Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 SafeDragon

SafeDragon

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 21 April 2012 - 11:23 PM

Hi, I have a Sony Vaio all-in-one, Windows 7 Home Premium, 64bit desktop, with service pack 1, with 4G RAM and DVD-RW/BD-ROM drive.

There are two user accounts on it, and one of the accounts will constantly redirect Google searches, with a site called "Happili" showing up as well.

Installed is the Comodo Internet Security suite.

As per the prep guide, I ran Defogger, but I could not get DDS.scr to run. I "exited" Comodo through the system tray icon, and even added the program to the list of trusted files, and tried running it in a sandbox to see if it would even start, but nothing happens. If this is still Comodo's fault, I don't know how to get around it.

Thank you so much for whatever help or advice you can share, I really appreciate it :)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 22 April 2012 - 12:24 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 22 April 2012 - 05:53 PM

Hi,

I booted the PC into recovery mode, with the flashdrive that has FRST on it plugged in, but since the user account experiencing the redirect problem doesn't have administrator privilege (I don't think) I signed into the other one, and ran frst64 from the command prompt. It asked me to shut it down after making some initial preparations, and run it again, which I did. It then created the log, whose contents I'm pasting in below.

This all happened very easily, with no snags or unexpected pop ups.

Thank you!


Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 22-04-2012 15:00:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

[11855976 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

[2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite

\BtvStack.exe" [790688 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

[657568 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-07-25]

(Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-07-25]

(Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-07-25]

(Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe"

/DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home

Theater v4\pcee4.exe" -autostart [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB

\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software

Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal

Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion

Corporation)
HKU\Ja K\...\Run: [Spotify] "C:\Users\Ja K\AppData\Roaming\Spotify\Spotify.exe"

/uri spotify:autostart [4011184 2012-03-16] (Spotify Ltd)
HKU\Ja K\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized

/regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Je K\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash

/minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Je K\...\Run: [Spotify] "C:\Users\Je K\AppData\Roaming\Spotify\spotify.exe"

/uri spotify:autostart [4011184 2012-03-15] (Spotify Ltd)
HKU\Je K\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

[1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\guard64.dll

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin

\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [253088 2012-04-14] (Adobe Systems Incorporated)
2 APC Data Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition

\dataserv.exe" [21880 2010-09-14] (American Power Conversion Corporation)
2 APC UPS Service; "C:\Program Files (x86)\APC\APC PowerChute Personal Edition

\mainserv.exe" [705912 2010-09-14] (American Power Conversion Corporation)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite

\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-

06-15] (Atheros Commnucations)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"

[2815496 2012-03-11] (COMODO)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorDataMgrSvc.exe" [13336 2011-01-12] (Intel Corporation)
2 jhi_service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944

2011-02-23] (Intel Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office

\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe"

[49152 2011-06-15] ()
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

[174440 2010-01-09] (Microsoft Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe" [428384 2011-03-15] (Sony Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service"

"/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=

\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk

Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=

\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor

(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=

\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1"

"/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony

Corporation\VAIO Care\inteldata" [259512 2011-07-22] (Sony Corporation)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-

29] (Skype Technologies)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe"

[113824 2011-02-21] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67232

2011-02-21] (Sony Corporation)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\SPF\SpfService64.exe" [286936 2011-01-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects

2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS

\UNS.exe" [2656536 2011-06-06] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe"

[66696 2011-07-07] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management

\SPMService.exe" [552584 2011-05-31] (Sony Corporation)
3 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder

Watcher\VCFw.exe" [887000 2011-01-20] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager

\VcmIAlzMgr.exe" [549616 2011-05-19] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager

\VcmINSMgr.exe" [385336 2011-02-18] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml

\VcmXmlIfHelper64.exe" [99104 2011-02-18] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [53176 2011-07-24]

(Sony Corporation)
2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client

\VIPAppService.exe" [84088 2011-04-13] (Symantec Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [969352

2011-07-15] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1380480 2011-06

-30] (Sony Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-

05-26] (ArcSoft, Inc.)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-06-15] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [51872 2011-06-15] (Windows ®

Win 7 DDK provider)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [259744 2011-06-15]

