED736B5016}
2012-04-14 06:28 - 2011-11-10 15:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{82B01F8B-DFF0-4D1B-AEE2-74F7766B554D}
2012-04-13 17:54 - 2012-03-24 11:52 - 188185647 ____A ( ) C:\Users\Brian\Desktop\cimusa.exe
2012-04-13 05:52 - 2011-08-21 06:38 - 0000000 ____D C:\Users\Brian\AppData\Local\{C4806D32-7601-4FBD-98DF-CA69B5CC4BE2}
2012-04-12 07:48 - 2006-09-21 12:11 - 4169561 ____A C:\Users\Brian\Documents\BSperduto KEWR.pdf
2012-04-12 07:10 - 2012-01-12 17:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{E3812914-37CF-4328-857E-12AB62FE42D4}
2012-04-12 05:38 - 2005-12-15 13:27 - 0000000 ____D C:\Users\Brian\Documents\Newark Airport Project
2012-04-11 23:07 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 23:07 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 23:07 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 23:07 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 23:07 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 23:07 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 23:07 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 23:07 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 23:07 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 23:07 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 23:07 - 2011-05-21 06:55 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 23:07 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 23:07 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 23:07 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 23:07 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 23:07 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 23:07 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 23:07 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 23:07 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 23:07 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 23:07 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 23:07 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 23:06 - 2009-07-13 19:20 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 23:06 - 2009-07-13 19:20 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-11 23:03 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 23:03 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 23:03 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 23:03 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 23:03 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 23:03 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 23:03 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-11 19:10 - 2011-11-06 11:40 - 0000000 ____D C:\Users\Brian\AppData\Local\{4706E5AA-9F0F-448C-821D-E893074724E9}
2012-04-11 15:55 - 2012-04-12 07:00 - 4136934 ____A C:\Users\Brian\Documents\Newark Liberty International Airport.docx
2012-04-11 07:09 - 2012-01-25 08:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{63E538D1-5EBE-4CF1-8E83-AFA4DA041D2E}
2012-04-10 19:09 - 2011-09-23 18:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{05CCF13E-0D2E-429D-BAFE-962E4FC5A9ED}
2012-04-10 07:09 - 2011-10-12 03:12 - 0000000 ____D C:\Users\Brian\AppData\Local\{A9C31DC5-C6CC-4CFC-9031-40C52AA5A51A}
2012-04-09 19:08 - 2012-03-27 05:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{C279558B-3083-408A-9EC4-9A67CF4ED888}
2012-04-09 07:08 - 2011-04-20 07:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{30CF6652-BECA-4486-BA0E-DAB80347962D}
2012-04-08 19:08 - 2012-01-08 16:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{9C395963-EF08-494C-BED2-0B5E11854037}
2012-04-08 08:10 - 2011-05-20 17:49 - 0008309 ____A C:\Users\Brian\Desktop\maint_records.csv
2012-04-08 07:08 - 2011-11-05 23:38 - 0000000 ____D C:\Users\Brian\AppData\Local\{225E2AC8-0C3D-4796-97B7-B7AE28F2EFAF}
2012-04-07 19:07 - 2011-05-02 19:22 - 0000000 ____D C:\Users\Brian\AppData\Local\{0C7E2F79-8C76-441C-939A-A9BAACF7E237}
2012-04-07 07:07 - 2011-04-01 04:30 - 0000000 ____D C:\Users\Brian\AppData\Local\{B7EE0279-00E0-4B5D-83CC-FCF143645483}
2012-04-06 21:16 - 2006-03-13 11:42 - 0000000 ____D C:\Users\Brian\Documents\Purdue Flight Ops
2012-04-06 20:36 - 2012-01-21 13:46 - 3299460 ____A C:\Users\Brian\Desktop\flighttrack.sql
2012-04-06 17:59 - 2011-11-16 19:46 - 0000000 ____D C:\Users\Brian\AppData\Local\{3A4B0053-D993-47AC-9FF6-AFC13C9796D3}
2012-04-06 17:38 - 2011-05-20 17:49 - 0000000 ____D C:\Users\Brian\Desktop\comskip81_035_donators
2012-04-06 05:59 - 2011-10-18 18:18 - 0000000 ____D C:\Users\Brian\AppData\Local\{02A1921C-0012-4FAE-B429-823A4555A4F2}
2012-04-05 17:59 - 2012-03-23 18:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{EAC90848-F151-4C3E-9956-2BF686421C39}
2012-04-05 05:58 - 2011-04-04 18:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{B024B3F4-AA15-4956-A4D4-35F76A11CAE3}
2012-04-04 17:45 - 2011-05-21 06:47 - 0000000 ____D C:\Users\Brian\AppData\Local\{1B3ACD64-1854-446F-BF9C-184D1223D426}
2012-04-04 12:21 - - 0291424 ____A C:\Windows\Minidump\040412-35833-01.dmp
2012-04-04 05:44 - 2012-03-17 07:18 - 0000000 ____D C:\Users\Brian\AppData\Local\{B8528F6C-1E7F-4EEB-8696-B2C1D22316EB}
2012-04-03 17:43 - 2012-02-18 08:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{64172DC4-FD22-4A36-9BDE-85AE7A491810}
2012-04-03 06:03 - 2012-04-13 17:03 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-03 05:43 - 2011-06-04 04:11 - 0000000 ____D C:\Users\Brian\AppData\Local\{06635753-CF0B-4CA8-9BBD-6DD53062D59A}
2012-04-03 05:43 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-03 05:42 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-02 16:41 - 2011-11-12 19:01 - 0000000 ____D C:\Users\Brian\AppData\Local\{E5DC8ABE-9443-45A6-936A-C90D3C623607}
2012-03-29 19:17 - 2011-12-14 19:57 - 0000000 ____D C:\Users\Brian\AppData\Local\{42E5591C-E64D-46A5-B6EB-11EA75514341}
2012-03-28 06:21 - 2012-01-30 08:10 - 0000000 ____D C:\Users\Brian\AppData\Local\{63224456-5397-44CF-B8D9-4658D6E95D84}
2012-03-28 06:21 - 2011-10-27 06:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{6E8BBA45-009D-4E1F-A740-EEE3051748B5}
2012-03-27 17:49 - 2011-12-02 07:52 - 0000000 ____D C:\Users\Brian\AppData\Local\{DF6DB0D7-9DD5-4304-841D-C641228C0A75}
2012-03-27 17:49 - 2011-08-24 02:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{269350FE-001F-4A81-BF80-D15B95B3FB2E}
2012-03-27 05:49 - 2011-12-14 19:57 - 0000000 ____D C:\Users\Brian\AppData\Local\{C1A741D7-DECE-4040-8C8F-7023922E18DF}
2012-03-27 05:48 - 2012-02-08 19:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{5F0B9078-1F3F-45B2-8F3B-8FAA7E03D665}
2012-03-26 17:48 - 2012-01-10 17:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{92999ACF-7B74-4334-B9BA-15C8286840F9}
2012-03-26 17:48 - 2011-08-13 15:45 - 0000000 ____D C:\Users\Brian\AppData\Local\{E65D857B-9A26-46F1-89D7-6078E61F52D8}
2012-03-26 05:48 - 2012-02-27 16:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{B58D3454-347E-4A31-A842-E9FB26C44E4B}
2012-03-26 05:48 - 2011-08-13 03:44 - 0000000 ____D C:\Users\Brian\AppData\Local\{04C02060-AD36-4372-8CB9-70BB205BD631}
2012-03-25 12:52 - 2012-04-18 20:52 - 0000000 ____D C:\Users\Brian\Desktop\barcodegen.1d-php5.v4.1.0
2012-03-25 09:56 - 2012-02-09 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{72FF6E7B-7146-40FB-AB52-D75469AFBA90}
2012-03-25 09:56 - 2011-12-15 19:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{101AD169-C7AB-456D-8091-9C1023092759}
2012-03-24 21:55 - 2012-03-23 06:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{811F7F5B-F86B-4F1B-8E9B-43C7D5A72A55}
2012-03-24 21:55 - 2011-12-16 21:17 - 0000000 ____D C:\Users\Brian\AppData\Local\{F75360B4-A91F-49CF-9356-67D2F6424556}
2012-03-24 17:26 - 2011-05-20 17:49 - 14551771 ____A C:\Users\Brian\Desktop\navdat_fixes.csv
2012-03-24 15:21 - 2012-03-20 16:49 - 0000000 ____D C:\Users\Brian\Desktop\webfontkit-20120324-192249
2012-03-24 13:40 - 2011-05-20 17:01 - 0000000 ____D C:\Program Files (x86)\High-Logic FontCreator
2012-03-24 13:40 - 2010-11-20 04:19 - 0616600 ____A (High-Logic B.V.) C:\Windows\SysWOW64\FontInstaller.dll
2012-03-24 13:40 - 2010-05-23 17:53 - 0000000 ____D C:\Users\Brian\Documents\FontCreator
2012-03-24 13:39 - 2012-04-18 20:52 - 0000000 ____D C:\Users\Brian\.swt
2012-03-24 13:15 - 2011-05-20 17:38 - 0000000 __SHD C:\Users\Brian\AppData\Local\ada9e625
2012-03-24 13:11 - 2011-05-20 17:38 - 0000000 ____D C:\Users\Brian\AppData\Local\FontCreator
2012-03-24 13:10 - 2012-04-06 20:37 - 0000000 ____D C:\Users\Brian\AppData\Roaming\FontCreator
2012-03-24 13:03 - 2012-03-24 13:40 - 0000000 ____D C:\Users\Brian\Documents\FontLab
2012-03-24 12:45 - 2010-06-10 16:39 - 0000000 ____A C:\KozMinPro-Light.otf
2012-03-24 11:59 - 2011-10-23 15:48 - 3794736 ____A C:\Users\Brian\KozGoPro-Light.otf
2012-03-24 11:58 - 2012-03-24 12:00 - 0253596 ____A C:\Users\Brian\KozGoPro-Light.ttf
2012-03-24 11:52 - 2012-01-21 11:48 - 0000000 ____D C:\Users\Brian\Desktop\cidmaps
2012-03-24 10:53 - 2012-02-27 19:37 - 0000000 ____D C:\Users\Brian\Desktop\tcpdf_5_9_152
2012-03-24 09:55 - 2012-03-28 06:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{6EAAE920-0163-4E38-AF08-B445C97451A3}
2012-03-24 09:54 - 2011-11-09 15:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{C5441C62-41E6-439B-BEAD-1F1451B2C971}
2012-03-23 18:29 - 2011-11-30 19:51 - 0000000 ____D C:\Users\Brian\AppData\Local\{0942930E-3C7C-4DC0-B13F-C1ACC45BD4ED}
2012-03-23 18:29 - 2011-09-03 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{EA2352FC-A42D-417F-AEAB-4B1EE3784C3E}
2012-03-23 17:01 - 2012-02-17 18:10 - 0001215 ____A C:\Users\Brian\Desktop\outtime.gif
2012-03-23 06:29 - 2012-02-27 16:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{80FC8C95-4FBB-4C7F-8652-7F86866522AB}
2012-03-23 06:29 - 2011-07-13 18:53 - 0000000 ____D C:\Users\Brian\AppData\Local\{BD5C26EC-47CC-405D-AAAF-F31C7918737F}
2012-03-22 18:28 - 2012-02-25 06:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{3A01B8B8-DAE5-4549-A295-B685A2C98BE1}
2012-03-22 18:28 - 2011-09-18 07:44 - 0000000 ____D C:\Users\Brian\AppData\Local\{4979BDC0-F7D2-4802-9931-AE99E0DCED3A}
2012-03-22 11:12 - 2009-06-10 13:28 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-22 06:28 - 2012-03-10 07:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{8C77BF46-03E6-4906-86D5-35A20A5B9E99}
2012-03-22 06:28 - 2012-01-14 07:41 - 0000000 ____D C:\Users\Brian\AppData\Local\{616A3264-B442-4887-B06C-44998EF15239}
2012-03-21 18:28 - 2011-11-11 04:01 - 0000000 ____D C:\Users\Brian\AppData\Local\{801D7352-99EC-4CCE-98F6-A5DD351AD2CE}
2012-03-21 18:28 - 2011-09-25 21:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{EB3CCE80-5B5D-44EC-881B-73B371E5963F}
2012-03-21 06:27 - 2011-12-08 18:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{9FE27505-2024-4102-BE1C-239B44C12A11}
2012-03-21 06:27 - 2011-11-29 19:23 - 0000000 ____D C:\Users\Brian\AppData\Local\{D8890ECB-4AC1-43B6-8579-C9CBB62A2970}


============ 3 Months Modified Files and Folders =============

2012-04-20 16:02 - 2012-04-20 16:02 - 0000000 ____D C:\FRST
2012-04-19 05:59 - 2011-06-06 06:47 - 0062212 ____A C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-19 05:59 - 2011-06-06 06:47 - 0000820 ____A C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-19 05:59 - 2011-06-06 06:40 - 0062212 ____A C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-19 05:58 - 2011-05-20 18:43 - 529891328 __ASH C:\hiberfil.sys
2012-04-19 05:58 - 2009-07-13 20:45 - 0471576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-18 20:53 - 2012-03-24 13:40 - 0000000 ____D C:\Program Files (x86)\High-Logic FontCreator
2012-04-18 20:53 - 2012-01-14 08:18 - 0000000 ____D C:\Program Files (x86)\doubleTwist 2.0
2012-04-18 20:53 - 2012-01-10 18:47 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-18 20:53 - 2011-10-18 15:27 - 0000000 ____D C:\Program Files (x86)\Adobe Story
2012-04-18 20:53 - 2011-09-19 14:21 - 0000000 ____D C:\Program Files (x86)\Cuttermaran
2012-04-18 20:53 - 2011-09-13 19:07 - 0000000 ____D C:\Program Files (x86)\Guide Enricher
2012-04-18 20:53 - 2011-09-13 17:41 - 0000000 ____D C:\Program Files (x86)\For The Record
2012-04-18 20:53 - 2011-07-18 17:47 - 0000000 ____D C:\Program Files (x86)\foobar2000
2012-04-18 20:53 - 2011-07-05 06:22 - 0000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2012-04-18 20:53 - 2011-06-06 06:11 - 0000000 ____D C:\Program Files (x86)\DriverCleanerDotNET
2012-04-18 20:53 - 2011-05-22 08:16 - 0000000 ____D C:\Program Files (x86)\FrostWire
2012-04-18 20:53 - 2011-03-27 07:16 - 0000000 ____D C:\Program Files (x86)\FSBuild
2012-04-18 20:53 - 2011-02-27 18:05 - 0000000 ____D C:\Program Files (x86)\Cities In Motion
2012-04-18 20:53 - 2011-02-12 11:42 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-04-18 20:53 - 2011-02-07 12:42 - 0000000 ____D C:\Program Files (x86)\Fiddler2
2012-04-18 20:53 - 2010-11-17 18:24 - 0000000 ____D C:\Program Files (x86)\FSFDT
2012-04-18 20:53 - 2010-10-17 15:24 - 0000000 ____D C:\Program Files (x86)\Farming Simulator 2011
2012-04-18 20:53 - 2010-10-16 12:20 - 0000000 ____D C:\Fraps
2012-04-18 20:53 - 2010-10-07 07:53 - 0000000 ____D C:\Program Files (x86)\ATCsimulator2
2012-04-18 20:53 - 2010-08-19 17:49 - 0000000 ____D C:\Program Files (x86)\Dtella@Purdue
2012-04-18 20:53 - 2010-07-18 16:50 - 0000000 ____D C:\Program Files (x86)\Freight Tycoon
2012-04-18 20:53 - 2010-07-18 07:24 - 0000000 ____D C:\Program Files (x86)\18 Wheels of Steel American Long Haul
2012-04-18 20:53 - 2010-07-14 17:47 - 0000000 ____D C:\Program Files (x86)\ASE
2012-04-18 20:53 - 2010-07-02 19:19 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-04-18 20:53 - 2010-06-22 19:25 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-04-18 20:53 - 2010-06-21 09:12 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-04-18 20:53 - 2010-06-18 20:16 - 0000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-04-18 20:53 - 2010-06-13 09:41 - 0000000 ____D C:\Program Files (x86)\abcAVI
2012-04-18 20:53 - 2010-06-13 08:31 - 0000000 ____D C:\Program Files (x86)\FS Flight Keeper
2012-04-18 20:53 - 2010-06-10 16:32 - 0000000 ____D C:\Program Files (x86)\Creative
2012-04-18 20:53 - 2010-02-19 19:08 - 0000000 ____D C:\Flight One Software
2012-04-18 20:52 - 2012-03-24 13:11 - 0000000 ____D C:\Users\Brian\AppData\Local\FontCreator
2012-04-18 20:52 - 2012-02-03 18:51 - 0000000 ____D C:\Program Files (x86)\MusicBrainz Picard
2012-04-18 20:52 - 2012-01-10 18:48 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-18 20:52 - 2012-01-10 18:47 - 0000000 ____D C:\Program Files\Bonjour
2012-04-18 20:52 - 2011-12-02 20:33 - 0000000 ____D C:\Users\All Users\SuperFlexibleSynchronizer
2012-04-18 20:52 - 2011-12-02 20:33 - 0000000 ____D C:\ProgramData\SuperFlexibleSynchronizer
2012-04-18 20:52 - 2011-11-19 17:17 - 0000000 ____D C:\Users\Brian\AppData\Roaming\MediaMonkey
2012-04-18 20:52 - 2011-11-19 17:17 - 0000000 ____D C:\Program Files (x86)\MediaMonkey
2012-04-18 20:52 - 2011-11-19 15:37 - 0000000 ____D C:\Users\Brian\AppData\Roaming\MusicBee
2012-04-18 20:52 - 2011-10-28 14:24 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-18 20:52 - 2011-10-27 13:23 - 0000000 ____D C:\Program Files (x86)\Star Alliance TravelDesk
2012-04-18 20:52 - 2011-10-23 19:13 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Beyond Sync
2012-04-18 20:52 - 2011-10-22 21:01 - 0000000 ____D C:\Program Files (x86)\Ski Region Simulator 2012
2012-04-18 20:52 - 2011-10-22 16:34 - 0000000 ____D C:\Program Files (x86)\TVersity Codec Pack
2012-04-18 20:52 - 2011-10-22 11:18 - 0000000 ____D C:\Users\Brian\AppData\Local\LogMeIn Hamachi
2012-04-18 20:52 - 2011-10-16 16:42 - 0000000 ____D C:\Program Files (x86)\XBMC
2012-04-18 20:52 - 2011-09-26 07:41 - 0000000 ____D C:\Users\Brian\AppData\Roaming\AVG2012DIS
2012-04-18 20:52 - 2011-09-26 07:41 - 0000000 ____D C:\Users\All Users\AVG2012DIS
2012-04-18 20:52 - 2011-09-26 07:41 - 0000000 ____D C:\ProgramData\AVG2012DIS
2012-04-18 20:52 - 2011-09-19 16:23 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Cuttermaran
2012-04-18 20:52 - 2011-09-11 19:49 - 0000000 ____D C:\Program Files (x86)\Windows Virtual PC
2012-04-18 20:52 - 2011-08-23 16:09 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-04-18 20:52 - 2011-08-23 16:04 - 0000000 ____D C:\Program Files\Microsoft IntelliType Pro
2012-04-18 20:52 - 2011-07-28 05:43 - 0000000 ____D C:\Program Files\KeyLemon
2012-04-18 20:52 - 2011-07-28 05:43 - 0000000 ____D C:\Program Files (x86)\Shareaza
2012-04-18 20:52 - 2011-07-11 08:07 - 0000000 ____D C:\Program Files (x86)\XAcars for MSFS
2012-04-18 20:52 - 2011-06-01 10:57 - 0000000 ____D C:\Users\Brian\Desktop\nvidiaInspector
2012-04-18 20:52 - 2011-05-28 21:11 - 0000000 ____D C:\Users\All Users\Easybits GO
2012-04-18 20:52 - 2011-05-28 21:11 - 0000000 ____D C:\ProgramData\Easybits GO
2012-04-18 20:52 - 2011-05-21 06:41 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-18 20:52 - 2011-05-20 16:39 - 0000000 ____D C:\users\Administrator
2012-04-18 20:52 - 2011-05-20 16:37 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-18 20:52 - 2011-05-20 16:37 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-04-18 20:52 - 2011-05-20 04:15 - 0000000 ___RD C:\Users\Administrator\Virtual Machines
2012-04-18 20:52 - 2011-05-20 04:15 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\ICAClient
2012-04-18 20:52 - 2011-05-20 04:15 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\ArcSoft
2012-04-18 20:52 - 2011-05-19 15:20 - 0000000 ____D C:\Users\All Users\KeyLemon
2012-04-18 20:52 - 2011-05-19 15:20 - 0000000 ____D C:\ProgramData\KeyLemon
2012-04-18 20:52 - 2011-05-09 18:12 - 0000000 ____D C:\Program Files (x86)\x264vfw
2012-04-18 20:52 - 2011-04-26 07:43 - 0000000 ____D C:\Users\Brian\AppData\Local\KeyLemon
2012-04-18 20:52 - 2011-04-20 15:45 - 0000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-04-18 20:52 - 2011-04-16 15:15 - 0000000 ____D C:\Program Files\SyncToy 2.1
2012-04-18 20:52 - 2011-03-21 05:31 - 0000000 ____D C:\Users\Brian\AppData\Roaming\IObit
2012-04-18 20:52 - 2011-03-06 18:48 - 0000000 ____D C:\Users\Brian\AppData\Roaming\gtk-2.0
2012-04-18 20:52 - 2011-02-26 20:32 - 0000000 ____D C:\Users\Brian\AppData\Local\OutSync
2012-04-18 20:52 - 2011-02-26 20:29 - 0000000 ____D C:\Program Files (x86)\OutSync
2012-04-18 20:52 - 2011-02-25 16:31 - 0000000 ____D C:\Program Files\Media Player Classic - Home Cinema
2012-04-18 20:52 - 2011-02-25 08:12 - 0000000 ____D C:\Users\Brian\AppData\Roaming\ICAClient
2012-04-18 20:52 - 2011-02-07 20:14 - 0000000 ____D C:\Users\Brian\AppData\Roaming\mIRC
2012-04-18 20:52 - 2011-02-07 20:14 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-04-18 20:52 - 2011-01-22 04:50 - 0000000 ____D C:\Users\Brian\Desktop\FS2Crew_IFLY737NG_BUTTON
2012-04-18 20:52 - 2011-01-16 14:25 - 0000000 ____D C:\Program Files (x86)\PuTTY
2012-04-18 20:52 - 2011-01-10 15:40 - 0000000 ____D C:\Users\Brian\Desktop\AS_FSFK_310
2012-04-18 20:52 - 2010-12-10 17:10 - 0000000 ____D C:\Users\All Users\TechSmith
2012-04-18 20:52 - 2010-12-10 17:10 - 0000000 ____D C:\ProgramData\TechSmith
2012-04-18 20:52 - 2010-12-05 12:11 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Winamp
2012-04-18 20:52 - 2010-12-05 12:11 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
2012-04-18 20:52 - 2010-12-05 12:11 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-04-18 20:52 - 2010-11-30 09:12 - 0000000 ____D C:\Users\Brian\AppData\Local\IceChat
2012-04-18 20:52 - 2010-11-30 09:11 - 0000000 ____D C:\Program Files (x86)\IceChat7
2012-04-18 20:52 - 2010-11-19 21:05 - 0000000 ____D C:\Program Files (x86)\Last.fm
2012-04-18 20:52 - 2010-10-06 14:02 - 0000000 ____D C:\Program Files (x86)\IObit
2012-04-18 20:52 - 2010-10-05 06:35 - 0000000 ____D C:\Program Files (x86)\United TravelDesk
2012-04-18 20:52 - 2010-09-25 06:12 - 0000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V
2012-04-18 20:52 - 2010-09-22 14:24 - 0000000 ____D C:\Users\Brian\AppData\Local\V-Safe 100
2012-04-18 20:52 - 2010-09-21 13:34 - 0000000 ____D C:\Program Files\TrueCrypt
2012-04-18 20:52 - 2010-09-20 06:24 - 0000000 ____D C:\Program Files\Google
2012-04-18 20:52 - 2010-08-19 17:49 - 0000000 ____D C:\Program Files\ApexDC++
2012-04-18 20:52 - 2010-08-09 13:18 - 0000000 ____D C:\Users\Brian\AppData\Local\Autobahn
2012-04-18 20:52 - 2010-08-02 21:56 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-18 20:52 - 2010-08-02 21:56 - 0000000 ____D C:\Users\All Users\Skype
2012-04-18 20:52 - 2010-08-02 21:56 - 0000000 ____D C:\ProgramData\Skype
2012-04-18 20:52 - 2010-07-21 10:28 - 0000000 ____D C:\Program Files (x86)\PosteRazor
2012-04-18 20:52 - 2010-07-18 16:58 - 0000000 ____D C:\Users\Brian\Desktop\Freight_Tycoon_Vista_PatchNEW
2012-04-18 20:52 - 2010-07-07 20:29 - 0000000 ____D C:\Program Files (x86)\Mad Scientist Productions
2012-04-18 20:52 - 2010-07-07 19:02 - 0000000 ____D C:\Program Files (x86)\PdaNet for Android
2012-04-18 20:52 - 2010-07-06 07:55 - 0000000 ____D C:\Users\Brian\Desktop\ACSim
2012-04-18 20:52 - 2010-07-03 09:33 - 0000000 ____D C:\Program Files (x86)\MKVtoolnix
2012-04-18 20:52 - 2010-06-18 20:39 - 0000000 ____D C:\Program Files (x86)\ImgBurn
2012-04-18 20:52 - 2010-06-18 20:29 - 0000000 ____D C:\Users\Brian\AppData\Roaming\vlc
2012-04-18 20:52 - 2010-06-18 20:19 - 0000000 ____D C:\Program Files\MediaInfo
2012-04-18 20:52 - 2010-06-13 18:19 - 0000000 ____D C:\Users\All Users\nHancer
2012-04-18 20:52 - 2010-06-13 18:19 - 0000000 ____D C:\ProgramData\nHancer
2012-04-18 20:52 - 2010-06-13 18:19 - 0000000 ____D C:\Program Files\nHancer
2012-04-18 20:52 - 2010-06-13 16:06 - 0000000 ____D C:\Users\Brian\AppData\Roaming\AVG9DIS
2012-04-18 20:52 - 2010-06-13 08:49 - 0000000 ____D C:\Program Files (x86)\Real Environment Xtreme FS2004
2012-04-18 20:52 - 2010-06-13 07:54 - 0000000 ____D C:\Program Files (x86)\Xvid
2012-04-18 20:52 - 2010-06-13 07:28 - 0000000 ____D C:\Program Files (x86)\PHP
2012-04-18 20:52 - 2010-06-13 06:23 - 0000000 ____D C:\Program Files (x86)\TWRTrainer
2012-04-18 20:52 - 2010-06-11 08:43 - 0000000 ____D C:\Program Files (x86)\WinFast
2012-04-18 20:52 - 2010-06-11 07:16 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-18 20:52 - 2010-06-11 07:16 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-18 20:52 - 2010-06-11 07:15 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-18 20:52 - 2010-06-11 07:07 - 0000000 ____D C:\Users\All Users\Sony
2012-04-18 20:52 - 2010-06-11 07:07 - 0000000 ____D C:\ProgramData\Sony
2012-04-18 20:52 - 2010-06-10 18:48 - 0000000 ____D C:\Program Files (x86)\SpamBayes
2012-04-18 20:52 - 2010-06-10 17:14 - 0000000 ____D C:\Program Files (x86)\Vuze
2012-04-18 20:52 - 2010-06-10 16:56 - 0000000 ____D C:\Program Files\WinRAR
2012-04-18 20:52 - 2010-06-10 16:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-18 20:52 - 2010-06-10 16:36 - 0000000 ____D C:\Program Files\Creative
2012-04-18 20:52 - 2010-06-10 16:30 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-18 20:52 - 2010-06-10 16:26 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-18 20:52 - 2010-06-10 16:26 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-18 20:52 - 2010-06-10 16:18 - 0000000 ____D C:\Users\All Users\AVG9Dis
2012-04-18 20:52 - 2010-06-10 16:18 - 0000000 ____D C:\ProgramData\AVG9Dis
2012-04-18 20:52 - 2010-05-10 11:51 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Azureus
2012-04-18 20:52 - 2010-04-24 07:40 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Facebook
2012-04-18 20:52 - 2010-03-11 11:05 - 0000000 ____D C:\Users\Brian\AppData\Local\VAToceanic
2012-04-18 20:52 - 2010-03-10 20:18 - 0000000 ____D C:\Users\Brian\.SunDownloadManager
2012-04-18 20:52 - 2010-03-10 20:09 - 0000000 ____D C:\Users\Brian\Desktop\ProjectX
2012-04-18 20:52 - 2010-03-01 12:42 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Skype
2012-04-18 20:52 - 2010-02-24 12:20 - 0000000 ____D C:\Users\Brian\AppData\Roaming\motorola
2012-04-18 20:52 - 2010-02-21 13:37 - 0000000 ____D C:\Users\Brian\AppData\Roaming\FS2Crew2010
2012-04-18 20:52 - 2010-02-20 11:13 - 0000000 ____D C:\Users\Brian\Desktop\FSNav
2012-04-18 20:52 - 2010-02-19 11:53 - 0000000 ____D C:\Users\Brian\Desktop\erj_with_SP2
2012-04-18 20:52 - 2010-02-19 11:42 - 0000000 ____D C:\Users\Brian\Desktop\Backup
2012-04-18 20:52 - 2010-02-16 17:24 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Move Networks
2012-04-18 20:52 - 2010-02-16 17:24 - 0000000 ____D C:\Users\Brian\AppData\Local\ComcastAccess
2012-04-18 20:52 - 2010-02-10 10:12 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Songbird2
2012-04-18 20:52 - 2010-02-08 14:08 - 0000000 ____D C:\Users\Brian\AppData\Roaming\dvdcss
2012-04-18 20:52 - 2010-02-07 08:42 - 0000000 ____D C:\Program Files (x86)\VRC
2012-04-18 20:52 - 2010-02-06 11:27 - 0000000 ____D C:\Users\Brian\AppData\Local\Downloaded Installations
2012-04-18 20:52 - 2010-02-06 10:34 - 0000000 ____D C:\Users\Brian\AppData\Roaming\TS3Client
2012-04-18 20:52 - 2010-02-06 08:09 - 0000000 ____D C:\Users\Brian\AppData\Roaming\ArcSoft
2012-04-18 20:52 - 2010-02-06 00:07 - 0000000 ____D C:\Users\Brian\AppData\Roaming\gSyncit
2012-04-18 20:52 - 2010-02-05 23:54 - 0000000 ____D C:\Users\Brian\AppData\Roaming\SpamBayes
2012-04-18 20:52 - 2010-02-05 23:14 - 0000000 ____D C:\Users\Brian\Desktop\BeSweetv1.4
2012-04-18 20:52 - 2010-02-05 23:13 - 0000000 ____D C:\Users\Brian\Desktop\AdvancedAIModv0.95
2012-04-18 20:52 - 2010-02-05 23:07 - 0000000 ____D C:\Users\Brian\AppData\Local\NeoSmart_Technologies
2012-04-18 20:52 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-18 20:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-18 20:52 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-18 20:52 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-18 20:52 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-18 20:51 - 2012-03-24 15:21 - 0000000 ____D C:\Users\Brian\Desktop\webfontkit-20120324-192249
2012-04-18 20:51 - 2011-10-22 21:01 - 0000000 ____D C:\Users\Brian\Desktop\SkiRegionSimulator2012_ENGLISH
2012-04-18 20:51 - 2011-09-11 16:45 - 0000000 ____D C:\Users\Brian\Desktop\tower
2012-04-18 20:51 - 2011-05-26 06:01 - 0000000 ____D C:\Users\Brian\Desktop\Tower SP1
2012-04-18 20:51 - 2011-05-24 10:22 - 0000000 ____D C:\Windows\Minidump
2012-04-18 20:51 - 2011-05-20 20:02 - 0000000 ____D C:\users\UpdatusUser
2012-04-18 20:51 - 2011-05-20 16:39 - 0000000 ____D C:\users\Brian
2012-04-18 20:51 - 2011-05-20 16:37 - 0000000 ____D C:\Windows\System32\data
2012-04-18 20:51 - 2011-04-27 10:20 - 0000000 ___SD C:\Users\Brian\Documents\My Shapes
2012-04-18 20:51 - 2011-04-20 10:39 - 0000000 ____D C:\Users\Brian\Documents\My Setups
2012-04-18 20:51 - 2011-03-25 03:32 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-18 20:51 - 2011-02-27 18:05 - 0000000 ____D C:\Users\Brian\Documents\Cities In Motion
2012-04-18 20:51 - 2011-02-07 12:43 - 0000000 ____D C:\Users\Brian\Documents\Fiddler2
2012-04-18 20:51 - 2011-01-09 21:00 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-18 20:51 - 2010-10-31 08:07 - 0000000 ____D C:\Users\Brian\Desktop\TW_WORLD_OF_SUBWAYS_VOL2
2012-04-18 20:51 - 2010-10-07 07:53 - 0000000 ____D C:\Windows\lhsp
2012-04-18 20:51 - 2010-09-16 08:10 - 0000000 ___SD C:\Users\Brian\Documents\My Data Sources
2012-04-18 20:51 - 2010-09-15 19:05 - 0000000 ___RD C:\Users\Brian\Documents\My Dropbox
2012-04-18 20:51 - 2010-08-03 10:51 - 0000000 ___RD C:\Users\Brian\Virtual Machines
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\zh-TW
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\zh-CN
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\tr-TR
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\th-TH
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\sv-SE
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\ru-RU
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\ro-RO
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\pt-PT
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\pt-BR
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\pl-PL
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\nb-NO
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\ko-KR
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\ja-JP
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\it-IT
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\hu-HU
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\he-IL
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\fr-FR
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\es-ES
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\el-GR
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\de-DE
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\da-DK
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\cs-CZ
2012-04-18 20:51 - 2010-08-03 10:42 - 0000000 ____D C:\Windows\System32\Drivers\ar-SA
2012-04-18 20:51 - 2010-06-13 08:29 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-18 20:51 - 2010-04-20 08:18 - 0000000 ____D C:\Users\Brian\Documents\ZHU
2012-04-18 20:51 - 2010-02-06 13:02 - 0000000 ___AD C:\Users\Brian\Downloads\Patched AMTLib x64
2012-04-18 20:51 - 2010-02-06 12:46 - 0000000 ___RD C:\Users\Brian\Documents\Scanned Documents
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\VATUSA
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\Servinfo
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\New VCA files
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\FS Flight Keeper
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\Command and Conquer Generals Zero Hour Data
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\Command and Conquer Generals Data
2012-04-18 20:51 - 2010-02-06 07:54 - 0000000 ____D C:\Users\Brian\Documents\Battlefield 2
2012-04-18 20:51 - 2010-02-06 07:39 - 0000000 ____D C:\Users\Brian\Documents\My Received Files
2012-04-18 20:51 - 2010-02-06 00:36 - 0000000 ____D C:\Users\Brian\Documents\ZAK
2012-04-18 20:51 - 2010-02-06 00:20 - 0000000 ____D C:\Users\Brian\Documents\Avsim
2012-04-18 20:51 - 2010-02-06 00:18 - 0000000 ____D C:\Users\Brian\Documents\America's Army Server Setups
2012-04-18 20:51 - 2010-02-06 00:17 - 0000000 ____D C:\Users\Brian\Documents\afcad221
2012-04-18 20:51 - 2010-02-05 23:15 - 0000000 ____D C:\Users\Brian\Desktop\woains24
2012-04-18 20:51 - 2010-02-05 23:15 - 0000000 ____D C:\Users\Brian\Desktop\Split
2012-04-18 20:51 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-04-18 20:51 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-18 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-18 20:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-18 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-18 20:50 - 2011-05-20 16:37 - 0000000 ____D C:\Windows\SysWOW64\data
2012-04-18 20:50 - 2011-04-20 09:56 - 0000000 ____D C:\Windows\VCA FS Flight Keeper
2012-04-18 20:50 - 2010-12-10 17:10 - 0000000 ____D C:\Windows\SysWOW64\QuickTime
2012-04-18 20:50 - 2010-06-11 08:42 - 0000000 ____D C:\Windows\SysWOW64\WinFast
2012-04-18 20:50 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-18 20:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-18 19:51 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-18 08:38 - 2011-06-06 07:28 - 1824444 ____A C:\Windows\ntbtlog.txt
2012-04-17 17:25 - 2011-05-20 18:35 - 1212738 ____A C:\Windows\WindowsUpdate.log
2012-04-17 17:24 - 2010-06-10 18:38 - 0000000 ____D C:\Users\Brian\Documents\Outlook Files
2012-04-17 17:16 - 2010-06-18 10:03 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-17 17:03 - 2012-04-03 05:43 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-17 16:54 - 2011-03-06 17:08 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000UA.job
2012-04-17 16:36 - 2012-03-24 13:15 - 0000000 __SHD C:\Users\Brian\AppData\Local\ada9e625
2012-04-17 15:54 - 2011-03-06 17:08 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000Core.job
2012-04-17 14:05 - 2012-04-15 11:03 - 0005257 ____A C:\Users\Brian\ovpntray.log
2012-04-17 13:50 - 2012-04-17 13:50 - 0001211 ____A C:\Users\Brian\Desktop\Farming Simulator 2011 Platinum Edition.lnk
2012-04-17 13:50 - 2012-04-17 13:50 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-17 13:49 - 2012-04-17 13:49 - 0000000 ____D C:\Windows\system64