(Atheros)
3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [109216 2011-06-15]

(Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [29344 2011-06-15] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [166048 2011-06-15]

(Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [59040 2011-06-15]

(Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [283296 2011-06-15]

(Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [289440 2011-06-15] (Atheros)
1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-22] (DT

Soft Ltd)
3 e1yexpress; C:\Windows\System32\DRIVERS\e1y60x64.sys [281088 2009-06-10] (Intel

Corporation)
3 hidkmdf; C:\Windows\System32\Drivers\hidkmdf.sys [16152 2011-05-03] (Windows ®

Win 7 DDK provider)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
3 NWVoltron; C:\Windows\System32\Drivers\NWVoltron.sys [28440 2011-05-03] ()
3 NWWakeFilterV; C:\Windows\System32\Drivers\NWWakeFilterV.sys [16152 2011-05-03]

(n/a)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2011-07-19] (June Fabrics

Technology Inc.)
3 PTAPCBUS; C:\Windows\System32\Drivers\PTAPCBUS.sys [103040 2011-06-23] (DEVGURU

Co., LTD.)
3 PTAPCMDM; C:\Windows\System32\Drivers\PTAPCMDM.sys [183424 2011-06-23] (DEVGURU

Co., LTD.(www.devguru.co.kr))
3 PTAPCVSP; C:\Windows\System32\Drivers\PTAPCVSP.sys [183424 2011-06-23] (DEVGURU

Co., LTD.(www.devguru.co.kr))
2 rimspci; C:\Windows\System32\drivers\rimssne64.sys [102400 2011-06-02] (REDC)
2 risdsnpe; C:\Windows\System32\drivers\risdsnxc64.sys [98816 2011-06-02] (REDC)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft

Corporation)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft

Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-21 20:03 - 2012-03-01 15:53 - 0607260 ____A (Swearware) C:\Users\Ja K

\Desktop\dds.scr
2012-04-21 19:56 - 2012-04-21 19:54 - 0000482 ____A C:\Users\Ja K\Desktop

\defogger_disable.log
2012-04-21 19:56 - 2011-10-31 15:29 - 0000000 ____A C:\Users\Ja K\defogger_reenable
2012-04-21 19:54 - 2012-04-21 20:03 - 0050477 ____A C:\Users\Ja K\Desktop

\Defogger.exe
2012-04-21 17:22 - 2012-04-15 23:58 - 0051712 ____A C:\Users\Je K\Desktop\Timesheet

- Copy.doc
2012-04-21 17:12 - - 0786050 ____A C:\Users\Je K\Desktop\2012-04-20 23.39.51.jpg
2012-04-21 04:39 - 2012-04-21 04:33 - 0000099 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -3- Power To The People.URL
2012-04-21 04:39 - 2012-02-15 03:28 - 0000128 ____A C:\Users\Je K\Desktop\DIGGSTOWN

(1992) James Woods. Louis Gossett Jr. Oliver Platt. Heather Graham..URL
2012-04-21 04:38 - 2012-04-21 04:31 - 0000096 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -1- Come Fly With Me.URL
2012-04-21 04:37 - 2012-04-21 04:39 - 0000081 ____A C:\Users\Je K\Desktop\James

Mays Top Toys (2005).URL
2012-04-21 04:37 - 2012-02-03 02:11 - 0000120 ____A C:\Users\Je K\Desktop

\RETROACTIVE (1997-Starring James Belushi... A cool time-travel film).URL
2012-04-21 04:36 - 2012-04-13 02:34 - 0000092 ____A C:\Users\Je K\Desktop\James May

At The Edge Of Space (2009).URL
2012-04-21 04:33 - 2012-04-21 04:38 - 0000091 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -2- Man-Machine.URL
2012-04-21 04:31 - 2012-04-21 04:36 - 0000091 ____A C:\Users\Je K\Desktop\James May

My Sisters Top Toys (2007).URL
2012-04-21 00:21 - 2012-04-08 14:56 - 733091629 ____A C:\Users\Je K\Downloads