2012-04-17 13:49 - 2012-04-17 13:49 - 0000000 ____A C:\Users\Brian\AppData\Roaming\ydlmp.txt
2012-04-17 13:16 - 2010-10-20 05:54 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-17 13:16 - 2010-10-20 05:54 - 0000000 ____D C:\ProgramData\MFAData
2012-04-17 09:41 - 2010-09-20 06:24 - 0000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-04-17 07:55 - 2012-04-17 07:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{DEBCEFBD-EEBF-4D7A-B716-73556272C5DA}
2012-04-17 07:55 - 2012-04-17 07:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{CCDC919A-373F-40A6-A5C5-CBEC73EDC343}
2012-04-17 07:55 - 2010-10-13 20:23 - 0000000 ____D C:\Users\Brian\AppData\Local\Windows Live
2012-04-17 06:06 - 2011-09-12 17:11 - 0000000 ___RD C:\Users\Brian\DropBox
2012-04-17 06:06 - 2010-09-15 19:04 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Dropbox
2012-04-17 06:05 - 2010-02-06 00:13 - 0000000 ____D C:\Users\Brian\Tracing
2012-04-17 06:04 - 2010-10-20 06:08 - 0000406 ____A C:\Windows\Tasks\AutoSmartDefrag.job
2012-04-17 06:04 - 2010-06-18 10:03 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-17 05:52 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-17 05:52 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-17 05:45 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-17 05:44 - 2011-05-22 05:46 - 19832669 ____A C:\Windows\setupact.log
2012-04-16 20:10 - 2010-03-12 09:41 - 0000000 ____D C:\Users\Brian\AppData\Roaming\ApexDC++
2012-04-16 20:10 - 2010-03-12 09:41 - 0000000 ____D C:\Users\Brian\AppData\Local\ApexDC++
2012-04-16 19:55 - 2012-04-16 19:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{4D8D7938-1296-44C8-B74A-0C4855F825E6}
2012-04-16 19:55 - 2012-04-16 19:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{2BBA2681-DA6F-4134-90C6-61230A5B2CF1}
2012-04-16 08:09 - 2010-02-06 00:29 - 0002142 ___AH C:\Users\Brian\Documents\Default.rdp
2012-04-16 08:06 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-16 07:54 - 2012-04-16 07:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{FD4638C4-F8A8-486C-97A8-30533E08E2CF}
2012-04-16 07:54 - 2012-04-16 07:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{65FF7717-64FC-4880-ABDF-915415C59908}
2012-04-15 19:54 - 2012-04-15 19:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{DC9C6E5A-F3D5-4F12-87BC-B212318617DF}
2012-04-15 19:54 - 2012-04-15 19:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{530C659E-19C5-4794-9F86-19E75BBA8586}
2012-04-15 11:03 - 2012-04-15 11:03 - 0002309 ____A C:\Users\All Users\Start Menu\Programs\Startup\OpenVPN Connect.lnk
2012-04-15 11:03 - 2012-04-15 11:03 - 0000255 ____A C:\Users\Brian\openvpn-connect.json
2012-04-15 11:02 - 2012-04-15 11:02 - 0000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2012-04-15 09:30 - 2012-04-15 09:30 - 19046064 ____A (GIANTS Software ) C:\Users\Brian\Desktop\FarmingSimulator2011Patch2.2EN.exe
2012-04-15 07:54 - 2012-04-15 07:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{44E0B2DE-D13A-4710-AE08-952B9EC21B2E}
2012-04-15 07:54 - 2012-04-15 07:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{0DDC92D4-DEA4-4EBB-B511-3FCDCC757AEB}
2012-04-15 07:46 - 2012-04-15 07:46 - 0000000 ____D C:\Users\Brian\AppData\Local\{E7078753-4CCD-46C6-9C96-172AE88D5440}
2012-04-15 07:46 - 2012-04-15 07:45 - 0000000 ____D C:\Users\Brian\AppData\Local\{9422CA27-354C-4678-95C7-D0DEDCEE7233}
2012-04-14 07:14 - 2011-10-22 16:37 - 0124857 ____A C:\Windows\SysWOW64\TVersityMediaServer.log
2012-04-14 07:09 - 2012-04-06 21:16 - 0000000 ____D C:\Users\Brian\Documents\Purdue Flight Ops
2012-04-14 06:29 - 2012-04-14 06:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{DD0ABFF6-7111-4700-939A-F7ED736B5016}
2012-04-14 06:29 - 2012-04-14 06:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{82B01F8B-DFF0-4D1B-AEE2-74F7766B554D}
2012-04-13 18:03 - 2012-04-13 17:54 - 188185647 ____A ( ) C:\Users\Brian\Desktop\cimusa.exe
2012-04-13 17:03 - 2012-04-03 06:03 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 17:03 - 2012-04-03 05:42 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 17:03 - 2011-05-17 14:59 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 05:52 - 2012-04-13 05:52 - 0000000 ____D C:\Users\Brian\AppData\Local\{C4806D32-7601-4FBD-98DF-CA69B5CC4BE2}
2012-04-12 07:48 - 2012-04-12 07:48 - 4169561 ____A C:\Users\Brian\Documents\BSperduto KEWR.pdf
2012-04-12 07:48 - 2012-04-11 15:55 - 4136934 ____A C:\Users\Brian\Documents\Newark Liberty International Airport.docx
2012-04-12 07:10 - 2012-04-12 07:10 - 0000000 ____D C:\Users\Brian\AppData\Local\{E3812914-37CF-4328-857E-12AB62FE42D4}
2012-04-12 07:00 - 2012-04-12 05:38 - 0000000 ____D C:\Users\Brian\Documents\Newark Airport Project
2012-04-12 05:38 - 2010-02-06 07:54 - 3641856 __ASH C:\Users\Brian\Documents\Thumbs.db
2012-04-11 23:09 - 2009-07-13 21:13 - 0799402 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-11 23:06 - 2012-04-11 23:06 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 23:06 - 2012-04-11 23:06 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-11 23:06 - 2011-09-17 10:12 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Spotify
2012-04-11 23:03 - 2011-06-15 00:49 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-11 23:01 - 2011-09-17 10:12 - 0000000 ____D C:\Users\Brian\AppData\Local\Spotify
2012-04-11 19:10 - 2012-04-11 19:10 - 0000000 ____D C:\Users\Brian\AppData\Local\{4706E5AA-9F0F-448C-821D-E893074724E9}
2012-04-11 15:53 - 2010-02-06 22:05 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Audacity
2012-04-11 07:09 - 2012-04-11 07:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{63E538D1-5EBE-4CF1-8E83-AFA4DA041D2E}
2012-04-10 19:09 - 2012-04-10 19:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{05CCF13E-0D2E-429D-BAFE-962E4FC5A9ED}
2012-04-10 07:09 - 2012-04-10 07:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{A9C31DC5-C6CC-4CFC-9031-40C52AA5A51A}
2012-04-09 19:08 - 2012-04-09 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{C279558B-3083-408A-9EC4-9A67CF4ED888}
2012-04-09 07:08 - 2012-04-09 07:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{30CF6652-BECA-4486-BA0E-DAB80347962D}
2012-04-08 19:08 - 2012-04-08 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{9C395963-EF08-494C-BED2-0B5E11854037}
2012-04-08 18:00 - 2010-10-07 06:59 - 0000408 ____A C:\Windows\Tasks\SmartDefrag.job
2012-04-08 08:11 - 2012-04-08 08:10 - 0008309 ____A C:\Users\Brian\Desktop\maint_records.csv
2012-04-08 07:08 - 2012-04-08 07:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{225E2AC8-0C3D-4796-97B7-B7AE28F2EFAF}
2012-04-07 19:07 - 2012-04-07 19:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{0C7E2F79-8C76-441C-939A-A9BAACF7E237}
2012-04-07 07:07 - 2012-04-07 07:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{B7EE0279-00E0-4B5D-83CC-FCF143645483}
2012-04-06 20:37 - 2010-02-06 21:59 - 0000000 ____D C:\Users\Brian\AppData\Roaming\FileZilla
2012-04-06 20:36 - 2012-04-06 20:36 - 3299460 ____A C:\Users\Brian\Desktop\flighttrack.sql
2012-04-06 17:59 - 2012-04-06 17:59 - 0000000 ____D C:\Users\Brian\AppData\Local\{3A4B0053-D993-47AC-9FF6-AFC13C9796D3}
2012-04-06 17:38 - 2012-04-06 17:38 - 0000000 ____D C:\Users\Brian\Desktop\comskip81_035_donators
2012-04-06 05:59 - 2012-04-06 05:59 - 0000000 ____D C:\Users\Brian\AppData\Local\{02A1921C-0012-4FAE-B429-823A4555A4F2}
2012-04-05 17:59 - 2012-04-05 17:59 - 0000000 ____D C:\Users\Brian\AppData\Local\{EAC90848-F151-4C3E-9956-2BF686421C39}
2012-04-05 05:59 - 2012-04-05 05:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{B024B3F4-AA15-4956-A4D4-35F76A11CAE3}
2012-04-04 17:45 - 2012-04-04 17:45 - 0000000 ____D C:\Users\Brian\AppData\Local\{1B3ACD64-1854-446F-BF9C-184D1223D426}
2012-04-04 12:21 - 2012-04-04 12:21 - 0291424 ____A C:\Windows\Minidump\040412-35833-01.dmp
2012-04-04 12:20 - 2011-05-24 10:22 - 857512719 ____A C:\Windows\MEMORY.DMP
2012-04-04 05:44 - 2012-04-04 05:44 - 0000000 ____D C:\Users\Brian\AppData\Local\{B8528F6C-1E7F-4EEB-8696-B2C1D22316EB}
2012-04-03 17:44 - 2012-04-03 17:43 - 0000000 ____D C:\Users\Brian\AppData\Local\{64172DC4-FD22-4A36-9BDE-85AE7A491810}
2012-04-03 05:43 - 2012-04-03 05:43 - 0000000 ____D C:\Users\Brian\AppData\Local\{06635753-CF0B-4CA8-9BBD-6DD53062D59A}
2012-04-02 17:19 - 2011-11-12 09:21 - 0002098 ____A C:\Users\Brian\Desktop\United.pdf.lnk
2012-04-02 16:41 - 2012-04-02 16:41 - 0000000 ____D C:\Users\Brian\AppData\Local\{E5DC8ABE-9443-45A6-936A-C90D3C623607}
2012-03-29 19:17 - 2012-03-29 19:17 - 0000000 ____D C:\Users\Brian\AppData\Local\{42E5591C-E64D-46A5-B6EB-11EA75514341}
2012-03-28 06:52 - 2010-02-05 23:43 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Adobe
2012-03-28 06:21 - 2012-03-28 06:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{6E8BBA45-009D-4E1F-A740-EEE3051748B5}
2012-03-28 06:21 - 2012-03-28 06:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{63224456-5397-44CF-B8D9-4658D6E95D84}
2012-03-27 17:49 - 2012-03-27 17:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{DF6DB0D7-9DD5-4304-841D-C641228C0A75}
2012-03-27 17:49 - 2012-03-27 17:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{269350FE-001F-4A81-BF80-D15B95B3FB2E}
2012-03-27 17:20 - 2011-12-14 18:41 - 0000000 ____D C:\Users\Brian\Documents\PUDC 1
2012-03-27 05:49 - 2012-03-27 05:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{C1A741D7-DECE-4040-8C8F-7023922E18DF}
2012-03-27 05:49 - 2012-03-27 05:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{5F0B9078-1F3F-45B2-8F3B-8FAA7E03D665}
2012-03-26 21:02 - 2012-03-06 18:12 - 0028010 ____A C:\Users\Brian\Desktop\Speaker Critique Form.docx
2012-03-26 17:48 - 2012-03-26 17:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{E65D857B-9A26-46F1-89D7-6078E61F52D8}
2012-03-26 17:48 - 2012-03-26 17:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{92999ACF-7B74-4334-B9BA-15C8286840F9}
2012-03-26 05:48 - 2012-03-26 05:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{B58D3454-347E-4A31-A842-E9FB26C44E4B}
2012-03-26 05:48 - 2012-03-26 05:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{04C02060-AD36-4372-8CB9-70BB205BD631}
2012-03-25 12:52 - 2012-03-25 12:52 - 0000000 ____D C:\Users\Brian\Desktop\barcodegen.1d-php5.v4.1.0
2012-03-25 09:56 - 2012-03-25 09:56 - 0000000 ____D C:\Users\Brian\AppData\Local\{72FF6E7B-7146-40FB-AB52-D75469AFBA90}
2012-03-25 09:56 - 2012-03-25 09:56 - 0000000 ____D C:\Users\Brian\AppData\Local\{101AD169-C7AB-456D-8091-9C1023092759}
2012-03-25 06:38 - 2010-06-10 16:43 - 0249454 ____A C:\Windows\PFRO.log
2012-03-24 21:55 - 2012-03-24 21:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{F75360B4-A91F-49CF-9356-67D2F6424556}
2012-03-24 21:55 - 2012-03-24 21:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{811F7F5B-F86B-4F1B-8E9B-43C7D5A72A55}
2012-03-24 17:26 - 2012-03-24 17:26 - 14551771 ____A C:\Users\Brian\Desktop\navdat_fixes.csv
2012-03-24 15:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-24 15:29 - 2010-02-12 11:41 - 0000000 ____D C:\Users\Brian\AppData\Local\ElevatedDiagnostics
2012-03-24 13:48 - 2012-03-24 13:10 - 0000000 ____D C:\Users\Brian\AppData\Roaming\FontCreator
2012-03-24 13:40 - 2012-03-24 13:40 - 0000000 ____D C:\Users\Brian\Documents\FontCreator
2012-03-24 13:39 - 2012-03-24 13:39 - 0000000 ____D C:\Users\Brian\.swt
2012-03-24 13:10 - 2012-03-24 13:03 - 0000000 ____D C:\Users\Brian\Documents\FontLab
2012-03-24 12:45 - 2012-03-24 12:45 - 0000000 ____A C:\KozMinPro-Light.otf
2012-03-24 12:00 - 2012-03-24 11:59 - 3794736 ____A C:\Users\Brian\KozGoPro-Light.otf
2012-03-24 11:58 - 2012-03-24 11:58 - 0253596 ____A C:\Users\Brian\KozGoPro-Light.ttf
2012-03-24 11:52 - 2012-03-24 11:52 - 0000000 ____D C:\Users\Brian\Desktop\cidmaps
2012-03-24 10:53 - 2012-03-24 10:53 - 0000000 ____D C:\Users\Brian\Desktop\tcpdf_5_9_152
2012-03-24 09:55 - 2012-03-24 09:55 - 0000000 ____D C:\Users\Brian\AppData\Local\{6EAAE920-0163-4E38-AF08-B445C97451A3}
2012-03-24 09:55 - 2012-03-24 09:54 - 0000000 ____D C:\Users\Brian\AppData\Local\{C5441C62-41E6-439B-BEAD-1F1451B2C971}
2012-03-23 18:29 - 2012-03-23 18:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{EA2352FC-A42D-417F-AEAB-4B1EE3784C3E}
2012-03-23 18:29 - 2012-03-23 18:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{0942930E-3C7C-4DC0-B13F-C1ACC45BD4ED}
2012-03-23 17:03 - 2012-03-23 17:01 - 0001215 ____A C:\Users\Brian\Desktop\outtime.gif
2012-03-23 16:59 - 2012-01-28 18:00 - 0000132 ____A C:\Users\Brian\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-23 06:29 - 2012-03-23 06:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{BD5C26EC-47CC-405D-AAAF-F31C7918737F}
2012-03-23 06:29 - 2012-03-23 06:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{80FC8C95-4FBB-4C7F-8652-7F86866522AB}
2012-03-22 18:28 - 2012-03-22 18:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{4979BDC0-F7D2-4802-9931-AE99E0DCED3A}
2012-03-22 18:28 - 2012-03-22 18:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{3A01B8B8-DAE5-4549-A295-B685A2C98BE1}
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-22 06:28 - 2012-03-22 06:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{8C77BF46-03E6-4906-86D5-35A20A5B9E99}
2012-03-22 06:28 - 2012-03-22 06:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{616A3264-B442-4887-B06C-44998EF15239}
2012-03-21 18:28 - 2012-03-21 18:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{EB3CCE80-5B5D-44EC-881B-73B371E5963F}
2012-03-21 18:28 - 2012-03-21 18:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{801D7352-99EC-4CCE-98F6-A5DD351AD2CE}
2012-03-21 06:27 - 2012-03-21 06:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{D8890ECB-4AC1-43B6-8579-C9CBB62A2970}
2012-03-21 06:27 - 2012-03-21 06:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{9FE27505-2024-4102-BE1C-239B44C12A11}
2012-03-20 16:49 - 2010-05-01 07:21 - 0000000 ____D C:\Users\Brian\Desktop\VirtualDub-1.9.9
2012-03-20 14:38 - 2012-03-20 14:38 - 0000000 ____D C:\Users\Brian\AppData\Local\{7640E5E1-432B-4814-812B-D0B8CDF13434}
2012-03-20 14:38 - 2012-03-20 14:38 - 0000000 ____D C:\Users\Brian\AppData\Local\{696262C3-59D2-4F2C-94AE-703FB0AE4130}
2012-03-19 17:28 - 2012-03-19 17:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{BE622B66-96F1-40C7-85E4-57DEA7908C94}
2012-03-19 17:28 - 2012-03-19 17:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{833E192A-6992-4B12-9CDB-F59561574870}
2012-03-19 13:16 - 2010-06-11 07:07 - 0000000 ____D C:\Program Files\Sony
2012-03-19 13:15 - 2010-02-06 12:32 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Sony
2012-03-19 05:28 - 2012-03-19 05:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{E702E850-B7F5-48F3-B6CA-847C80B3DF79}
2012-03-19 05:28 - 2012-03-19 05:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{61F37D48-C002-4BF9-834A-ECC1242D4022}
2012-03-18 11:54 - 2010-11-22 16:00 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2012-03-18 09:34 - 2012-03-18 09:34 - 0000000 ____D C:\Users\Brian\AppData\Local\{B080E5A6-320B-408F-A681-1D7FDF7C0590}
2012-03-18 09:34 - 2012-03-18 09:33 - 0000000 ____D C:\Users\Brian\AppData\Local\{6B0027A6-5E06-4E9F-8622-2D0ABA6EDFCA}
2012-03-17 18:03 - 2012-03-17 18:03 - 0000000 ____D C:\Users\All Users\Mozilla
2012-03-17 18:03 - 2012-03-17 18:03 - 0000000 ____D C:\ProgramData\Mozilla
2012-03-17 17:11 - 2012-03-17 16:22 - 0075264 ____A C:\Users\Brian\Desktop\NAS Form 25.xls
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 ____D C:\Users\Brian\AppData\Local\{D64BC51B-E743-4F66-B42D-D4834ADDC860}
2012-03-17 07:18 - 2012-03-17 07:17 - 0000000 ____D C:\Users\Brian\AppData\Local\{B828366A-BB76-49D7-A090-E5CDC32142CE}
2012-03-16 15:28 - 2012-03-16 15:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{9576EB35-F224-4A2B-AB2C-A7D80933FF36}
2012-03-16 15:27 - 2012-03-16 15:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{4ABC769C-4530-458F-9344-73B8579FF84A}
2012-03-10 19:29 - 2012-03-10 19:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{F6005626-0D6D-4FA9-AC39-81CFBCF41ADE}
2012-03-10 19:29 - 2012-03-10 19:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{45197935-7C91-4263-B36D-6B526054CEE6}
2012-03-10 11:31 - 2012-01-14 08:19 - 0000000 ____D C:\Users\Brian\AppData\Local\doubleTwist Corporation
2012-03-10 07:28 - 2012-03-10 07:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{8C26FA93-2B33-4D39-8657-1A94FC6C1900}
2012-03-10 07:28 - 2012-03-10 07:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{56EC179D-D115-43C6-A0AE-BD09A2B76242}
2012-03-09 18:46 - 2011-02-12 14:14 - 0027184 ____A C:\Users\Brian\Documents\Generic Resume.docx
2012-03-09 17:38 - 2011-05-31 20:17 - 0000000 ____D C:\Users\Brian\AppData\Local\Deployment
2012-03-09 10:37 - 2012-03-09 10:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{96E609B6-04CB-43FC-B5B4-1614444719D9}
2012-03-09 10:37 - 2012-03-09 10:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{3B948F09-F36C-41B3-898A-353404515524}
2012-03-08 22:37 - 2012-03-08 22:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{887B7D87-6D3B-4983-9997-790D9C8B9BDC}
2012-03-08 22:37 - 2012-03-08 22:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{771E84CD-C2A9-4AAD-97CF-D2B5046AF485}
2012-03-08 14:50 - 2012-03-08 14:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 10:37 - 2012-03-08 10:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{9F4931CE-6F79-4327-AAD0-97A324949971}
2012-03-08 10:36 - 2012-03-08 10:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{A9451B5B-98E9-414E-8D55-D222E965DD21}
2012-03-07 19:21 - 2012-03-07 17:55 - 6212096 ____A C:\Users\Brian\Desktop\thesis3 5.doc
2012-03-07 19:19 - 2012-03-07 19:12 - 0440727 ____A C:\Users\Brian\Desktop\Tracey Renfro Thesis.pdf
2012-03-07 19:15 - 2012-03-07 19:13 - 0000162 ___AH C:\Users\Brian\Desktop\~$esis3 5.doc
2012-03-07 19:15 - 2012-03-07 18:59 - 0427157 ____A C:\Users\Brian\Desktop\Thesis.pdf
2012-03-07 19:14 - 2012-03-07 17:55 - 6212096 ____H C:\Users\Brian\Desktop\~WRL0003.tmp
2012-03-07 19:10 - 2012-03-07 19:10 - 0011991 ____A C:\Users\Brian\Desktop\ETDForm9 2.pdf
2012-03-07 19:06 - 2012-03-07 18:58 - 0128493 ____A C:\Users\Brian\Desktop\ETDForm9.pdf
2012-03-07 19:04 - 2012-03-07 19:04 - 0012167 ____A C:\Users\Brian\Desktop\GSForm20.pdf
2012-03-07 18:58 - 2012-03-07 18:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{B2A78C39-5A50-4F70-AA87-43426A84584C}
2012-03-07 18:58 - 2012-03-07 18:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{8F7C80CF-2555-4295-AB60-27A69D9A4B32}
2012-03-07 06:58 - 2012-03-07 06:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{9B07A5FF-8C2F-4FFF-ABB0-EDDD1879794C}
2012-03-07 06:58 - 2012-03-07 06:58 - 0000000 ____D C:\Users\Brian\AppData\Local\{9624E9FC-7E54-488B-8021-90E9539CD28C}
2012-03-06 22:07 - 2011-05-20 19:04 - 0779248 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-06 12:30 - 2012-03-06 12:30 - 0000000 ____D C:\Users\Brian\AppData\Local\{FE680B9E-E27A-46B5-855F-B2CE47FB7986}
2012-03-06 12:30 - 2012-03-06 12:29 - 0000000 ____D C:\Users\Brian\AppData\Local\{893EAD52-C41A-4521-A08B-9F8BECB76064}
2012-03-05 22:53 - 2012-04-11 23:07 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 23:07 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 23:07 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-02 12:05 - 2012-03-02 12:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{7DCF3D72-075A-40BA-A8BF-2A52E2E50422}
2012-03-02 12:05 - 2012-03-02 12:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{17E07DFC-B2F8-4A76-81F4-2E45846B23C2}
2012-03-01 21:16 - 2012-03-01 20:53 - 0030720 ____A C:\Users\Brian\Documents\Statement of Purpose.doc
2012-03-01 19:14 - 2012-03-01 19:14 - 0000000 ____D C:\Users\Brian\AppData\Local\{8EDFA3FE-B0F2-4F7C-996F-B68C8D367F8D}
2012-03-01 19:14 - 2012-03-01 19:14 - 0000000 ____D C:\Users\Brian\AppData\Local\{1DFCFA76-84CC-472C-913C-F0172C02965E}
2012-03-01 07:13 - 2012-03-01 07:13 - 0000000 ____D C:\Users\Brian\AppData\Local\{A44D7066-B692-4807-B0CF-12D67ED9BA8A}
2012-03-01 07:13 - 2012-03-01 07:13 - 0000000 ____D C:\Users\Brian\AppData\Local\{7C188156-4E7E-4712-94C3-828F6B1200D5}
2012-02-29 22:46 - 2012-04-11 23:03 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 23:03 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 23:03 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 23:03 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 23:03 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 23:03 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 23:03 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 19:00 - 2012-02-29 19:00 - 0000000 ____D C:\Users\Brian\AppData\Local\{63FEB4DF-52D1-4D90-9661-E8668D07C781}
2012-02-29 19:00 - 2012-02-29 19:00 - 0000000 ____D C:\Users\Brian\AppData\Local\{54DDF9ED-EA85-40E5-84CD-B0AC4B7910F7}
2012-02-29 06:59 - 2012-02-29 06:59 - 0000000 ____D C:\Users\Brian\AppData\Local\{7C1B9156-7D17-4072-80B0-3D24F248D468}
2012-02-29 06:59 - 2012-02-29 06:59 - 0000000 ____D C:\Users\Brian\AppData\Local\{39760E58-FB49-4096-A2F9-3F9BF98ABD98}
2012-02-29 06:56 - 2012-02-29 06:56 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-02-28 17:31 - 2012-02-28 17:31 - 0000000 ____D C:\Users\Brian\AppData\Local\{A7511BE7-E2A2-4387-A09B-5FABDFE34462}