\sgs.avi
2012-04-21 00:20 - 2012-04-18 18:53 - 361994514 ____A C:\Users\Je K\Downloads\303

mm.avi
2012-04-20 13:58 - - 379395270 ____A C:\Users\Je K\Downloads\101 cs.avi
2012-04-19 02:10 - 2012-03-16 00:51 - 0000069 ____A C:\Users\Je K\Desktop\Peter

Lerangis - Wikipedia, the free encyclopedia.URL
2012-04-19 02:04 - 2012-01-21 01:08 - 0000092 ____A C:\Users\Je K\Desktop\The 39

Clues - Wikipedia, the free encyclopedia.URL
2012-04-19 01:50 - 2012-04-14 09:05 - 144839684 ____A C:\Users\Je K\Downloads\103

twlg.mp4
2012-04-19 01:49 - 2012-04-20 19:17 - 358000639 ____A C:\Users\Je K\Downloads\5010

h.mp4
2012-04-18 19:55 - 2012-03-28 18:41 - 3914686 ____A C:\Users\Ja K\Desktop\T J M

S.mp4
2012-04-18 02:40 - 2012-04-19 10:44 - 0000000 ____D C:\Program Files

(x86)\CouponAlert_2pEI
2012-04-15 23:58 - 2012-04-21 04:37 - 0001072 ____A C:\Users\Je K\Desktop\Ja K -

Shortcut.lnk
2012-04-15 16:22 - 2012-04-12 17:57 - 0000062 ____A C:\Users\Je K\Desktop\Looper

(2012) - IMDb.URL
2012-04-15 13:53 - 2012-04-15 15:49 - 0043738 ____A C:\Users\Ja K\.recently-

used.xbel
2012-04-14 02:06 - 2012-04-21 04:37 - 0000000 ____D C:\Users\Je K\Desktop\sites to

use or explore more
2012-04-13 19:58 - 2012-04-02 03:31 - 0000197 ____A C:\Users\Je K\Desktop\With a

little help from his (famous) friends Paul McCartney ropes in Hollywood A-listers

Johnny Depp and Natalie Portman for.URL
2012-04-13 18:49 - 2012-04-08 04:52 - 22909218 ____A C:\Users\Je K\Downloads\J Girl

CI.mp4
2012-04-13 02:34 - 2012-04-19 05:41 - 0000071 ____A C:\Users\Je K\Desktop\THE

CASUAL VACANCY - Little, Brown Book Group.URL
2012-04-13 02:34 - 2012-01-29 02:10 - 0000059 ____A C:\Users\Je K\Desktop\J.K.

Rowling.URL
2012-04-12 17:57 - 2012-03-01 21:52 - 0002271 ____A C:\Users\Je K\Desktop

\Kindle.lnk
2012-04-12 17:57 - 2011-10-29 12:02 - 0000000 ____D C:\Users\Je K\Documents\My

Kindle Content
2012-04-12 17:56 - 2012-03-17 00:33 - 28901696 ____A (Amazon.com) C:\Users\Je K

\Downloads\KindleForPC-installer.exe
2012-04-12 17:56 - 2011-10-31 21:56 - 0000000 ____D C:\Users\Je K\AppData\Local

\Amazon
2012-04-12 02:29 - 2012-01-30 17:51 - 12392190 ____A C:\Users\Ja K\Desktop\J F-

SD.mp4
2012-04-11 02:06 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.tlb
2012-04-11 02:06 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:

\Windows\System32\mshtmled.dll
2012-04-11 02:06 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.tlb
2012-04-11 02:06 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtmled.dll
2012-04-11 02:06 - 2011-05-26 12:06 - 2144256 ____A (Microsoft Corporation) C:

\Windows\System32\iertutil.dll
2012-04-11 02:05 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:

\Windows\System32\jsproxy.dll
2012-04-11 02:05 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:

\Windows\System32\urlmon.dll
2012-04-11 02:05 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:

\Windows\System32\jscript9.dll
2012-04-11 02:05 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jsproxy.dll
2012-04-11 02:05 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\urlmon.dll
2012-04-11 02:05 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 9705984 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieframe.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 1792000 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\iertutil.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 17790976 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 12281856 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 10888704 ____A (Microsoft Corporation) C:

\Windows\System32\ieframe.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 0248320 ____A (Microsoft Corporation) C:

\Windows\System32\ieui.dll
2012-04-11 02:05 - 2011-05-26 12:06 - 0176640 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieui.dll
2012-04-11 02:05 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:

\Windows\System32\inetcpl.cpl
2012-04-11 02:05 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\inetcpl.cpl
2012-04-11 02:05 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wininet.dll
2012-04-11 02:05 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:

\Windows\System32\wininet.dll
2012-04-11 02:05 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:

\Windows\System32\url.dll
2012-04-11 02:05 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:

\Windows\System32\jscript.dll
2012-04-11 02:05 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\url.dll
2012-04-11 02:05 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript.dll
2012-04-11 02:04 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:

\Windows\System32\ntoskrnl.exe
2012-04-11 02:04 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 02:04 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 02:01 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:

\Windows\System32\Drivers\fs_rec.sys
2012-04-11 02:01 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:

\Windows\System32\wintrust.dll
2012-04-11 02:01 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:

\Windows\System32\imagehlp.dll
2012-04-11 02:01 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:

\Windows\System32\wmi.dll
2012-04-11 02:01 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wintrust.dll
2012-04-11 02:01 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wmi.dll
2012-04-11 02:01 - 2007-03-10 01:11 - 0159232 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\imagehlp.dll
2012-04-09 19:25 - 2012-04-02 19:59 - 0000000 ____D C:\Users\Je K\Downloads\ITA
2012-04-08 14:58 - 2012-03-15 14:50 - 64090754 ____A C:\Users\Je K\Downloads\MS_

TTT.mp4
2012-04-08 14:55 - 2012-04-08 14:59 - 35294726 ____A C:\Users\Je K\Downloads

\MSRL.mp4
2012-04-08 04:53 - 2012-04-12 01:10 - 301883064 ____A C:\Users\Je K\Downloads

\I_S_S.mp4
2012-04-08 04:50 - 2012-04-08 04:56 - 162982123 ____A C:\Users\Je K\Downloads

\I_S47.mp4
2012-04-08 04:47 - 2012-04-08 04:47 - 166086979 ____A C:\Users\Je K\Downloads

\S_F_D_C_C_C.mp4
2012-04-08 04:45 - 2012-04-20 00:04 - 172158308 ____A C:\Users\Je K\Downloads

\S_F_D_B_N.mp4
2012-04-08 04:22 - 2012-04-12 17:56 - 216581474 ____A C:\Users\Je K\Downloads

\L_A_P_T_B_L_B.mp4
2012-04-07 18:13 - 2012-04-18 22:55 - 0326659 ____A C:\Users\Ja K\Desktop\WP POI-

MagSH-MystG, APRIL 2012.jpg
2012-04-07 11:42 - - 0000000 ____D C:\Users\Ja K\AppData\Local\Apps\2.0
2012-04-05 22:02 - 2012-03-25 09:37 - 0153301 ____A C:\Users\Ja K\Desktop\new

1.txt
2012-04-05 14:33 - 2012-04-05 14:32 - 8571185 ____A C:\Users\Ja K\Documents\Je R F

A F.png
2012-04-05 14:32 - 2012-04-05 14:31 - 8571859 ____A C:\Users\Ja K\Documents\Ja R F

A F 2.png
2012-04-05 14:31 - 2011-12-12 19:38 - 9883570 ____A C:\Users\Ja K\Documents\Ja ID

a.png
2012-04-04 20:23 - 2012-04-18 02:40 - 0000000 ____D C:\Program Files (x86)\Coupons
2012-04-04 20:23 - 2012-04-02 17:22 - 1284232 ____A (Coupons.com Incorporated) C:

\Users\Je K\Downloads\couponprinter.exe
2012-04-04 03:33 - 2012-01-31 02:51 - 0000127 ____A C:\Users\Je K\Desktop\Midnight

Oil Productions Hollywood Writers’ Series – Part 7 with Dan Shotz.URL
2012-04-04 02:58 - 2012-01-10 00:07 - 0000120 ____A C:\Users\Je K\Desktop\Sony