2012-02-28 17:31 - 2012-02-28 17:30 - 0000000 ____D C:\Users\Brian\AppData\Local\{C892EEDD-5888-40FA-B020-EAC02DF42063}
2012-02-28 05:30 - 2012-02-28 05:30 - 0000000 ____D C:\Users\Brian\AppData\Local\{F5B3A37E-56B3-4753-9F4E-6A1BC7361810}
2012-02-28 05:30 - 2012-02-28 05:30 - 0000000 ____D C:\Users\Brian\AppData\Local\{7F4C0B65-1208-408C-965E-2138164CB033}
2012-02-27 23:34 - 2012-04-11 23:07 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 23:07 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 23:07 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 23:07 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 23:07 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 23:07 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 23:07 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 23:07 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 23:07 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 23:07 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 23:07 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 23:07 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 23:07 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 19:37 - 2012-02-27 19:24 - 0000639 ____A C:\Users\Brian\Desktop\spss.txt
2012-02-27 17:52 - 2012-04-11 23:07 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 23:07 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 23:07 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 23:07 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 23:07 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 23:07 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 23:07 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 23:07 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 23:07 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 23:07 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 23:07 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 23:07 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 23:07 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 16:27 - 2012-02-27 16:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{B53893B4-483D-4C04-8DC6-7A297C1E326A}
2012-02-27 16:27 - 2012-02-27 16:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{80D00758-27CD-4636-86B6-730DC71C4385}
2012-02-26 18:51 - 2012-02-26 18:51 - 0000000 ____D C:\Users\Brian\AppData\Local\{F489D943-C945-4FF3-A4A9-7F787F50898D}
2012-02-26 18:51 - 2012-02-26 18:51 - 0000000 ____D C:\Users\Brian\AppData\Local\{94130B40-B647-4A7D-AA8F-9891D0071929}
2012-02-26 09:50 - 2011-09-12 17:10 - 0000997 ____A C:\Users\Brian\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-26 09:50 - 2011-09-12 17:10 - 0000997 ____A C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-26 06:51 - 2012-02-26 06:51 - 0000000 ____D C:\Users\Brian\AppData\Local\{DCA81948-086B-4D7D-8335-A83DBC8BD319}
2012-02-26 06:50 - 2012-02-26 06:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{4EF686A1-9A8C-48BC-B874-E92B525A9F84}
2012-02-25 18:50 - 2012-02-25 18:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{B106CD0D-8068-421A-A803-4D1AB9A4BD76}
2012-02-25 18:50 - 2012-02-25 18:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{180AAE2D-FE09-440E-9B53-BE8591C0897F}
2012-02-25 07:51 - 2012-02-03 07:40 - 0001964 ____A C:\Users\Brian\Desktop\United TravelDesk.lnk
2012-02-25 06:50 - 2012-02-25 06:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{983B0493-6F86-473C-A23A-29504C876453}
2012-02-25 06:50 - 2012-02-25 06:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{39ABEFB3-7E05-4542-BC08-11C23DFAFD34}
2012-02-24 18:50 - 2012-02-24 18:50 - 0000000 ____D C:\Users\Brian\AppData\Local\{D99449F0-38BD-4EB9-8156-D06882864B9C}
2012-02-24 18:50 - 2012-02-24 18:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{87E5A304-AB67-4845-BCA6-469C29B0C7CC}
2012-02-24 06:49 - 2012-02-24 06:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{FCACEE07-D3DD-4BA7-AF78-F648153C3DEB}
2012-02-24 06:49 - 2012-02-24 06:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{3AB6E1E5-73A0-429F-AF97-ABB14F035341}
2012-02-23 18:49 - 2012-02-23 18:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{60175CE6-B449-44B0-B240-30A8BA0E5FFA}
2012-02-23 18:49 - 2012-02-23 18:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{1FA69E3A-69D8-4F44-94EB-456F91E52FFF}
2012-02-23 06:49 - 2012-02-23 06:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{C5A7335F-9A57-4F60-BABA-78C40CC3F2BD}
2012-02-23 06:49 - 2012-02-23 06:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{B8684A6E-F096-46CE-AD7D-4A9FF1ACA7F7}
2012-02-22 18:49 - 2012-02-22 18:49 - 0000000 ____D C:\Users\Brian\AppData\Local\{3E076DA8-57E1-44F9-BF94-08A1037D1943}
2012-02-22 18:49 - 2012-02-22 18:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{1EB8D02F-023E-4CE2-8206-09FC947E5C0E}
2012-02-22 06:48 - 2012-02-22 06:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{9E854258-EFFC-47D4-AFB6-B4DB163E1732}
2012-02-22 06:48 - 2012-02-22 06:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{9ACC462A-5D8D-4CE9-B40E-4AA0BB4C1079}
2012-02-22 06:35 - 2012-02-22 06:35 - 0187980 ____A C:\Users\Brian\Desktop\Denair Proposal.pptx
2012-02-21 18:48 - 2012-02-21 18:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{E0154593-0024-4C36-BF6C-8A6789955C00}
2012-02-21 18:48 - 2012-02-21 18:48 - 0000000 ____D C:\Users\Brian\AppData\Local\{AEC1B36F-A4DA-4D66-B55F-3BA1CBDAE92B}
2012-02-21 06:47 - 2012-02-21 06:47 - 0000000 ____D C:\Users\Brian\AppData\Local\{68AD088B-A9CE-42EF-A805-6B0526864262}
2012-02-21 06:47 - 2012-02-21 06:47 - 0000000 ____D C:\Users\Brian\AppData\Local\{17C2D4FE-E381-407D-9D42-5C2696C1B68B}
2012-02-20 19:09 - 2012-02-20 19:09 - 0335872 ____A C:\Users\Brian\Documents\OUTPUT.ppt
2012-02-20 18:31 - 2012-02-20 18:31 - 0139058 ____A C:\Users\Brian\Desktop\Graded homework.pdf
2012-02-20 18:07 - 2012-02-20 18:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{FF2247A9-1EBD-4760-BAE3-309C77F22F34}
2012-02-20 18:07 - 2012-02-20 18:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{54CAC601-27BC-4E27-B81E-7F8D223BD088}
2012-02-20 06:06 - 2012-02-20 06:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{58B37BA8-86C0-4CF1-BAE8-0EABDD280A8B}
2012-02-20 06:06 - 2012-02-20 06:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{31AF2A48-3B91-4305-8935-907979EEE16A}
2012-02-19 17:29 - 2012-02-19 17:24 - 0503808 ____A C:\Users\Brian\Documents\Database3.accdb
2012-02-19 17:24 - 2012-02-19 17:24 - 0204696 ____A C:\Users\Brian\Desktop\Copy of top 200.xlsx
2012-02-19 16:37 - 2012-02-19 16:37 - 0000000 ____D C:\Users\Brian\.realobjects
2012-02-19 15:11 - 2012-02-19 15:11 - 0000000 ____D C:\Users\Brian\Desktop\dcs7110_manual_100
2012-02-19 08:22 - 2012-02-19 08:22 - 0000000 ____D C:\Users\Brian\AppData\Local\{D30342D2-F14A-4DC0-BA2B-87992797418D}
2012-02-19 08:22 - 2012-02-19 08:22 - 0000000 ____D C:\Users\Brian\AppData\Local\{1DE86D1C-F277-4320-B3B9-CC3137056B65}
2012-02-18 20:21 - 2012-02-18 20:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{8D7783D1-6CE8-4476-9DA5-F73C13F344FB}
2012-02-18 20:21 - 2012-02-18 20:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{5E4514E0-06C2-4B61-842D-AE068BDBF4CE}
2012-02-18 08:21 - 2012-02-18 08:21 - 0000000 ____D C:\Users\Brian\AppData\Local\{34B737F7-BF53-482A-B78A-D5C72F31B43E}
2012-02-18 08:21 - 2012-02-18 08:20 - 0000000 ____D C:\Users\Brian\AppData\Local\{6405C46A-7166-4E9A-8DD9-955C9C45E1D6}
2012-02-17 19:39 - 2012-02-17 19:39 - 0000000 ____D C:\Users\Brian\AppData\Local\{DCA64202-6089-46C0-BA51-0CB1C7047D23}
2012-02-17 19:39 - 2012-02-17 19:39 - 0000000 ____D C:\Users\Brian\AppData\Local\{9426AFD3-2A9D-44C6-8FF2-0A3106482996}
2012-02-17 18:10 - 2012-02-17 18:10 - 21804384 ____A C:\Users\Brian\Desktop\Output1 [Document1].pdf
2012-02-17 17:27 - 2012-02-17 17:27 - 118610527 ____A C:\Users\Brian\Desktop\N592PU.sav
2012-02-17 07:37 - 2012-02-17 07:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{8BC27F9A-65D5-400B-A965-F40925D00E17}
2012-02-17 07:36 - 2012-02-17 07:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{0FD2CF57-E88B-4D61-B385-5A0278A589FC}
2012-02-16 22:38 - 2012-03-13 10:46 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 10:46 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 10:46 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 10:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 18:37 - 2012-02-16 18:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{C62B6929-2A95-4338-AE0F-157F659D6EF8}
2012-02-16 18:37 - 2012-02-16 18:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{2526F94E-9547-4795-A89D-A892385D3E1F}
2012-02-16 06:37 - 2012-02-16 06:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{5D5B29C6-41BD-4EF5-8DFB-3E90B20D3371}
2012-02-16 06:37 - 2012-02-16 06:37 - 0000000 ____D C:\Users\Brian\AppData\Local\{1AAED68B-FAEF-47A4-9830-E74464FE8445}
2012-02-16 05:12 - 2006-12-31 21:27 - 0000174 ___SH C:\Users\Brian\Start Menu\Programs\Startup\desktop.ini
2012-02-16 05:12 - 2006-12-31 21:27 - 0000174 ___SH C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 00:26 - 2010-06-10 19:13 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 19:56 - 2011-09-13 19:07 - 0000000 ____D C:\tvdblibcache
2012-02-15 18:36 - 2012-02-15 18:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{5DCC582F-15F5-4950-AA90-7B0D3E958CB7}
2012-02-15 18:36 - 2012-02-15 18:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{1980E2E7-8D7A-4A11-8504-AAE49EC84351}
2012-02-15 06:36 - 2012-02-15 06:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{9730F7CF-5A15-4A19-8401-047D65902699}
2012-02-15 06:36 - 2012-02-15 06:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{2029C12D-46F5-4D06-9FE2-05E9E51B58CC}
2012-02-14 18:36 - 2012-02-14 18:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{B0A5AB8E-ABBF-4C81-B122-653AF63F0BCE}
2012-02-14 18:36 - 2012-02-14 18:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{53D9A802-058F-4DD4-8EC1-2AE506346839}
2012-02-14 08:09 - 2012-02-14 08:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-14 06:35 - 2012-02-14 06:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{ECA1B3E3-D846-4079-93CA-B894C0C68062}
2012-02-14 06:35 - 2012-02-14 06:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{0AEB83DD-F8BC-4779-8483-4B9FA5FC729D}
2012-02-13 18:35 - 2012-02-13 18:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{CB70740F-C6E5-4E39-8260-9921EB049E98}
2012-02-13 18:35 - 2012-02-13 18:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{C946814B-7C71-49F7-BD0C-233F4EA213D0}
2012-02-13 06:34 - 2012-02-13 06:34 - 0000000 ____D C:\Users\Brian\AppData\Local\{B31FC454-F758-4646-A4D4-042B24D37DB1}
2012-02-13 06:34 - 2012-02-13 06:34 - 0000000 ____D C:\Users\Brian\AppData\Local\{95D91E2A-8741-43E7-AB97-10AC65C8F1CA}
2012-02-12 13:28 - 2012-02-12 13:28 - 0000000 ____D C:\Users\Brian\AppData\Local\{27C4D9AA-7F41-4399-BC6F-DD2E4B5DCBDC}
2012-02-12 13:28 - 2012-02-12 13:27 - 0000000 ____D C:\Users\Brian\AppData\Local\{B8026E74-89EA-47E7-A589-035F70C4EE07}
2012-02-10 15:15 - 2012-02-10 15:15 - 0000000 ____D C:\Users\Brian\AppData\Local\{2D5DDE89-E89B-40D9-B7E1-13387FD091BD}
2012-02-10 15:15 - 2012-02-10 15:14 - 0000000 ____D C:\Users\Brian\AppData\Local\{3B944F99-22F2-4209-9A3B-5A91FA83F6C6}
2012-02-09 22:36 - 2012-03-13 14:34 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 14:34 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 19:08 - 2012-02-09 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{7D255B10-C96E-46D8-90E4-2349BCA9738F}
2012-02-09 19:08 - 2012-02-09 19:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{72C8395D-661F-44E9-9048-5203E03F6834}
2012-02-09 07:08 - 2012-02-09 07:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{E160980D-BDBB-46D0-BFB6-2D77678F0A06}
2012-02-09 07:08 - 2012-02-09 07:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{4E96AC62-1896-4244-9C07-AE5DA7C436B4}
2012-02-08 19:07 - 2012-02-08 19:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{EEBEFE87-A199-418C-870A-F50E6AD62909}
2012-02-08 19:07 - 2012-02-08 19:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{5EDED06D-ED0B-4793-BD5B-7D3970865EBF}
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{9F74F549-D770-4DC9-8113-5A39282F9E49}
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{1AD828D2-7929-4AD7-848C-E7CCBCFFD7AC}
2012-02-07 19:06 - 2012-02-07 19:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{3B3B0C30-7961-46B3-B719-9C1FB01A0440}
2012-02-07 19:06 - 2012-02-07 19:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{0DBB76DA-3C29-440A-ABCD-5A8BADFE6D0A}
2012-02-07 07:06 - 2012-02-07 07:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{E0841FC7-A5E2-43B6-A6BC-A78B05D70C51}
2012-02-07 07:06 - 2012-02-07 07:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{A3879D74-38C2-4836-9F89-A2F85D048A98}
2012-02-06 19:06 - 2012-02-06 19:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{6238CAE5-0D77-4315-A383-A2D409C91780}
2012-02-06 19:06 - 2012-02-06 19:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{7A248159-D30F-4F71-9001-861499A346F4}
2012-02-06 07:05 - 2012-02-06 07:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{EC404DBC-310F-4B16-A3C1-BF2122FB1D08}
2012-02-06 07:05 - 2012-02-06 07:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{0E7C17C5-A1FC-414F-BFB0-9506C32B33B3}
2012-02-05 19:05 - 2012-02-05 19:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{B06E6F7D-09EB-4465-817C-5FCE19D9B557}
2012-02-05 19:05 - 2012-02-05 19:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{6CE93CF1-76C6-4D3A-B0F9-B2B4407FB312}
2012-02-05 07:05 - 2012-02-05 07:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{B310EB8B-E98C-4C43-BDAC-1F5D10B554F2}
2012-02-05 07:05 - 2012-02-05 07:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{5AB4FCB9-C76B-4D89-B4BC-0E42B5066004}
2012-02-04 19:04 - 2012-02-04 19:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{95518F29-FFBB-4E23-8562-6DF5FE711009}
2012-02-04 19:04 - 2012-02-04 19:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{759084E8-8755-4683-9E2B-1FCF2C67D617}
2012-02-04 07:04 - 2012-02-04 07:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{49512E80-FFD1-4A0A-84CC-98E5E780D46C}
2012-02-04 07:03 - 2012-02-04 07:03 - 0000000 ____D C:\Users\Brian\AppData\Local\{66E02757-F011-41CE-A8C7-B142E54FB4CD}
2012-02-03 18:14 - 2012-02-03 18:13 - 0000000 ____D C:\Program Files\iTunes
2012-02-03 18:13 - 2012-02-03 18:13 - 0000000 ____D C:\Program Files\iPod
2012-02-03 18:13 - 2011-10-28 14:24 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-03 18:13 - 2011-10-28 14:24 - 0000000 ____D C:\ProgramData\Apple Computer
2012-02-03 06:36 - 2012-02-03 06:36 - 0000000 ____D C:\Users\Brian\AppData\Local\{BFF27E44-B2F0-4D61-8F4A-9B44E9FB2363}
2012-02-03 06:35 - 2012-02-03 06:35 - 0000000 ____D C:\Users\Brian\AppData\Local\{4A03B7A3-E9E6-457B-8885-3EB5B2F5E995}
2012-02-02 20:34 - 2012-03-13 14:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 10:57 - 2012-02-02 10:57 - 0808440 ____A (Gracenote) C:\Windows\SysWOW64\CDDBUI.dll
2012-02-02 10:57 - 2012-02-02 10:57 - 0796152 ____A (Gracenote, Inc.) C:\Windows\SysWOW64\CDDBControl.dll
2012-01-31 20:12 - 2012-01-31 20:12 - 0000000 ____D C:\Users\Brian\AppData\Local\{B1CA5DA8-C3D8-465A-B2C1-8C6551D14B79}
2012-01-31 20:12 - 2012-01-31 08:12 - 0000000 ____D C:\Users\Brian\AppData\Local\{E9875F82-A7B3-481A-8EC5-B9FA915CFC3C}
2012-01-31 08:12 - 2012-01-31 08:12 - 0000000 ____D C:\Users\Brian\AppData\Local\{1472C7CF-AC3E-4D92-B29A-6CFBAD8BEEF0}
2012-01-30 20:11 - 2012-01-30 20:11 - 0000000 ____D C:\Users\Brian\AppData\Local\{460376B8-A652-4956-A1D5-5E77FC07ED85}
2012-01-30 20:11 - 2012-01-30 20:11 - 0000000 ____D C:\Users\Brian\AppData\Local\{26DE8466-F51F-4FB7-AA98-178AA5157A9C}
2012-01-30 08:10 - 2012-01-30 08:10 - 0000000 ____D C:\Users\Brian\AppData\Local\{B329FFE4-25B1-42F2-B1B5-128FB18BC410}
2012-01-30 08:10 - 2012-01-30 08:10 - 0000000 ____D C:\Users\Brian\AppData\Local\{62473E08-BCB1-4B3C-BA87-4F6A073C8AD0}
2012-01-29 20:09 - 2012-01-29 20:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{3F62A48A-99F9-4D45-9A42-8D09C50FBDCF}
2012-01-29 20:09 - 2012-01-29 08:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{7D439F9F-D44B-453C-AB68-DC0B6EA55045}
2012-01-29 19:49 - 2012-01-29 19:49 - 0000000 ____D C:\Users\Brian\AppData\Roaming\rinsebyreal
2012-01-29 19:49 - 2012-01-29 19:49 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Copyright © 2011-2012 RealNetworks
2012-01-29 19:49 - 2012-01-29 19:49 - 0000000 ____D C:\Users\Brian\AppData\Local\IsolatedStorage
2012-01-29 19:45 - 2010-06-10 16:46 - 0000000 ____D C:\Users\Brian\AppData\Roaming\Mozilla
2012-01-29 08:09 - 2012-01-29 08:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{0F2D0522-E331-4919-A1BD-C93DC1BCF403}
2012-01-28 20:51 - 2012-01-28 20:51 - 0000282 ____A C:\Users\Brian\Desktop\0129 SAS.sas
2012-01-28 20:09 - 2012-01-28 20:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{641D0A50-B114-4FE1-B7D3-16A227B364C5}
2012-01-28 20:09 - 2012-01-28 08:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{BEECEE2A-AF21-41F5-A73E-5D92FFC4FD55}
2012-01-28 08:09 - 2012-01-28 08:09 - 0000000 ____D C:\Users\Brian\AppData\Local\{050D7D28-ECF3-4481-8E17-D1AE5EB0A9E2}
2012-01-27 20:08 - 2012-01-27 20:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{E177B09C-8E3A-4503-83F2-EB80ADF6EA2F}
2012-01-27 20:08 - 2012-01-27 08:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{D0E255DA-CA2A-4B8F-A7CA-48870BC8995B}
2012-01-27 08:08 - 2012-01-27 08:08 - 0000000 ____D C:\Users\Brian\AppData\Local\{8ACD21B6-AC9C-4C69-8D53-0787C925C4DB}
2012-01-27 07:14 - 2011-11-28 07:49 - 0076015 ____A C:\Users\Brian\Documents\Generic Resume.pdf
2012-01-26 20:07 - 2012-01-26 20:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{AD077FBC-4F2A-42CC-9B4F-0F2D43EA2C11}
2012-01-26 20:07 - 2012-01-26 08:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{34C485BC-FC34-41F4-AD6C-07C166422A45}
2012-01-26 08:07 - 2012-01-26 08:07 - 0000000 ____D C:\Users\Brian\AppData\Local\{BEE76A0B-7946-48DC-88FE-318866A8DF01}
2012-01-25 20:06 - 2012-01-25 20:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{55F7D538-D4A6-45CC-AD3D-4778448772D6}
2012-01-25 20:06 - 2012-01-25 08:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{6F5E3D4B-7237-487F-A202-DC2EFD13733C}
2012-01-25 08:06 - 2012-01-25 08:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{63C71383-AA4B-405B-8BD5-276A6DB1CC1E}
2012-01-24 22:38 - 2012-03-13 10:46 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 10:46 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 10:46 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 20:06 - 2012-01-24 20:06 - 0000000 ____D C:\Users\Brian\AppData\Local\{99577BCF-91E2-47B8-9EDB-809B3B1FC27C}
2012-01-24 20:06 - 2012-01-24 08:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{83195F59-9642-49E8-94D4-170CFF45602C}
2012-01-24 08:05 - 2012-01-24 08:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{20DC0C34-E85D-453F-AF67-D7D586B7A8FD}
2012-01-23 20:05 - 2012-01-23 20:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{16D39F7C-AE65-44B8-BBD4-8E5F6AC30A64}
2012-01-23 20:05 - 2012-01-23 20:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{1521F8D7-0E66-4C17-BF4A-6B963773C839}
2012-01-23 08:05 - 2012-01-23 08:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{1AD02F8F-F5D6-4725-B2DC-391EC6F2E900}
2012-01-23 08:05 - 2012-01-23 08:05 - 0000000 ____D C:\Users\Brian\AppData\Local\{1358A5DF-D10E-4BB8-8969-7BA57185C119}
2012-01-22 20:04 - 2012-01-22 20:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{BD178396-0592-4A66-BE23-78B7DF57CEA8}
2012-01-22 20:04 - 2012-01-22 20:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{5EDC03F4-A55D-4F9E-88ED-87310D7698EF}
2012-01-22 14:35 - 2012-01-22 13:37 - 0000000 ____D C:\Users\Brian\Documents\AT479
2012-01-22 08:30 - 2010-06-11 20:28 - 0275907 ____A C:\Windows\DirectX.log
2012-01-22 08:29 - 2012-01-22 08:29 - 0000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-01-22 08:21 - 2012-01-22 08:21 - 0000000 ____D C:\Program Files (x86)\Quadriga Games
2012-01-22 08:04 - 2012-01-22 08:04 - 0000000 ____D C:\Users\Brian\AppData\Local\{6887A160-A9B1-4572-BF34-475F488F3E8C}
2012-01-22 08:03 - 2012-01-22 08:03 - 0000000 ____D C:\Users\Brian\AppData\Local\{CA1B8360-2825-483D-89F1-C0C78B93D586}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6135.13 MB
Available physical RAM: 5369.17 MB
Total Pagefile: 6133.28 MB
Available Pagefile: 5357.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:127.47 GB) NTFS
2 Drive d: (Editing) (Fixed) (Total:465.76 GB) (Free:106.48 GB) NTFS
3 Drive e: (Downloads) (Fixed) (Total:931.51 GB) (Free:236.37 GB) NTFS
4 Drive g: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
5 Drive h: (FS_DISC4) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
6 Drive i: () (Removable) (Total:0.99 GB) (Free:0.2 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 931 GB 0 B
Disk 3 Online 1012 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Editing NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E Downloads NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1011 MB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT Removable 1011 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 06:46