Hires Matthew Federman & Stephen Scaia To Pen 'Zorro' Reboot - Deadline.com.URL
2012-04-04 00:00 - 2011-12-22 15:02 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Atheros
2012-04-03 22:13 - 2012-03-08 02:15 - 0000062 ____A C:\Users\Je K\Desktop\George

Takei.URL
2012-04-02 20:01 - 2012-04-21 17:12 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Gmote
2012-04-02 20:01 - 2012-03-01 13:09 - 0001031 ____A C:\Users\Je K\Start Menu

\Programs\Startup\GmoteServer.lnk
2012-04-02 20:01 - 2012-03-01 13:09 - 0001031 ____A C:\Users\Je K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
2012-04-02 20:01 - 2012-02-11 02:39 - 0000000 ___HD C:\Program Files

(x86)\InstallJammer Registry
2012-04-02 20:00 - 2011-12-12 19:38 - 0000000 ____D C:\Program Files

(x86)\GmoteServer
2012-04-02 19:59 - 2012-04-02 12:12 - 24363190 ____A (Gmote.org) C:\Users\Je K

\Downloads\GmoteServer-2.0.2-Setup.exe
2012-04-02 17:24 - 2012-04-21 05:27 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\WeatherBug
2012-04-02 17:24 - 2011-11-07 21:48 - 0000000 ____D C:\Users\Je K\AppData\Local

\WeatherBug
2012-04-02 17:24 - 2011-11-05 22:48 - 0001806 ____A C:\Users\Je K\Desktop

\WeatherBug.lnk
2012-04-02 17:24 - 2011-08-14 00:53 - 0000000 ____D C:\Users\All Users\Premium
2012-04-02 17:24 - 2011-08-14 00:53 - 0000000 ____D C:\ProgramData\Premium
2012-04-02 17:24 - 2011-08-13 23:25 - 0000000 ____D C:\Program Files (x86)\AWS
2012-04-02 17:22 - 2012-03-29 14:56 - 0000000 ____D C:\codec-info
2012-04-02 17:22 - 2012-03-13 21:29 - 0266224 ____A (Premium) C:\Users\Je K

\Downloads\Codec-C.exe
2012-04-02 17:22 - 2011-12-23 23:01 - 0000000 ____D C:\Users\Je K\AppData\Local

\Google
2012-04-02 17:22 - 2011-10-29 12:02 - 0000000 ____D C:\Users\Je K\AppData\Local

\Premiumplay Codec-C
2012-04-02 17:22 - 2011-10-29 11:56 - 0000000 ____D C:\Program Files

(x86)\Premiumplay Codec-C
2012-04-02 12:12 - 2012-02-15 03:28 - 0056320 ____A C:\Users\Je K\Downloads\free-

timesheet-template.doc
2012-04-02 03:31 - 2012-01-19 20:25 - 0000061 ____A C:\Users\Je K\Desktop\Wildlife

Wallpapers Defenders of Wildlife.URL
2012-04-02 03:02 - 2012-04-21 02:54 - 0000000 ____D C:\Users\Je K\Desktop\Dr S L
2012-03-30 12:14 - 2012-04-14 03:14 - 8741536 ____A (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-30 11:18 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 11:18 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 14:55 - 2011-10-31 16:05 - 0026829 ____A C:\1020.log
2012-03-29 14:55 - 2010-11-20 19:24 - 0192512 ____A C:\Windows

\System32\ZLhp1020.DLL
2012-03-29 14:55 - 2010-11-20 19:24 - 0128820 ____A C:\Windows\System32\hp1020.img
2012-03-29 14:55 - 2010-05-13 22:48 - 0245248 ____A () C:\Windows

\System32\zshp1020s.dll
2012-03-29 14:55 - 2010-05-13 22:48 - 0010632 ____A C:\Windows

\System32\ZSHP1020.CHM
2012-03-29 14:55 - 2010-05-13 21:52 - 0501760 ____A C:\Windows

\System32\ZSHP1020.EXE
2012-03-29 14:54 - 2012-03-19 21:13 - 2954536 ____A C:\Users\Ja K\Downloads\lj1020

-HB-pnp-win64-en.exe
2012-03-29 14:12 - 2012-04-02 20:01 - 0000000 ____D C:\Program Files

(x86)\Hewlett-Packard
2012-03-29 14:12 - 2011-11-02 09:02 - 0143360 ___RA (Zenographics) C:\Windows

\apptune1020.exe
2012-03-29 14:12 - 2011-08-14 00:04 - 0000000 ___HD C:\Program Files

(x86)\Zenographics
2012-03-29 14:12 - 2010-11-20 19:24 - 0106496 ___RA C:\Windows

\SysWOW64\vshp1020.dll
2012-03-29 14:12 - 2010-11-20 19:24 - 0102400 ___RA (Zenographics, Inc.) C:

\Windows\SysWOW64\ZLhp1020.dll
2012-03-29 14:12 - 2009-07-13 19:20 - 0028672 ___RA (Zenographics, Inc.) C:

\Windows\SysWOW64\IMF32.DLL
2012-03-29 14:12 - 2009-07-13 19:20 - 0002871 ____A C:\Windows\SysWOW64\zhp1020.log
2012-03-29 14:12 - 2009-07-13 17:14 - 0128820 ___RA C:\Windows\SysWOW64\hp1020.img
2012-03-29 14:12 - 2006-01-28 08:00 - 0442368 ___RA () C:\Windows

\SysWOW64\zshp1020.exe
2012-03-29 14:12 - 2006-01-28 08:00 - 0086016 ___RA (Zenographics, Inc.) C:

\Windows\SysWOW64\ZSPOOL.DLL
2012-03-29 14:12 - 2006-01-28 08:00 - 0028672 ___RA (Zenographics, Inc.) C:

\Windows\SysWOW64\zlm.dll
2012-03-29 14:12 - 2006-01-28 08:00 - 0024576 ___RA (Zenographics, Inc.) C:

\Windows\SysWOW64\ZTAG32.DLL
2012-03-29 14:12 - 2006-01-28 08:00 - 0007294 ___RA C:\Windows

\SysWOW64\ZSHP1020.HLP
2012-03-28 18:40 - 2012-01-30 13:48 - 0000000 ____D C:\Users\Ja K\Desktop\Tdss

killer
2012-03-28 18:39 - 2012-01-15 12:11 - 0136168 ____A C:

\TDSSKiller.2.7.23.0_28.03.2012_19.39.33_log.txt
2012-03-28 17:41 - 2011-10-31 17:38 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Malwarebytes
2012-03-24 22:42 - 2012-01-21 01:06 - 22259528 ____A C:\Users\Je K\Downloads\vlc-

2.0.1-win32.exe
2012-03-24 17:05 - 2012-02-03 18:49 - 0000000 ____D C:\Users\Ja K\Documents\PDF's


============ 3 Months Modified Files and Folders =============

2012-04-22 15:00 - 2012-04-22 14:59 - 0000000 ____D C:\FRST
2012-04-22 13:31 - 2011-12-29 18:17 - 1474832 ____A C:\Windows\System32\Drivers

\sfi.dat
2012-04-22 13:30 - 2012-01-15 14:11 - 0000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-04-22 13:30 - 2011-10-23 20:39 - 3101081600 __ASH C:\hiberfil.sys
2012-04-22 13:30 - 2011-09-21 02:02 - 1132506 ____A C:\Windows\WindowsUpdate.log
2012-04-22 13:30 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 13:30 - 2009-07-13 20:51 - 0071712 ____A C:\Windows\setupact.log
2012-04-22 13:29 - 2011-10-31 23:16 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Skype
2012-04-22 13:15 - 2012-01-23 17:21 - 0000000 ____D C:\Users\Ja K\AppData\Local

\Spotify
2012-04-22 13:15 - 2012-01-23 17:20 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Spotify
2012-04-22 13:15 - 2009-07-13 21:13 - 0778834 ____A C:\Windows

\System32\PerfStringBackup.INI
2012-04-22 13:15 - 2009-07-13 20:45 - 0028576 ___AH C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 13:15 - 2009-07-13 20:45 - 0028576 ___AH C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 13:14 - 2012-03-30 11:18 - 0000830 ____A C:\Windows\Tasks\Adobe Flash