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 20 April 2012 - 03:20 PM

Hello

after you run this let me know if the computer boots back up.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 tvtfilter; C:\Windows\System32\dcevt32.dll [x]
C:\Windows\System32\dcevt32.dll
NETSVC: tvtfilter

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 03:28 PM

Boot up now Thank you very much

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-04-2012
Ran by SYSTEM at 2012-04-20 16:25:12 R:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
tvtfilter service deleted successfully.
C:\Windows\System32\dcevt32.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs tvtfilter Deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 20 April 2012 - 03:31 PM

Hello

I know how scary that can be but the worst is over now. I am going to have you do some more scans to make sure you are all clean. stay with me until I say we are done.


I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 04:08 PM

Seems to be running fine right now, heres the log file

ComboFix 12-04-20.03 - Brian 04/20/2012 16:42:03.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3264 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Roaming\8774.D4C
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\Brian\Documents\~WRD0003.tmp
c:\users\Brian\Documents\~WRL0001.tmp
c:\users\Brian\Documents\~WRL0002.tmp
c:\users\Brian\Documents\~WRL0776.tmp
c:\users\Brian\Documents\~WRL1367.tmp
c:\users\Brian\Documents\~WRL2805.tmp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\tmp\U
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\DBCDBF32.DLL
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\tmpD5A7.tmp
c:\windows\SysWow64\tmpD5A8.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-21 00:02 . 2012-04-21 00:03 -------- d-----w- C:\FRST
2012-04-20 20:53 . 2012-04-20 20:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-20 20:53 . 2012-04-20 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 20:53 . 2012-04-20 20:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-17 21:49 . 2012-04-17 21:49 -------- d-----we c:\windows\system64
2012-04-15 19:02 . 2012-04-15 19:02 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
2012-04-15 15:51 . 2012-04-15 15:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\95a8dfa71cd1b1f01\MeshBetaRemover.exe
2012-04-12 07:06 . 2012-04-12 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 07:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-04 05:54 . 2012-04-04 05:54 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-03 14:03 . 2012-04-14 01:03 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 13:42 . 2012-04-14 01:03 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 21:40 . 2009-06-17 04:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll
2012-03-24 21:40 . 2012-04-19 04:53 -------- d-----w- c:\program files (x86)\High-Logic FontCreator
2012-03-24 21:39 . 2012-03-24 21:39 -------- d-----w- c:\users\Brian\.swt
2012-03-24 21:15 . 2012-04-18 00:36 -------- d-sh--w- c:\users\Brian\AppData\Local\ada9e625
2012-03-24 21:11 . 2012-04-19 04:52 -------- d-----w- c:\users\Brian\AppData\Local\FontCreator
2012-03-24 21:10 . 2012-03-24 21:48 -------- d-----w- c:\users\Brian\AppData\Roaming\FontCreator
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:03 . 2011-05-17 22:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-01 05:37 . 2012-04-12 07:03 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:29 . 2012-04-12 07:03 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 01:11 . 2012-04-12 07:07 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-17 06:38 . 2012-03-13 18:46 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:46 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-13 22:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 22:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 18:57 . 2012-02-02 18:57 808440 ----a-w- c:\windows\SysWow64\CDDBUI.dll
2012-02-02 18:57 . 2012-02-02 18:57 796152 ----a-w- c:\windows\SysWow64\CDDBControl.dll
2012-01-25 06:38 . 2012-03-13 18:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 18:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 18:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files (x86)\WinFast\WFDTV\WFWIZ.exe" [2008-05-30 2887680]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"MusicManager"="c:\users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2012-04-04 166624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
NexDef Plug-in.lnk - c:\users\Brian\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-7-7 473616]
United Airlines Auto Update Conduit (English).lnk - c:\users\Brian\United Airlines Auto Update Conduit (English)\en\ua_conduit_en.exe [2011-10-27 1432064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dtella.lnk - c:\program files (x86)\Dtella@Purdue\dtella.exe [2010-1-22 4584364]
For The Record Server Status Notifier.lnk - c:\program files (x86)\For The Record\Server Status Notifier\ForTheRecord.UI.ServerStatus.exe [2011-12-30 134656]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 35328]
OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-8-5 74240]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-6-11 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ForTheRecordServices;For The Record Core Services;c:\program files (x86)\For The Record\Services\ForTheRecord.WindowsService.exe [2011-12-30 60416]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-09-10 18432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-14 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-11 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-06-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [x]
R3 SaiH0C2D;SaiH0C2D;c:\windows\system32\DRIVERS\SaiH0C2D.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-03 3246040]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ForTheRecordIMBot;For The Record IM-Bot Service;c:\program files (x86)\For The Record\IMBot Service\ForTheRecord.IMBot.exe [2011-12-30 65024]
S2 ForTheRecordRecorderTuner;For The Record Recorder/Tuner Service;c:\program files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.WindowsService.exe [2011-12-30 65536]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-05 24064]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S3 3xHybr64;WinFast HDTV200 H;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:03]
.
2012-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-20 02:58]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 18:03]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 18:03]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 22:23]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 22:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-10-20 394768]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
"KeyLemon LemonScreen"="c:\program files\KeyLemon\KLLockEngine.exe" [2011-12-19 994624]
"KeyLemon Updater"="c:\program files\KeyLemon\KLUpdater.exe" [2011-12-19 702272]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50586
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\q065kvf4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://comcast.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Syncables - c:\program files (x86)\Common Files\syncables Shared\java\Syncables.exe
Wow6432Node-HKLM-Run-UpdReg - c:\windows\UpdReg.EXE
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Fly the Maddog liveries - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall Liveries.exe
AddRemove-Fly the Maddog Professional 2010 Edition - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall Fly the Maddog for FS9.exe
AddRemove-Level-D Simulations 767-300 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\UnLvld767.exe
AddRemove-PSS - Boeing 757 Pro. v1.3 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall PSS 757 v1.3 VC Version.exe
AddRemove-FeelThere ERJ v.2 SP2 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal-fterj2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-713368250-3398300864-362228461-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:af,ea,22,70,42,fa,39,d8,c3,e4,82,fb,ce,c0,21,1e,83,66,d3,04,68,0f,77,
a5,4a,33,33,8a,7e,35,18,b7,b7,d8,1e,b0,0b,74,ed,24,4e,d5,56,fb,79,30,33,a0,\
"??"=hex:56,11,67,c2,c7,e8,a8,eb,ce,95,9e,55,ed,62,f9,42
.
[HKEY_USERS\S-1-5-21-713368250-3398300864-362228461-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,b9,70,76,c5,ea,90,0c,25,bc,e5,d8,95,4f,eb,6c,42,5d,7d,a4,3c,
6a,c7,5f,71,46,ab,0b,6f,92,e7,32,d2,b4,eb,db,df,66,08,33,ba,a8,bb,e9,27,79,\
"rkeysecu"=hex:ec,37,5d,48,1d,d1,4e,77,cb,52,68,94,77,8c,45,a0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Guide Enricher\GuideEnricherService.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.CardHost.exe
.
**************************************************************************
.
Completion time: 2012-04-20 17:05:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 21:05
.
Pre-Run: 163,588,796,416 bytes free
Post-Run: 166,646,448,128 bytes free
.
- - End Of File - - A1A54215E39EB95D9632A02D639FE5D3

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 20 April 2012 - 04:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 04:23 PM