Player Updater.job
2012-04-22 13:10 - 2011-11-20 12:30 - 0000000 ___RD C:\Users\Ja K\Dropbox
2012-04-22 13:10 - 2011-11-20 12:27 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Dropbox
2012-04-22 00:06 - 2011-10-29 12:33 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Skype
2012-04-22 00:05 - 2011-10-31 14:47 - 0000000 ____D C:\Users\Je K\Documents

\Bluetooth Folder
2012-04-22 00:03 - 2012-01-21 01:06 - 0000000 ____D C:\Users\Je K\AppData\Local

\Spotify
2012-04-21 20:03 - 2012-04-21 20:03 - 0607260 ____A (Swearware) C:\Users\Ja K

\Desktop\dds.scr
2012-04-21 19:56 - 2012-04-21 19:56 - 0000482 ____A C:\Users\Ja K\Desktop

\defogger_disable.log
2012-04-21 19:56 - 2012-04-21 19:56 - 0000000 ____A C:\Users\Ja K\defogger_reenable
2012-04-21 19:56 - 2011-10-31 15:29 - 0000000 ____D C:\users\Ja K
2012-04-21 19:54 - 2012-04-21 19:54 - 0050477 ____A C:\Users\Ja K\Desktop

\Defogger.exe
2012-04-21 19:34 - 2012-01-21 01:06 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Spotify
2012-04-21 19:30 - 2011-10-31 15:30 - 0000000 ____D C:\Users\Ja K\Documents

\Bluetooth Folder
2012-04-21 17:29 - 2012-04-21 17:22 - 0051712 ____A C:\Users\Je K\Desktop\Timesheet

- Copy.doc
2012-04-21 17:29 - 2012-04-02 03:02 - 0000000 ____D C:\Users\Je K\Desktop\Dr S L
2012-04-21 17:12 - 2012-04-21 17:12 - 0786050 ____A C:\Users\Je K\Desktop\2012-04-

20 23.39.51.jpg
2012-04-21 17:12 - 2011-11-28 09:28 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Dropbox
2012-04-21 16:26 - 2011-10-30 21:06 - 0000000 ____D C:\Users\Ja K\Desktop\For eBay
2012-04-21 14:06 - 2012-04-02 20:01 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Gmote
2012-04-21 14:06 - 2011-11-28 09:31 - 0000000 ___RD C:\Users\Je K\Dropbox
2012-04-21 05:27 - 2011-11-28 16:00 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\vlc
2012-04-21 04:39 - 2012-04-21 04:39 - 0000128 ____A C:\Users\Je K\Desktop\DIGGSTOWN

(1992) James Woods. Louis Gossett Jr. Oliver Platt. Heather Graham..URL
2012-04-21 04:39 - 2012-04-21 04:39 - 0000099 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -3- Power To The People.URL
2012-04-21 04:38 - 2012-04-21 04:38 - 0000096 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -1- Come Fly With Me.URL
2012-04-21 04:37 - 2012-04-21 04:37 - 0000120 ____A C:\Users\Je K\Desktop

\RETROACTIVE (1997-Starring James Belushi... A cool time-travel film).URL
2012-04-21 04:37 - 2012-04-21 04:37 - 0000081 ____A C:\Users\Je K\Desktop\James

Mays Top Toys (2005).URL
2012-04-21 04:36 - 2012-04-21 04:36 - 0000092 ____A C:\Users\Je K\Desktop\James May

At The Edge Of Space (2009).URL
2012-04-21 04:33 - 2012-04-21 04:33 - 0000091 ____A C:\Users\Je K\Desktop\James

Mays Big Ideas -2- Man-Machine.URL
2012-04-21 04:31 - 2012-04-21 04:31 - 0000091 ____A C:\Users\Je K\Desktop\James May

My Sisters Top Toys (2007).URL
2012-04-21 02:54 - 2012-02-20 19:45 - 0000000 ____D C:\Users\Je K\Desktop\doing
2012-04-20 19:17 - 2012-04-21 00:20 - 361994514 ____A C:\Users\Je K\Downloads