17:10:34.0939 5796 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
17:10:35.0181 5796 ============================================================
17:10:35.0181 5796 Current date / time: 2012/04/20 17:10:35.0181
17:10:35.0181 5796 SystemInfo:
17:10:35.0181 5796
17:10:35.0181 5796 OS Version: 6.1.7601 ServicePack: 1.0
17:10:35.0181 5796 Product type: Workstation
17:10:35.0181 5796 ComputerName: BRIAN-PC
17:10:35.0181 5796 UserName: Brian
17:10:35.0181 5796 Windows directory: C:\Windows
17:10:35.0181 5796 System windows directory: C:\Windows
17:10:35.0181 5796 Running under WOW64
17:10:35.0181 5796 Processor architecture: Intel x64
17:10:35.0181 5796 Number of processors: 8
17:10:35.0181 5796 Page size: 0x1000
17:10:35.0181 5796 Boot type: Normal boot
17:10:35.0181 5796 ============================================================
17:10:35.0523 5796 Drive \Device\Harddisk0\DR0 - Size: 0x7470B00000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:35.0523 5796 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:35.0538 5796 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:35.0542 5796 \Device\Harddisk0\DR0:
17:10:35.0542 5796 MBR partitions:
17:10:35.0542 5796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:10:35.0542 5796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:10:35.0542 5796 \Device\Harddisk1\DR1:
17:10:35.0542 5796 MBR partitions:
17:10:35.0542 5796 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
17:10:35.0542 5796 \Device\Harddisk2\DR2:
17:10:35.0542 5796 MBR partitions:
17:10:35.0542 5796 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74706000
17:10:35.0579 5796 C: <-> \Device\Harddisk0\DR0\Partition1
17:10:35.0594 5796 I: <-> \Device\Harddisk1\DR1\Partition0
17:10:35.0625 5796 D: <-> \Device\Harddisk2\DR2\Partition0
17:10:35.0625 5796 Initialize success
17:10:35.0625 5796 ============================================================
17:10:38.0289 5112 ============================================================
17:10:38.0289 5112 Scan started
17:10:38.0289 5112 Mode: Manual;
17:10:38.0289 5112 ============================================================
17:10:38.0793 5112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:10:38.0816 5112 1394ohci - ok
17:10:38.0907 5112 3xHybr64 (475726f9cd55023d4cf559cf8bd4c202) C:\Windows\system32\DRIVERS\3xHybr64.sys
17:10:38.0955 5112 3xHybr64 - ok
17:10:39.0107 5112 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:10:39.0123 5112 ACDaemon - ok
17:10:39.0212 5112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:10:39.0237 5112 ACPI - ok
17:10:39.0288 5112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:10:39.0289 5112 AcpiPmi - ok
17:10:39.0460 5112 AcrSch2Svc (b175ee4f763d25908789896d43522f72) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:10:39.0469 5112 AcrSch2Svc - ok
17:10:39.0504 5112 acsock (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys
17:10:39.0505 5112 acsock - ok
17:10:39.0658 5112 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:39.0665 5112 AdobeFlashPlayerUpdateSvc - ok
17:10:39.0762 5112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:10:39.0765 5112 adp94xx - ok
17:10:39.0795 5112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:10:39.0819 5112 adpahci - ok
17:10:39.0881 5112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:10:39.0893 5112 adpu320 - ok
17:10:39.0947 5112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:10:39.0948 5112 AeLookupSvc - ok
17:10:40.0007 5112 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
17:10:40.0008 5112 afcdp - ok
17:10:40.0285 5112 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:10:40.0376 5112 afcdpsrv - ok
17:10:40.0551 5112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:10:40.0598 5112 AFD - ok
17:10:40.0706 5112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:10:40.0745 5112 agp440 - ok
17:10:40.0973 5112 Akamai (8832f4b4cb3c7c966bae3132553423da) c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll
17:10:41.0025 5112 Akamai - ok
17:10:41.0092 5112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:10:41.0093 5112 ALG - ok
17:10:41.0185 5112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:10:41.0185 5112 aliide - ok
17:10:41.0202 5112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:10:41.0202 5112 amdide - ok
17:10:41.0266 5112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:10:41.0287 5112 AmdK8 - ok
17:10:41.0321 5112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:10:41.0322 5112 AmdPPM - ok
17:10:41.0359 5112 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:10:41.0361 5112 amdsata - ok
17:10:41.0386 5112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:10:41.0416 5112 amdsbs - ok
17:10:41.0440 5112 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:10:41.0440 5112 amdxata - ok
17:10:41.0539 5112 Apache2.2 (f41e453a90ef19217cee1675f5256ee7) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
17:10:41.0539 5112 Apache2.2 - ok
17:10:41.0584 5112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:10:41.0594 5112 AppID - ok
17:10:41.0644 5112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:10:41.0668 5112 AppIDSvc - ok
17:10:41.0707 5112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:10:41.0708 5112 Appinfo - ok
17:10:41.0818 5112 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:10:41.0819 5112 Apple Mobile Device - ok
17:10:41.0915 5112 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:10:41.0949 5112 AppMgmt - ok
17:10:42.0074 5112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:10:42.0096 5112 arc - ok
17:10:42.0131 5112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:10:42.0143 5112 arcsas - ok
17:10:42.0211 5112 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:10:42.0249 5112 aspnet_state - ok
17:10:42.0306 5112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:42.0306 5112 AsyncMac - ok
17:10:42.0373 5112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:10:42.0373 5112 atapi - ok
17:10:42.0420 5112 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
17:10:42.0475 5112 athr - ok
17:10:42.0540 5112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:42.0552 5112 AudioEndpointBuilder - ok
17:10:42.0585 5112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:42.0588 5112 AudioSrv - ok
17:10:42.0739 5112 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:10:42.0843 5112 AVGIDSAgent - ok
17:10:42.0956 5112 AVGIDSDriver - ok
17:10:43.0042 5112 AVGIDSEH - ok
17:10:43.0048 5112 AVGIDSFilter - ok
17:10:43.0067 5112 Avgldx64 - ok
17:10:43.0082 5112 Avgmfx64 - ok
17:10:43.0089 5112 Avgrkx64 - ok
17:10:43.0095 5112 Avgtdia - ok
17:10:43.0216 5112 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:10:43.0217 5112 avgwd - ok
17:10:43.0298 5112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:10:43.0300 5112 AxInstSV - ok
17:10:43.0400 5112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:10:43.0416 5112 b06bdrv - ok
17:10:43.0519 5112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:43.0526 5112 b57nd60a - ok
17:10:43.0596 5112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:10:43.0598 5112 BDESVC - ok
17:10:43.0633 5112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:10:43.0634 5112 Beep - ok
17:10:43.0712 5112 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:10:43.0741 5112 BFE - ok
17:10:43.0767 5112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:10:43.0771 5112 BITS - ok
17:10:43.0788 5112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:43.0789 5112 blbdrive - ok
17:10:43.0878 5112 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:10:43.0907 5112 Bonjour Service - ok
17:10:43.0996 5112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:10:43.0997 5112 bowser - ok
17:10:44.0055 5112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:10:44.0056 5112 BrFiltLo - ok
17:10:44.0065 5112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:10:44.0065 5112 BrFiltUp - ok
17:10:44.0115 5112 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:10:44.0117 5112 BridgeMP - ok
17:10:44.0165 5112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:10:44.0166 5112 Browser - ok
17:10:44.0190 5112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:10:44.0206 5112 Brserid - ok
17:10:44.0221 5112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:44.0222 5112 BrSerWdm - ok
17:10:44.0243 5112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:44.0243 5112 BrUsbMdm - ok
17:10:44.0253 5112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:44.0254 5112 BrUsbSer - ok
17:10:44.0310 5112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:10:44.0311 5112 BTHMODEM - ok
17:10:44.0353 5112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:10:44.0354 5112 bthserv - ok
17:10:44.0402 5112 Cam3820 (ce07e7278e0ecec4f5b08a29fba085f3) C:\Windows\system32\Drivers\cam3820a.sys
17:10:44.0422 5112 Cam3820 - ok
17:10:44.0438 5112 catchme - ok
17:10:44.0452 5112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:10:44.0453 5112 cdfs - ok
17:10:44.0486 5112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:10:44.0496 5112 cdrom - ok
17:10:44.0545 5112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:10:44.0547 5112 CertPropSvc - ok
17:10:44.0566 5112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:10:44.0567 5112 circlass - ok
17:10:44.0615 5112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:10:44.0625 5112 CLFS - ok
17:10:44.0726 5112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:44.0745 5112 clr_optimization_v2.0.50727_32 - ok
17:10:44.0806 5112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:44.0807 5112 clr_optimization_v2.0.50727_64 - ok
17:10:44.0860 5112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:44.0861 5112 clr_optimization_v4.0.30319_32 - ok
17:10:44.0895 5112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:44.0929 5112 clr_optimization_v4.0.30319_64 - ok
17:10:44.0987 5112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:44.0988 5112 CmBatt - ok
17:10:45.0020 5112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:10:45.0020 5112 cmdide - ok
17:10:45.0074 5112 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:10:45.0099 5112 CNG - ok
17:10:45.0150 5112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:10:45.0150 5112 Compbatt - ok
17:10:45.0206 5112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:10:45.0207 5112 CompositeBus - ok
17:10:45.0220 5112 COMSysApp - ok
17:10:45.0233 5112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:10:45.0233 5112 crcdisk - ok
17:10:45.0323 5112 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:10:45.0324 5112 Creative ALchemy AL6 Licensing Service - ok
17:10:45.0357 5112 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:10:45.0358 5112 Creative Audio Engine Licensing Service - ok
17:10:45.0460 5112 Creative Dolby Digital Live Pack Licensing Service (80f3d3a4c202cda7ca886d126f9a39d9) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
17:10:45.0461 5112 Creative Dolby Digital Live Pack Licensing Service - ok
17:10:45.0503 5112 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:10:45.0504 5112 CryptSvc - ok
17:10:45.0552 5112 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:10:45.0585 5112 CSC - ok
17:10:45.0646 5112 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:10:45.0675 5112 CscService - ok
17:10:45.0769 5112 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
17:10:45.0770 5112 CT20XUT - ok
17:10:45.0788 5112 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
17:10:45.0789 5112 CT20XUT.SYS - ok
17:10:45.0842 5112 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
17:10:45.0864 5112 ctac32k - ok
17:10:45.0918 5112 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
17:10:45.0921 5112 ctaud2k - ok
17:10:46.0016 5112 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:10:46.0037 5112 CTAudSvcService - ok
17:10:46.0109 5112 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
17:10:46.0115 5112 CTEXFIFX - ok
17:10:46.0184 5112 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
17:10:46.0190 5112 CTEXFIFX.SYS - ok
17:10:46.0208 5112 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
17:10:46.0208 5112 CTHWIUT - ok
17:10:46.0220 5112 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
17:10:46.0221 5112 CTHWIUT.SYS - ok
17:10:46.0232 5112 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
17:10:46.0232 5112 ctprxy2k - ok
17:10:46.0274 5112 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
17:10:46.0275 5112 ctsfm2k - ok
17:10:46.0318 5112 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
17:10:46.0319 5112 ctxusbm - ok
17:10:46.0340 5112 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
17:10:46.0341 5112 dc3d - ok
17:10:46.0397 5112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:10:46.0401 5112 DcomLaunch - ok
17:10:46.0456 5112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:10:46.0476 5112 defragsvc - ok
17:10:46.0515 5112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:10:46.0516 5112 DfsC - ok
17:10:46.0600 5112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:10:46.0626 5112 Dhcp - ok
17:10:46.0734 5112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:10:46.0735 5112 discache - ok
17:10:46.0752 5112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:10:46.0753 5112 Disk - ok
17:10:46.0775 5112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:10:46.0804 5112 Dnscache - ok
17:10:46.0855 5112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:10:46.0871 5112 dot3svc - ok
17:10:46.0910 5112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:10:46.0918 5112 DPS - ok
17:10:46.0977 5112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:10:46.0978 5112 drmkaud - ok
17:10:47.0018 5112 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:10:47.0019 5112 dtsoftbus01 - ok
17:10:47.0080 5112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:10:47.0084 5112 DXGKrnl - ok
17:10:47.0154 5112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:10:47.0156 5112 EapHost - ok
17:10:47.0255 5112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:10:47.0326 5112 ebdrv - ok
17:10:47.0417 5112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:10:47.0418 5112 EFS - ok
17:10:47.0524 5112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:10:47.0528 5112 ehRecvr - ok
17:10:47.0582 5112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:10:47.0583 5112 ehSched - ok
17:10:47.0650 5112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:10:47.0663 5112 elxstor - ok
17:10:47.0728 5112 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
17:10:47.0729 5112 emupia - ok
17:10:47.0757 5112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:10:47.0757 5112 ErrDev - ok
17:10:47.0803 5112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:10:47.0805 5112 EventSystem - ok
17:10:47.0846 5112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:10:47.0847 5112 exfat - ok
17:10:47.0882 5112 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
17:10:47.0921 5112 FACAP - ok
17:10:47.0940 5112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:10:47.0957 5112 fastfat - ok
17:10:48.0031 5112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:10:48.0058 5112 Fax - ok
17:10:48.0084 5112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:10:48.0084 5112 fdc - ok
17:10:48.0139 5112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:10:48.0140 5112 fdPHost - ok
17:10:48.0148 5112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:10:48.0149 5112 FDResPub - ok
17:10:48.0168 5112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:10:48.0169 5112 FileInfo - ok
17:10:48.0179 5112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:10:48.0180 5112 Filetrace - ok
17:10:48.0199 5112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:48.0200 5112 flpydisk - ok
17:10:48.0241 5112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:10:48.0259 5112 FltMgr - ok
17:10:48.0301 5112 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:10:48.0339 5112 FontCache - ok
17:10:48.0414 5112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:48.0414 5112 FontCache3.0.0.0 - ok
17:10:48.0523 5112 ForTheRecordIMBot (1f617f7e2e392daed7644b005e7c8c46) C:\Program Files (x86)\For The Record\IMBot Service\ForTheRecord.IMBot.exe
17:10:48.0523 5112 ForTheRecordIMBot - ok
17:10:48.0582 5112 ForTheRecordRecorderTuner (f096f6cbac6996e2b5c5d9ba63145dd5) C:\Program Files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.WindowsService.exe
17:10:48.0583 5112 ForTheRecordRecorderTuner - ok
17:10:48.0650 5112 ForTheRecordServices (a765b8865513349552e95e5bb117f116) C:\Program Files (x86)\For The Record\Services\ForTheRecord.WindowsService.exe
17:10:48.0651 5112 ForTheRecordServices - ok
17:10:48.0726 5112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:10:48.0727 5112 FsDepends - ok
17:10:48.0849 5112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:10:48.0849 5112 Fs_Rec - ok
17:10:48.0893 5112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:10:48.0894 5112 fvevol - ok
17:10:48.0907 5112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:10:48.0917 5112 gagp30kx - ok
17:10:49.0009 5112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:10:49.0010 5112 GEARAspiWDM - ok
17:10:49.0063 5112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:10:49.0089 5112 gpsvc - ok
17:10:49.0180 5112 GuideEnricher (a4c544c3e23e735a5d5688ab5d04e127) C:\Program Files (x86)\Guide Enricher\GuideEnricherService.exe
17:10:49.0180 5112 GuideEnricher - ok
17:10:49.0308 5112 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:49.0322 5112 gupdate - ok
17:10:49.0351 5112 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:49.0352 5112 gupdatem - ok
17:10:49.0405 5112 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:10:49.0443 5112 gusvc - ok
17:10:49.0560 5112 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
17:10:49.0566 5112 ha20x22k - ok
17:10:49.0664 5112 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
17:10:49.0701 5112 ha20x2k - ok
17:10:49.0746 5112 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:10:49.0746 5112 hamachi - ok
17:10:49.0876 5112 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:10:49.0922 5112 Hamachi2Svc - ok
17:10:50.0008 5112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:10:50.0008 5112 hcw85cir - ok
17:10:50.0083 5112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:10:50.0097 5112 HdAudAddService - ok
17:10:50.0118 5112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:10:50.0119 5112 HDAudBus - ok
17:10:50.0144 5112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:10:50.0144 5112 HidBatt - ok
17:10:50.0165 5112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:10:50.0166 5112 HidBth - ok
17:10:50.0183 5112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:10:50.0184 5112 HidIr - ok
17:10:50.0221 5112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:10:50.0222 5112 hidserv - ok
17:10:50.0258 5112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:10:50.0259 5112 HidUsb - ok
17:10:50.0300 5112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:10:50.0302 5112 hkmsvc - ok
17:10:50.0332 5112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:10:50.0350 5112 HomeGroupListener - ok
17:10:50.0389 5112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:10:50.0399 5112 HomeGroupProvider - ok
17:10:50.0418 5112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:10:50.0419 5112 HpSAMD - ok
17:10:50.0525 5112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:10:50.0544 5112 HTTP - ok
17:10:50.0615 5112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:10:50.0615 5112 hwpolicy - ok
17:10:50.0644 5112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:10:50.0645 5112 i8042prt - ok
17:10:50.0777 5112 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:10:50.0783 5112 IAANTMON - ok
17:10:50.0874 5112 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
17:10:50.0876 5112 iaStor - ok
17:10:50.0972 5112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:10:50.0987 5112 iaStorV - ok
17:10:51.0154 5112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:51.0173 5112 idsvc - ok
17:10:51.0241 5112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:10:51.0247 5112 iirsp - ok
17:10:51.0338 5112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:10:51.0374 5112 IKEEXT - ok
17:10:51.0498 5112 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
17:10:51.0509 5112 IntcAzAudAddService - ok
17:10:51.0551 5112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:10:51.0551 5112 intelide - ok
17:10:51.0621 5112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:10:51.0622 5112 intelppm - ok
17:10:51.0666 5112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:10:51.0667 5112 IPBusEnum - ok
17:10:51.0691 5112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:51.0693 5112 IpFilterDriver - ok
17:10:51.0752 5112 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:10:51.0776 5112 iphlpsvc - ok
17:10:51.0804 5112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:10:51.0805 5112 IPMIDRV - ok
17:10:51.0858 5112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:10:51.0859 5112 IPNAT - ok
17:10:51.0941 5112 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
17:10:51.0962 5112 iPod Service - ok
17:10:52.0137 5112 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
17:10:52.0137 5112 iPodDrv - ok
17:10:52.0213 5112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:10:52.0213 5112 IRENUM - ok
17:10:52.0231 5112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:10:52.0232 5112 isapnp - ok
17:10:52.0256 5112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:10:52.0267 5112 iScsiPrt - ok
17:10:52.0297 5112 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys
17:10:52.0298 5112 JRAID - ok
17:10:52.0319 5112 JSWPSLWF - ok
17:10:52.0333 5112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:52.0333 5112 kbdclass - ok
17:10:52.0353 5112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:52.0354 5112 kbdhid - ok
17:10:52.0384 5112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:52.0385 5112 KeyIso - ok
17:10:52.0399 5112 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:10:52.0400 5112 KSecDD - ok
17:10:52.0444 5112 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:10:52.0445 5112 KSecPkg - ok
17:10:52.0486 5112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:10:52.0486 5112 ksthunk - ok
17:10:52.0558 5112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:10:52.0564 5112 KtmRm - ok
17:10:52.0612 5112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:10:52.0630 5112 LanmanServer - ok
17:10:52.0688 5112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:10:52.0690 5112 LanmanWorkstation - ok
17:10:52.0716 5112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:10:52.0716 5112 lltdio - ok
17:10:52.0775 5112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:10:52.0782 5112 lltdsvc - ok
17:10:52.0813 5112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:10:52.0814 5112 lmhosts - ok
17:10:52.0841 5112 lmimirr - ok
17:10:52.0876 5112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:10:52.0877 5112 LSI_FC - ok
17:10:52.0890 5112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:10:52.0891 5112 LSI_SAS - ok
17:10:52.0911 5112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:10:52.0912 5112 LSI_SAS2 - ok
17:10:52.0928 5112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:10:52.0929 5112 LSI_SCSI - ok
17:10:52.0948 5112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:10:52.0950 5112 luafv - ok
17:10:52.0988 5112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:10:52.0990 5112 Mcx2Svc - ok
17:10:53.0002 5112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:10:53.0002 5112 megasas - ok
17:10:53.0018 5112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:10:53.0039 5112 MegaSR - ok
17:10:53.0083 5112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:53.0091 5112 MMCSS - ok
17:10:53.0108 5112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:10:53.0109 5112 Modem - ok
17:10:53.0127 5112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:10:53.0127 5112 monitor - ok
17:10:53.0178 5112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:10:53.0179 5112 mouclass - ok
17:10:53.0201 5112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:10:53.0202 5112 mouhid - ok
17:10:53.0242 5112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:10:53.0243 5112 mountmgr - ok
17:10:53.0259 5112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:10:53.0265 5112 mpio - ok
17:10:53.0279 5112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:10:53.0280 5112 mpsdrv - ok
17:10:53.0342 5112 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:10:53.0363 5112 MpsSvc - ok
17:10:53.0392 5112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:10:53.0394 5112 MRxDAV - ok
17:10:53.0431 5112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:53.0437 5112 mrxsmb - ok
17:10:53.0477 5112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:53.0484 5112 mrxsmb10 - ok
17:10:53.0521 5112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:53.0523 5112 mrxsmb20 - ok
17:10:53.0549 5112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:10:53.0549 5112 msahci - ok
17:10:53.0568 5112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:10:53.0579 5112 msdsm - ok
17:10:53.0632 5112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:10:53.0634 5112 MSDTC - ok
17:10:53.0677 5112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:10:53.0677 5112 Msfs - ok
17:10:53.0689 5112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:10:53.0689 5112 mshidkmdf - ok
17:10:53.0705 5112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:10:53.0705 5112 msisadrv - ok
17:10:53.0754 5112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:10:53.0765 5112 MSiSCSI - ok
17:10:53.0770 5112 msiserver - ok
17:10:53.0808 5112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:10:53.0808 5112 MSKSSRV - ok
17:10:53.0828 5112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:53.0829 5112 MSPCLOCK - ok
17:10:53.0837 5112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:10:53.0837 5112 MSPQM - ok
17:10:53.0881 5112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:10:53.0896 5112 MsRPC - ok
17:10:53.0917 5112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:10:53.0917 5112 mssmbios - ok
17:10:53.0931 5112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:10:53.0931 5112 MSTEE - ok
17:10:53.0988 5112 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
17:10:53.0989 5112 msvad_simple - ok
17:10:54.0003 5112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:10:54.0004 5112 MTConfig - ok
17:10:54.0032 5112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:10:54.0033 5112 Mup - ok
17:10:54.0143 5112 MySQL - ok
17:10:54.0209 5112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:10:54.0227 5112 napagent - ok
17:10:54.0261 5112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:10:54.0290 5112 NativeWifiP - ok
17:10:54.0331 5112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:10:54.0335 5112 NDIS - ok
17:10:54.0349 5112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:10:54.0350 5112 NdisCap - ok
17:10:54.0372 5112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:54.0372 5112 NdisTapi - ok
17:10:54.0410 5112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:54.0411 5112 Ndisuio - ok
17:10:54.0456 5112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:54.0471 5112 NdisWan - ok
17:10:54.0505 5112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:10:54.0506 5112 NDProxy - ok
17:10:54.0518 5112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:10:54.0518 5112 NetBIOS - ok
17:10:54.0570 5112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:10:54.0572 5112 NetBT - ok
17:10:54.0617 5112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:54.0618 5112 Netlogon - ok
17:10:54.0674 5112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:10:54.0677 5112 Netman - ok
17:10:54.0753 5112 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0755 5112 NetMsmqActivator - ok
17:10:54.0765 5112 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0766 5112 NetPipeActivator - ok
17:10:54.0793 5112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:10:54.0821 5112 netprofm - ok
17:10:54.0825 5112 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0826 5112 NetTcpActivator - ok
17:10:54.0828 5112 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0829 5112 NetTcpPortSharing - ok
17:10:54.0880 5112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:10:54.0881 5112 nfrd960 - ok
17:10:54.0943 5112 nHancer (473ab3856ca286a616998cb34762eb6d) C:\Program Files\nHancer\nHancerService.exe
17:10:54.0944 5112 nHancer - ok
17:10:54.0988 5112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:10:54.0997 5112 NlaSvc - ok
17:10:55.0008 5112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:10:55.0009 5112 Npfs - ok
17:10:55.0069 5112 NPVR Recording Service - ok
17:10:55.0133 5112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:10:55.0135 5112 nsi - ok
17:10:55.0170 5112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:10:55.0171 5112 nsiproxy - ok
17:10:55.0257 5112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:10:55.0263 5112 Ntfs - ok
17:10:55.0314 5112 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:10:55.0314 5112 NuidFltr - ok
17:10:55.0329 5112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:10:55.0329 5112 Null - ok
17:10:55.0580 5112 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:10:55.0630 5112 nvlddmkm - ok
17:10:55.0676 5112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:10:55.0687 5112 nvraid - ok
17:10:55.0757 5112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:10:55.0772 5112 nvstor - ok
17:10:55.0818 5112 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:10:55.0864 5112 nvsvc - ok
17:10:55.0972 5112 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:10:56.0030 5112 nvUpdatusService - ok
17:10:56.0081 5112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:10:56.0090 5112 nv_agp - ok
17:10:56.0151 5112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:10:56.0153 5112 ohci1394 - ok
17:10:56.0258 5112 OpenVPNAccessClient (6ff6ef1cc25e558cf0335928b658d11e) C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
17:10:56.0259 5112 OpenVPNAccessClient - ok
17:10:56.0367 5112 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:56.0375 5112 ose - ok
17:10:56.0583 5112 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:10:56.0678 5112 osppsvc - ok
17:10:56.0824 5112 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
17:10:56.0825 5112 ossrv - ok
17:10:56.0960 5112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:56.0963 5112 p2pimsvc - ok
17:10:57.0043 5112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:10:57.0057 5112 p2psvc - ok
17:10:57.0132 5112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:10:57.0133 5112 Parport - ok
17:10:57.0167 5112 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:10:57.0168 5112 partmgr - ok
17:10:57.0198 5112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:10:57.0232 5112 PcaSvc - ok
17:10:57.0256 5112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:10:57.0258 5112 pci - ok
17:10:57.0287 5112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:10:57.0288 5112 pciide - ok
17:10:57.0319 5112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:10:57.0329 5112 pcmcia - ok
17:10:57.0350 5112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:10:57.0351 5112 pcw - ok
17:10:57.0376 5112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:10:57.0396 5112 PEAUTH - ok
17:10:57.0461 5112 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:10:57.0493 5112 PeerDistSvc - ok
17:10:57.0580 5112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:10:57.0600 5112 PerfHost - ok
17:10:57.0661 5112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:10:57.0726 5112 pla - ok
17:10:57.0820 5112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:10:57.0846 5112 PlugPlay - ok
17:10:57.0890 5112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:10:57.0907 5112 PNRPAutoReg - ok
17:10:57.0928 5112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:57.0930 5112 PNRPsvc - ok
17:10:57.0975 5112 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:10:57.0975 5112 Point64 - ok
17:10:58.0014 5112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:10:58.0045 5112 PolicyAgent - ok
17:10:58.0084 5112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:10:58.0086 5112 Power - ok
17:10:58.0134 5112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:10:58.0136 5112 PptpMiniport - ok
17:10:58.0166 5112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:10:58.0167 5112 Processor - ok
17:10:58.0205 5112 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:10:58.0216 5112 ProfSvc - ok
17:10:58.0284 5112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:58.0285 5112 ProtectedStorage - ok
17:10:58.0335 5112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:10:58.0336 5112 Psched - ok
17:10:58.0393 5112 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:10:58.0393 5112 PxHlpa64 - ok
17:10:58.0471 5112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:10:58.0498 5112 ql2300 - ok
17:10:58.0523 5112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:10:58.0524 5112 ql40xx - ok
17:10:58.0569 5112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:10:58.0587 5112 QWAVE - ok
17:10:58.0602 5112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:10:58.0603 5112 QWAVEdrv - ok
17:10:58.0621 5112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:10:58.0621 5112 RasAcd - ok
17:10:58.0664 5112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:10:58.0672 5112 RasAgileVpn - ok
17:10:58.0678 5112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:10:58.0680 5112 RasAuto - ok
17:10:58.0722 5112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:58.0723 5112 Rasl2tp - ok
17:10:58.0768 5112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:10:58.0778 5112 RasMan - ok
17:10:58.0821 5112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:58.0822 5112 RasPppoe - ok
17:10:58.0838 5112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:10:58.0839 5112 RasSstp - ok
17:10:58.0877 5112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:10:58.0885 5112 rdbss - ok
17:10:58.0898 5112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:10:58.0899 5112 rdpbus - ok
17:10:58.0911 5112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:58.0911 5112 RDPCDD - ok
17:10:58.0945 5112 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\Windows\system32\DRIVERS\rdpdispm.sys
17:10:58.0945 5112 RDPDISPM - ok
17:10:58.0986 5112 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:10:58.0988 5112 RDPDR - ok
17:10:59.0012 5112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:10:59.0012 5112 RDPENCDD - ok
17:10:59.0026 5112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:10:59.0027 5112 RDPREFMP - ok
17:10:59.0082 5112 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:10:59.0084 5112 RDPWD - ok
17:10:59.0172 5112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:10:59.0180 5112 rdyboost - ok
17:10:59.0254 5112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:10:59.0256 5112 RemoteAccess - ok
17:10:59.0289 5112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:10:59.0290 5112 RemoteRegistry - ok
17:10:59.0307 5112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:10:59.0309 5112 RpcEptMapper - ok
17:10:59.0345 5112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:10:59.0346 5112 RpcLocator - ok
17:10:59.0386 5112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:10:59.0389 5112 RpcSs - ok
17:10:59.0423 5112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:10:59.0424 5112 rspndr - ok
17:10:59.0471 5112 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:10:59.0473 5112 RTL8167 - ok
17:10:59.0508 5112 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:10:59.0508 5112 s3cap - ok
17:10:59.0531 5112 SaiH0763 (45c0b193065219189772a038e6c29d49) C:\Windows\system32\DRIVERS\SaiH0763.sys
17:10:59.0541 5112 SaiH0763 - ok
17:10:59.0579 5112 SaiH0C2D (231a3700154b1a49c2f05cb0da4b2747) C:\Windows\system32\DRIVERS\SaiH0C2D.sys
17:10:59.0588 5112 SaiH0C2D - ok
17:10:59.0617 5112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:59.0618 5112 SamSs - ok
17:10:59.0639 5112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:10:59.0640 5112 sbp2port - ok
17:10:59.0657 5112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:10:59.0675 5112 SCardSvr - ok
17:10:59.0715 5112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:10:59.0716 5112 scfilter - ok
17:10:59.0800 5112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:10:59.0805 5112 Schedule - ok
17:10:59.0837 5112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:10:59.0838 5112 SCPolicySvc - ok
17:10:59.0873 5112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:10:59.0882 5112 SDRSVC - ok
17:10:59.0923 5112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:10:59.0924 5112 secdrv - ok
17:10:59.0960 5112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:10:59.0961 5112 seclogon - ok
17:10:59.0997 5112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:10:59.0999 5112 SENS - ok
17:11:00.0012 5112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:11:00.0015 5112 SensrSvc - ok
17:11:00.0033 5112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:11:00.0034 5112 Serenum - ok
17:11:00.0055 5112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:11:00.0057 5112 Serial - ok
17:11:00.0081 5112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:11:00.0082 5112 sermouse - ok
17:11:00.0126 5112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:11:00.0128 5112 SessionEnv - ok
17:11:00.0143 5112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:11:00.0144 5112 sffdisk - ok
17:11:00.0183 5112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:11:00.0183 5112 sffp_mmc - ok
17:11:00.0202 5112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:11:00.0203 5112 sffp_sd - ok
17:11:00.0220 5112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:11:00.0220 5112 sfloppy - ok
17:11:00.0272 5112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:11:00.0286 5112 SharedAccess - ok
17:11:00.0329 5112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:11:00.0332 5112 ShellHWDetection - ok
17:11:00.0349 5112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:11:00.0350 5112 SiSRaid2 - ok
17:11:00.0372 5112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:11:00.0373 5112 SiSRaid4 - ok
17:11:00.0425 5112 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
17:11:00.0425 5112 SmartDefragDriver - ok
17:11:00.0451 5112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:11:00.0452 5112 Smb - ok
17:11:00.0498 5112 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
17:11:00.0510 5112 snapman - ok
17:11:00.0546 5112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:11:00.0548 5112 SNMPTRAP - ok
17:11:00.0557 5112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:11:00.0558 5112 spldr - ok
17:11:00.0603 5112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:11:00.0607 5112 Spooler - ok
17:11:00.0698 5112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:11:00.0781 5112 sppsvc - ok
17:11:00.0855 5112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:11:00.0857 5112 sppuinotify - ok
17:11:00.0907 5112 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
17:11:00.0939 5112 sptd - ok
17:11:00.0983 5112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:11:00.0995 5112 srv - ok
17:11:01.0015 5112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:11:01.0021 5112 srv2 - ok
17:11:01.0039 5112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:11:01.0047 5112 srvnet - ok
17:11:01.0066 5112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:11:01.0068 5112 SSDPSRV - ok
17:11:01.0121 5112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:11:01.0123 5112 SstpSvc - ok
17:11:01.0254 5112 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:11:01.0272 5112 Stereo Service - ok
17:11:01.0361 5112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:11:01.0361 5112 stexstor - ok
17:11:01.0419 5112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:11:01.0442 5112 stisvc - ok
17:11:01.0481 5112 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:11:01.0481 5112 storflt - ok
17:11:01.0524 5112 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:11:01.0526 5112 StorSvc - ok
17:11:01.0553 5112 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:11:01.0553 5112 storvsc - ok
17:11:01.0566 5112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:11:01.0566 5112 swenum - ok
17:11:01.0677 5112 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:11:01.0737 5112 SwitchBoard - ok
17:11:01.0793 5112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:11:01.0852 5112 swprv - ok
17:11:01.0942 5112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:11:02.0004 5112 SysMain - ok
17:11:02.0079 5112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:11:02.0081 5112 TabletInputService - ok
17:11:02.0126 5112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:11:02.0128 5112 TapiSrv - ok
17:11:02.0198 5112 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
17:11:02.0198 5112 tapoas - ok
17:11:02.0226 5112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:11:02.0228 5112 TBS - ok
17:11:02.0296 5112 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:11:02.0304 5112 Tcpip - ok
17:11:02.0419 5112 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:11:02.0426 5112 TCPIP6 - ok
17:11:02.0477 5112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:11:02.0477 5112 tcpipreg - ok
17:11:02.0511 5112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:11:02.0511 5112 TDPIPE - ok
17:11:02.0596 5112 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
17:11:02.0635 5112 tdrpman273 - ok
17:11:02.0686 5112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:11:02.0687 5112 TDTCP - ok
17:11:02.0719 5112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:11:02.0720 5112 tdx - ok
17:11:02.0799 5112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:11:02.0800 5112 TermDD - ok
17:11:02.0841 5112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:11:02.0844 5112 TermService - ok
17:11:02.0865 5112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:11:02.0867 5112 Themes - ok
17:11:02.0915 5112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:11:02.0916 5112 THREADORDER - ok
17:11:02.0993 5112 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
17:11:03.0043 5112 timounter - ok
17:11:03.0077 5112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:11:03.0079 5112 TrkWks - ok
17:11:03.0124 5112 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
17:11:03.0126 5112 truecrypt - ok
17:11:03.0242 5112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:11:03.0250 5112 TrustedInstaller - ok
17:11:03.0313 5112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:11:03.0314 5112 tssecsrv - ok
17:11:03.0351 5112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:11:03.0352 5112 TsUsbFlt - ok
17:11:03.0406 5112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:11:03.0407 5112 tunnel - ok
17:11:03.0485 5112 TurboB (f37d49111a12a97de4bb5d8ff444bd2c) C:\Windows\system32\DRIVERS\TurboB.sys
17:11:03.0486 5112 TurboB - ok
17:11:03.0561 5112 TurboBoost (44d81b1bfd2428274bba98316d9606dc) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:11:03.0562 5112 TurboBoost - ok
17:11:03.0641 5112 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
17:11:03.0679 5112 TVersityMediaServer - ok
17:11:03.0754 5112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:11:03.0755 5112 uagp35 - ok
17:11:03.0835 5112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:11:03.0844 5112 udfs - ok
17:11:03.0876 5112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:11:03.0878 5112 UI0Detect - ok
17:11:03.0897 5112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:11:03.0898 5112 uliagpkx - ok
17:11:04.0000 5112 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
17:11:04.0000 5112 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
17:11:04.0023 5112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:11:04.0024 5112 umbus - ok
17:11:04.0040 5112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:11:04.0040 5112 UmPass - ok
17:11:04.0084 5112 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:11:04.0092 5112 UmRdpService - ok
17:11:04.0122 5112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:11:04.0129 5112 upnphost - ok
17:11:04.0149 5112 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:11:04.0150 5112 usbccgp - ok
17:11:04.0182 5112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:11:04.0183 5112 usbcir - ok
17:11:04.0198 5112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:11:04.0199 5112 usbehci - ok
17:11:04.0218 5112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:11:04.0259 5112 usbhub - ok
17:11:04.0281 5112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:11:04.0281 5112 usbohci - ok
17:11:04.0309 5112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:11:04.0310 5112 usbprint - ok
17:11:04.0322 5112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:11:04.0323 5112 USBSTOR - ok
17:11:04.0334 5112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:11:04.0335 5112 usbuhci - ok
17:11:04.0369 5112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:11:04.0371 5112 UxSms - ok
17:11:04.0400 5112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:11:04.0401 5112 VaultSvc - ok
17:11:04.0430 5112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:11:04.0430 5112 vdrvroot - ok
17:11:04.0448 5112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:11:04.0468 5112 vds - ok
17:11:04.0500 5112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:11:04.0501 5112 vga - ok
17:11:04.0521 5112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:11:04.0522 5112 VgaSave - ok
17:11:04.0543 5112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:11:04.0550 5112 vhdmp - ok
17:11:04.0564 5112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:11:04.0565 5112 viaide - ok
17:11:04.0578 5112 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:11:04.0589 5112 vmbus - ok
17:11:04.0607 5112 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:11:04.0608 5112 VMBusHID - ok
17:11:04.0626 5112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:11:04.0627 5112 volmgr - ok
17:11:04.0659 5112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:11:04.0674 5112 volmgrx - ok
17:11:04.0691 5112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:11:04.0698 5112 volsnap - ok
17:11:04.0749 5112 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
17:11:04.0750 5112 vpcbus - ok
17:11:04.0803 5112 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:11:04.0804 5112 vpcnfltr - ok
17:11:04.0830 5112 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
17:11:04.0831 5112 vpcusb - ok
17:11:04.0879 5112 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
17:11:04.0880 5112 vpcvmm - ok
17:11:04.0974 5112 vpnagent (8811748190d194eae2e2155da3e2b022) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:11:04.0990 5112 vpnagent - ok
17:11:05.0008 5112 vpnva (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
17:11:05.0009 5112 vpnva - ok
17:11:05.0051 5112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:11:05.0059 5112 vsmraid - ok
17:11:05.0173 5112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:11:05.0205 5112 VSS - ok
17:11:05.0221 5112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:11:05.0222 5112 vwifibus - ok
17:11:05.0296 5112 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:11:05.0297 5112 VWiFiFlt - ok
17:11:05.0332 5112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:11:05.0375 5112 W32Time - ok
17:11:05.0393 5112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:11:05.0394 5112 WacomPen - ok
17:11:05.0437 5112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:05.0438 5112 WANARP - ok
17:11:05.0446 5112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:05.0446 5112 Wanarpv6 - ok
17:11:05.0514 5112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:11:05.0555 5112 WatAdminSvc - ok
17:11:05.0607 5112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:11:05.0646 5112 wbengine - ok
17:11:05.0701 5112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:11:05.0711 5112 WbioSrvc - ok
17:11:05.0752 5112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:11:05.0778 5112 wcncsvc - ok
17:11:05.0826 5112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:11:05.0828 5112 WcsPlugInService - ok
17:11:05.0873 5112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:11:05.0874 5112 Wd - ok
17:11:05.0929 5112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:11:05.0943 5112 Wdf01000 - ok
17:11:05.0959 5112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:11:05.0961 5112 WdiServiceHost - ok
17:11:05.0963 5112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:11:05.0965 5112 WdiSystemHost - ok
17:11:06.0007 5112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:11:06.0016 5112 WebClient - ok
17:11:06.0031 5112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:11:06.0037 5112 Wecsvc - ok
17:11:06.0053 5112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:11:06.0055 5112 wercplsupport - ok
17:11:06.0080 5112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:11:06.0082 5112 WerSvc - ok
17:11:06.0149 5112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:11:06.0149 5112 WfpLwf - ok
17:11:06.0168 5112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:11:06.0169 5112 WIMMount - ok
17:11:06.0257 5112 WinDefend - ok
17:11:06.0268 5112 WinHttpAutoProxySvc - ok
17:11:06.0327 5112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:11:06.0341 5112 Winmgmt - ok
17:11:06.0403 5112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:11:06.0446 5112 WinRM - ok
17:11:06.0587 5112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:11:06.0588 5112 WinUsb - ok
17:11:06.0696 5112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:11:06.0723 5112 Wlansvc - ok
17:11:06.0781 5112 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:11:06.0781 5112 wlcrasvc - ok
17:11:06.0881 5112 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:11:06.0945 5112 wlidsvc - ok
17:11:07.0050 5112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:11:07.0051 5112 WmiAcpi - ok
17:11:07.0115 5112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:11:07.0145 5112 wmiApSrv - ok
17:11:07.0221 5112 WMPNetworkSvc - ok
17:11:07.0256 5112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:11:07.0258 5112 WPCSvc - ok
17:11:07.0314 5112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:11:07.0317 5112 WPDBusEnum - ok
17:11:07.0424 5112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:11:07.0435 5112 ws2ifsl - ok
17:11:07.0513 5112 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:11:07.0515 5112 wscsvc - ok
17:11:07.0521 5112 WSearch - ok
17:11:07.0596 5112 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:11:07.0649 5112 wuauserv - ok
17:11:07.0713 5112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:11:07.0714 5112 WudfPf - ok
17:11:07.0793 5112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:11:07.0839 5112 WUDFRd - ok
17:11:07.0880 5112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:11:07.0882 5112 wudfsvc - ok
17:11:07.0919 5112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:11:07.0929 5112 WwanSvc - ok
17:11:07.0986 5112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:11:07.0997 5112 \Device\Harddisk0\DR0 - ok
17:11:07.0999 5112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:11:08.0000 5112 \Device\Harddisk1\DR1 - ok
17:11:08.0002 5112 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
17:11:08.0021 5112 \Device\Harddisk2\DR2 - ok
17:11:08.0042 5112 Boot (0x1200) (a0c2592d6b750ae5d2fc252ef219ca8b) \Device\Harddisk0\DR0\Partition0
17:11:08.0043 5112 \Device\Harddisk0\DR0\Partition0 - ok
17:11:08.0047 5112 Boot (0x1200) (254808bbeddba9670cb8824b4cd8ebe6) \Device\Harddisk0\DR0\Partition1
17:11:08.0048 5112 \Device\Harddisk0\DR0\Partition1 - ok
17:11:08.0050 5112 Boot (0x1200) (3b0e88a5733ff9faff116b31aeb0013b) \Device\Harddisk1\DR1\Partition0
17:11:08.0050 5112 \Device\Harddisk1\DR1\Partition0 - ok
17:11:08.0052 5112 Boot (0x1200) (e45e4c06cc45bdbebeb9f2a3dab32673) \Device\Harddisk2\DR2\Partition0
17:11:08.0053 5112 \Device\Harddisk2\DR2\Partition0 - ok
17:11:08.0053 5112 ============================================================
17:11:08.0053 5112 Scan finished
17:11:08.0053 5112 ============================================================
17:11:08.0059 2984 Detected object count: 0
17:11:08.0059 2984 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 17:12:00
-----------------------------
17:12:00.899 OS Version: Windows x64 6.1.7601 Service Pack 1
17:12:00.899 Number of processors: 8 586 0x1A05
17:12:00.899 ComputerName: BRIAN-PC UserName: Brian
17:12:01.998 Initialize success
17:12:28.722 AVAST engine defs: 12042001
17:12:36.817 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-3
17:12:36.818 Disk 0 Vendor: Intel___ 1.0. Size: 476939MB BusType: 8
17:12:36.820 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
17:12:36.821 Disk 1 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 8
17:12:36.823 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
17:12:36.825 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
17:12:36.835 Disk 0 MBR read successfully
17:12:36.837 Disk 0 MBR scan
17:12:36.840 Disk 0 Windows 7 default MBR code
17:12:36.846 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:12:36.853 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:12:36.867 Disk 0 scanning C:\Windows\system32\drivers
17:12:51.323 Service scanning
17:13:18.261 Modules scanning
17:13:18.267 Disk 0 trace - called modules:
17:13:18.293 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:13:18.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071c2790]
17:13:18.299 3 CLASSPNP.SYS[fffff88001d9f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-3[0xfffffa8006f9d050]
17:13:19.680 AVAST engine scan C:\Windows
17:13:22.959 AVAST engine scan C:\Windows\system32
17:16:28.665 AVAST engine scan C:\Windows\system32\drivers
17:16:46.795 AVAST engine scan C:\Users\Brian
17:22:37.698 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
17:22:37.699 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 20 April 2012 - 06:30 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50586

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 April 2012 - 08:21 PM

Everything is running good now here is the log you requested

ComboFix 12-04-20.03 - Brian 04/20/2012 19:43:31.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.2326 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 00:02 . 2012-04-21 00:03 -------- d-----w- C:\FRST
2012-04-20 23:58 . 2012-04-20 23:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-20 23:58 . 2012-04-20 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 23:58 . 2012-04-20 23:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-20 22:32 . 2008-01-18 20:57 15360 ----a-w- c:\windows\system32\HPLTLM5.DLL
2012-04-20 20:37 . 2012-04-20 20:37 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2012
2012-04-20 20:37 . 2012-04-20 21:45 -------- d-----w- c:\programdata\AVG2012
2012-04-17 21:49 . 2012-04-17 21:49 -------- d-----we c:\windows\system64
2012-04-15 19:02 . 2012-04-15 19:02 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
2012-04-15 15:51 . 2012-04-15 15:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\95a8dfa71cd1b1f01\MeshBetaRemover.exe
2012-04-12 07:06 . 2012-04-12 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 07:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 05:54 . 2012-04-04 05:54 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-03 14:03 . 2012-04-14 01:03 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 13:42 . 2012-04-14 01:03 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 21:40 . 2009-06-17 04:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll
2012-03-24 21:40 . 2012-04-19 04:53 -------- d-----w- c:\program files (x86)\High-Logic FontCreator
2012-03-24 21:39 . 2012-03-24 21:39 -------- d-----w- c:\users\Brian\.swt
2012-03-24 21:15 . 2012-04-18 00:36 -------- d-sh--w- c:\users\Brian\AppData\Local\ada9e625
2012-03-24 21:11 . 2012-04-19 04:52 -------- d-----w- c:\users\Brian\AppData\Local\FontCreator
2012-03-24 21:10 . 2012-03-24 21:48 -------- d-----w- c:\users\Brian\AppData\Roaming\FontCreator
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:03 . 2011-05-17 22:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 06:38 . 2012-03-13 18:46 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:46 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-13 22:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 22:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 18:57 . 2012-02-02 18:57 808440 ----a-w- c:\windows\SysWow64\CDDBUI.dll
2012-02-02 18:57 . 2012-02-02 18:57 796152 ----a-w- c:\windows\SysWow64\CDDBControl.dll
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-25 06:38 . 2012-03-13 18:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 18:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 18:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-20_20.57.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 22:45 . 2012-04-20 22:45 18267 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\8g40nxc9.default\pluginreg.dat
+ 2011-05-21 14:15 . 2012-04-20 21:52 54614 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-21 00:04 34690 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-21 04:21 . 2012-04-21 00:04 21684 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-713368250-3398300864-362228461-1000_UserData.bin
+ 2012-04-20 22:32 . 2009-10-14 23:03 80384 c:\windows\system64\spool\drivers\x64\3\HPLTSRE6.EXE
+ 2012-04-20 22:32 . 2009-10-14 23:03 85504 c:\windows\system64\spool\drivers\x64\3\HPLTLNK2.EXE
+ 2012-04-20 22:32 . 2008-01-18 20:57 15360 c:\windows\system64\HPLTLM5.DLL
- 2009-07-14 05:30 . 2012-04-15 19:02 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2012-01-31 08:46 . 2012-01-31 08:46 36944 c:\windows\system64\drivers\avgrkx64.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 47696 c:\windows\system64\drivers\avgmfx64.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 29776 c:\windows\system64\drivers\avgidsfiltera.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 26704 c:\windows\system64\drivers\avgidseha.sys
- 2011-05-21 00:39 . 2012-04-20 20:28 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-21 00:39 . 2012-04-20 23:52 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-21 00:39 . 2012-04-20 23:52 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-21 00:39 . 2012-04-20 20:28 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 23:52 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 20:28 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-21 14:15 . 2012-04-20 21:52 54614 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-21 00:04 34690 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-21 04:21 . 2012-04-21 00:04 21684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-713368250-3398300864-362228461-1000_UserData.bin
+ 2012-04-20 22:32 . 2009-10-14 23:03 80384 c:\windows\system32\spool\drivers\x64\3\HPLTSRE6.EXE
+ 2012-04-20 22:32 . 2009-10-14 23:03 85504 c:\windows\system32\spool\drivers\x64\3\HPLTLNK2.EXE
- 2009-07-14 05:30 . 2012-04-15 19:02 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-23 17:32 . 2011-12-23 17:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 26704 c:\windows\system32\drivers\avgidseha.sys
- 2011-05-21 00:39 . 2012-04-20 20:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-21 00:39 . 2012-04-20 23:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-21 00:39 . 2012-04-20 23:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-21 00:39 . 2012-04-20 20:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 20:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 23:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-21 02:28 . 2012-02-19 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-21 02:28 . 2012-04-20 22:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-20 20:55 . 2012-04-20 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 00:00 . 2012-04-21 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 20:55 . 2012-04-20 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 00:00 . 2012-04-21 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-20 22:32 . 2009-10-14 23:09 450048 c:\windows\system64\spool\drivers\x64\3\hpltump6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:05 956416 c:\windows\system64\spool\drivers\x64\3\hpltuis6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:03 185344 c:\windows\system64\spool\drivers\x64\3\HPLTSRC6.DLL
+ 2012-04-20 22:32 . 2009-09-01 20:14 106496 c:\windows\system64\spool\drivers\x64\3\hpltren8.dll
+ 2012-04-20 22:32 . 2009-10-14 23:07 537600 c:\windows\system64\spool\drivers\x64\3\hpltglr6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:08 483840 c:\windows\system64\spool\drivers\x64\3\hpltcfg6.dll
+ 2012-04-20 22:32 . 2009-10-15 00:15 169834 c:\windows\system64\spool\drivers\x64\3\hplt8m2.dat
+ 2009-07-14 02:36 . 2012-04-20 21:56 664796 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-20 20:34 664796 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-20 21:56 122654 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-20 20:34 122654 c:\windows\system64\perfc009.dat
- 2009-07-14 05:30 . 2012-04-15 19:02 143360 c:\windows\system64\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 143360 c:\windows\system64\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 143360 c:\windows\system64\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-15 19:02 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2012-02-22 09:25 . 2012-02-22 09:25 382032 c:\windows\system64\drivers\avgtdia.sys
+ 2012-02-22 09:25 . 2012-02-22 09:25 289872 c:\windows\system64\drivers\avgldx64.sys
+ 2011-12-23 17:31 . 2011-12-23 17:31 124496 c:\windows\system64\drivers\avgidsdrivera.sys
+ 2012-04-20 22:32 . 2009-10-14 23:09 450048 c:\windows\system32\spool\drivers\x64\3\hpltump6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:05 956416 c:\windows\system32\spool\drivers\x64\3\hpltuis6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:03 185344 c:\windows\system32\spool\drivers\x64\3\HPLTSRC6.DLL
+ 2012-04-20 22:32 . 2009-09-01 20:14 106496 c:\windows\system32\spool\drivers\x64\3\hpltren8.dll
+ 2012-04-20 22:32 . 2009-10-14 23:07 537600 c:\windows\system32\spool\drivers\x64\3\hpltglr6.dll
+ 2012-04-20 22:32 . 2009-10-14 23:08 483840 c:\windows\system32\spool\drivers\x64\3\hpltcfg6.dll
+ 2012-04-20 22:32 . 2009-10-15 00:15 169834 c:\windows\system32\spool\drivers\x64\3\hplt8m2.dat
- 2009-07-14 02:36 . 2012-04-20 20:34 664796 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-20 21:56 664796 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-20 20:34 122654 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-20 21:56 122654 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-04-15 19:02 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-20 22:32 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-15 19:02 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-12-23 17:31 . 2011-12-23 17:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:01 . 2012-04-20 23:59 477008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-20 20:54 477008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-20 22:32 . 2009-09-01 20:14 1429504 c:\windows\system64\spool\drivers\x64\3\hpltren7.exe
+ 2012-04-20 22:32 . 2009-09-01 20:14 1429504 c:\windows\system32\spool\drivers\x64\3\hpltren7.exe
+ 2010-10-14 04:45 . 2012-04-20 23:59 3125721 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-713368250-3398300864-362228461-1000-12288.dat
+ 2012-04-20 21:38 . 2012-04-20 21:38 8399360 c:\windows\Installer\2b169f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files (x86)\WinFast\WFDTV\WFWIZ.exe" [2008-05-30 2887680]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"MusicManager"="c:\users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2012-04-04 166624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
NexDef Plug-in.lnk - c:\users\Brian\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-7-7 473616]
United Airlines Auto Update Conduit (English).lnk - c:\users\Brian\United Airlines Auto Update Conduit (English)\en\ua_conduit_en.exe [2011-10-27 1432064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dtella.lnk - c:\program files (x86)\Dtella@Purdue\dtella.exe [2010-1-22 4584364]
For The Record Server Status Notifier.lnk - c:\program files (x86)\For The Record\Server Status Notifier\ForTheRecord.UI.ServerStatus.exe [2011-12-30 134656]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 35328]
OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-8-5 74240]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-6-11 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ForTheRecordServices;For The Record Core Services;c:\program files (x86)\For The Record\Services\ForTheRecord.WindowsService.exe [2011-12-30 60416]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-05 24064]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-09-10 18432]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-14 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-11 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-06-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [x]
R3 SaiH0C2D;SaiH0C2D;c:\windows\system32\DRIVERS\SaiH0C2D.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-03 3246040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ForTheRecordIMBot;For The Record IM-Bot Service;c:\program files (x86)\For The Record\IMBot Service\ForTheRecord.IMBot.exe [2011-12-30 65024]
S2 ForTheRecordRecorderTuner;For The Record Recorder/Tuner Service;c:\program files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.WindowsService.exe [2011-12-30 65536]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S3 3xHybr64;WinFast HDTV200 H;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:03]
.
2012-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-20 02:58]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 18:03]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 18:03]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 22:23]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713368250-3398300864-362228461-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 22:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-10-20 394768]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
"KeyLemon LemonScreen"="c:\program files\KeyLemon\KLLockEngine.exe" [2011-12-19 994624]
"KeyLemon Updater"="c:\program files\KeyLemon\KLUpdater.exe" [2011-12-19 702272]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\q065kvf4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://comcast.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-713368250-3398300864-362228461-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:af,ea,22,70,42,fa,39,d8,c3,e4,82,fb,ce,c0,21,1e,83,66,d3,04,68,0f,77,
a5,4a,33,33,8a,7e,35,18,b7,b7,d8,1e,b0,0b,74,ed,24,4e,d5,56,fb,79,30,33,a0,\
"??"=hex:56,11,67,c2,c7,e8,a8,eb,ce,95,9e,55,ed,62,f9,42
.
[HKEY_USERS\S-1-5-21-713368250-3398300864-362228461-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,b9,70,76,c5,ea,90,0c,25,bc,e5,d8,95,4f,eb,6c,42,5d,7d,a4,3c,
6a,c7,5f,71,46,ab,0b,6f,92,e7,32,d2,b4,eb,db,df,66,08,33,ba,a8,bb,e9,27,79,\
"rkeysecu"=hex:ec,37,5d,48,1d,d1,4e,77,cb,52,68,94,77,8c,45,a0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Guide Enricher\GuideEnricherService.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Last.fm\LastFM.exe
c:\program files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.CardHost.exe
.
**************************************************************************
.
Completion time: 2012-04-20 20:30:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 00:30
ComboFix2.txt 2012-04-20 21:05
.
Pre-Run: 165,021,179,904 bytes free
Post-Run: 165,929,558,016 bytes free
.
- - End Of File - - 3AB987C9296ADC370B222F269EAECBAB

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 21 April 2012 - 06:53 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 21 April 2012 - 09:28 AM

18 Wheels of Steel: American Long Haul
911 - First Responders
abcAVI
AC-3 ACM Codec
AC3Filter 1.63b
ACARS MSFS 1.0
Aces High
Acronis True Image Home 2011
Active Sky 2012
Active Sky Evolution
ADDS Flight Path Tool
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Media Player
Adobe Story
Adobe Widget Browser
Aircraft Situation Editor
Airport Tycoon 2
Airport Tycoon 3
Akamai NetSession Interface
Apache HTTP Server 2.2.17
ApexDC++ 1.3.9 (64bit)
Apple Application Support
Apple Software Update
ArcSoft TotalMedia 3
ATCsimulator®2 (Build 3.3.0.17) Professional Edition
Audacity 1.3.12
Audacity 1.3.13 (Unicode)
AviSynth 2.5
BlackBox Simulation - Boeing 757 Professional
BlackBox Simulation Airbus Professional
BootDisk2BootStick 0.12
Camtasia Studio 6
Cisco AnyConnect Diagnostics and Reporting Tool
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Cities In Motion
Cities In Motion - Metro Stations
Cities In Motion - Patch 1.0.21
Cities In Motion - Tokyo
Cities In Motion - U.S. Cities
Cities XL 2011
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Cloud9 Washington National FS9 1.0.2
Continental Airlines Timetable
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
Cuttermaran 1.70
D3DX10
DAEMON Tools Lite
Data Lifeguard Diagnostic for Windows 1.22
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Degrib 1.96 (aka NDFD GRIB2 Decoder)
Dolby Digital Live Pack
doubleTwist
Driver Cleaner.NET
Dropbox
Dtella@Purdue 1.2.6
DTS Connect Pack
DVD Architect Pro 5.0
DVD Shrink 3.2
EA Download Manager
Emergency 2012
ERJ145LR v2 World Airliners 1 (v1.0)
ExpeditionLT
Farming Simulator 2011
ffdshow [rev 3154] [2009-12-09]
Fiddler2
FileZilla Client 3.5.3
Fly the Maddog liveries
Fly the Maddog Professional 2010 Edition
Fonebook
For The Record 1.6.0.2
Fraps (remove only)
Freight Tycoon
FrostWire 4.21.8
FS Flight Keeper
FS2Crew: iFly737NG Button Control Edition
FSBuild 2
Fsbuild 2.4.0.17
FSDreamTeam Ohare9 1.1.1
FSFDT FSCopilot
FSFDT FSInn
FSNavigator
Fuel Loader
Google Chrome
Google Contact Sync
Google Earth
Google Update Helper
Google Updater
gSyncit
Guide Enricher
Haali Media Splitter
High-Logic FontCreator 6.0
Homeland Defense National Security Patrol
HP USB Disk Storage Format Tool
IBM SPSS Statistics 19
IceChat 7.70 (Build 20101031)
iFly Jets - The 737NG for FS2004
ImgBurn
Java Auto Updater
Java™ 6 Update 29
JMicron JMB36X Driver
Just Flight 777 Professional v1.00
KATL Atlanta
KDEN Denver
KIAD Washington (FS2004 Update 08 DEC 2008)
KMCI Kansas City
Lagarith Lossless Codec (1.3.25)
Lame ACM MP3 Codec
LAME v3.98.3 for Audacity
Last.fm 1.5.4.27091
Lernout & Hauspie TruVoice American English TTS Engine
Level-D Simulations 767-300
LogMeIn Hamachi
Magical Jelly Bean KeyFinder
MediaMonkey 4.0
Mesh Runtime
Messenger Companion
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKVtoolnix 4.1.0
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MusicBrainz Picard
NexDef Plug-in
nHancer
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenVPN Connect
OutSync
PandoraRecovery (Remove Only)
PdaNet for Android 2.45
PDF Settings CS5
PHP 5.3.8
Picasa 3
PosteRazor
Prison Tycoon Alcatraz
PSPP
PSS - Boeing 757 Pro. v1.3
PuTTY version 0.60
PxMergeModule
QuickTime
Real Environment Xtreme for FS2004 - Overdrive
Real Environment Xtreme FS2004
Realtek High Definition Audio Driver
RigNRoll (Remove Only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shareaza 2.5.5.0
Ski Region Simulator 2012
Skype Click to Call
Skype Toolbar for Outlook
Skype™ 5.5
Smart Defrag 2
Sound Blaster X-Fi
SpamBayes 1.1a6
Spotify
Star Alliance TravelDesk
TeamSpeak 2 RC2
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 World Adventures
Tower! 2011 SP1a
TrueCrypt
TS3 Admin
TS3 Install Helper Monkey
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
TWRTrainer
UltiDev Cassini Web Server Explorer
UltiDev Cassini Web Server for ASP.NET 2.0
Ultimate Terrain - USA
United Airlines Auto Update Conduit (English)
United BlackBerry
United TravelDesk
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAToceanic
VCA FS Flight Keeper
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.0
VRC
Vuze
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Edition MPEG Codec Plug-in
WinFast Multimedia Driver Installation
World of Subways Vol.2
x264vfw - H.264/MPEG-4 AVC codec (remove only)
XAcars for Microsoft Flightsimulator
XBMC
Xiph.Org Open Codecs 0.85.17777
Xvid Video Codec

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 21 April 2012 - 09:51 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

FrostWire 4.21.8
Java™ 6 Update 29
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 netghost1115

netghost1115
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 21 April 2012 - 10:56 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brian :: BRIAN-PC [administrator]

Protection: Enabled

4/21/2012 11:47:22 AM
mbam-log-2012-04-21 (11-47-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257724
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:33 AM, on 4/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Dtella@Purdue\dtella.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Users\Brian\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Users\Brian\United Airlines Auto Update Conduit (English)\en\ua_conduit_en.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Cuttermaran\Cuttermaran.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Cuttermaran\Cuttermaran.exe
C:\Program Files (x86)\Cuttermaran\Cuttermaran.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.nisw145s2.tech.purdue.edu
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [WinFast Schedule] C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [AdobeBridge] (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-713368250-3398300864-362228461-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: NexDef Plug-in.lnk = Brian\AppData\Local\Autobahn\nexdef.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O4 - Startup: United Airlines Auto Update Conduit (English).lnk = Brian\United Airlines Auto Update Conduit (English)\en\ua_conduit_en.exe
O4 - Global Startup: Dtella.lnk = C:\Program Files (x86)\Dtella@Purdue\dtella.exe
O4 - Global Startup: For The Record Server Status Notifier.lnk = C:\Program Files (x86)\For The Record\Server Status Notifier\ForTheRecord.UI.ServerStatus.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: OpenVPN Connect.lnk = C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files (x86)\skype\toolbars\Shared\skype4comapi.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: For The Record IM-Bot Service (ForTheRecordIMBot) - For The Record - C:\Program Files (x86)\For The Record\IMBot Service\ForTheRecord.IMBot.exe
O23 - Service: For The Record Recorder/Tuner Service (ForTheRecordRecorderTuner) - For The Record - C:\Program Files (x86)\For The Record\RecorderTuner Service\ForTheRecord.RecorderTuner.WindowsService.exe
O23 - Service: For The Record Core Services (ForTheRecordServices) - For The Record - C:\Program Files (x86)\For The Record\Services\ForTheRecord.WindowsService.exe
O23 - Service: Guide Enricher (GuideEnricher) - Unknown owner - C:\Program Files (x86)\Guide Enricher\GuideEnricherService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NPVR Recording Service - Unknown owner - C:\Program Files (x86)\NPVR\NRecord.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 23062 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users