\303.avi
2012-04-20 13:02 - 2011-11-08 14:37 - 0000000 ____D C:\Users\Ja K\Desktop\E P

Service
2012-04-20 02:45 - 2011-11-06 19:09 - 0000000 ____D C:\Users\Je K\Desktop\Je's

bookmarks
2012-04-20 00:04 - 2012-04-21 00:21 - 733091629 ____A C:\Users\Je K\Downloads\s.avi
2012-04-19 23:07 - 2012-04-14 02:06 - 0000000 ____D C:\Users\Je K\Desktop\sites to

use or explore more
2012-04-19 19:55 - 2012-04-02 17:24 - 0000000 ____D C:\Users\Je K\AppData\Local

\WeatherBug
2012-04-19 10:45 - 2011-10-29 12:33 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-19 10:44 - 2011-08-14 00:35 - 0000000 ____D C:\Users\All Users\Skype
2012-04-19 10:44 - 2011-08-14 00:35 - 0000000 ____D C:\ProgramData\Skype
2012-04-19 05:41 - 2011-12-01 00:47 - 0000000 ____D C:\Users\Je K\Desktop\the b
2012-04-19 02:10 - 2012-04-19 02:10 - 0000069 ____A C:\Users\Je K\Desktop\Peter

Lerangis - Wikipedia, the free encyclopedia.URL
2012-04-19 02:04 - 2012-04-19 02:04 - 0000092 ____A C:\Users\Je K\Desktop\The 39

Clues - Wikipedia, the free encyclopedia.URL
2012-04-18 23:33 - 2011-09-22 02:45 - 0000000 ____D C:\Users\Je K\Desktop\PHOTOS
2012-04-18 22:55 - 2011-11-01 21:52 - 6251008 __ASH C:\Users\Ja K\Desktop\Thumbs.db
2012-04-18 22:43 - 2011-10-31 15:57 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\vlc
2012-04-18 19:55 - 2012-04-18 19:55 - 3914686 ____A C:\Users\Ja K\Desktop\T J.mp4
2012-04-18 18:53 - 2012-04-19 01:50 - 144839684 ____A C:\Users\Je K\Downloads

\103.mp4
2012-04-18 02:40 - 2012-04-18 02:40 - 0000000 ____D C:\Program Files

(x86)\CouponAlert_2pEI
2012-04-17 21:11 - 2012-01-27 11:25 - 0002222 ____A C:\Users\Ja K\Documents\WW.txt
2012-04-17 11:16 - 2011-09-25 17:03 - 0000000 ____D C:\Users\Ja K\Desktop\Oliver

Sacks -- Musicophilia
2012-04-17 00:08 - 2012-02-02 22:16 - 0000000 ____D C:\Users\Je K\Desktop\camera

stuff
2012-04-15 23:58 - 2012-04-15 23:58 - 0001072 ____A C:\Users\Je K\Desktop\Ja K -

Shortcut.lnk
2012-04-15 23:58 - 2011-10-31 16:09 - 0351744 __ASH C:\Users\Je K\Desktop\Thumbs.db
2012-04-15 16:22 - 2012-04-15 16:22 - 0000062 ____A C:\Users\Je K\Desktop\Looper

(2012) - IMDb.URL
2012-04-15 15:49 - 2011-12-12 19:38 - 0000000 ____D C:\Users\Ja K\.gimp-2.6
2012-04-15 13:53 - 2012-04-15 13:53 - 0043738 ____A C:\Users\Ja K\.recently-

used.xbel
2012-04-15 13:53 - 2011-12-13 18:51 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\gtk-2.0
2012-04-14 10:58 - 2010-11-20 19:47 - 0580962 ____A C:\Windows\PFRO.log
2012-04-14 09:05 - 2012-04-20 13:58 - 379395270 ____A C:\Users\Je K\Downloads

\101.avi
2012-04-14 03:14 - 2012-03-30 12:14 - 8741536 ____A (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-14 03:14 - 2012-03-30 11:18 - 0418464 ____A (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-14 03:14 - 2011-08-14 00:04 - 0070304 ____A (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-14 02:06 - 2012-03-01 02:49 - 0000000 ____D C:\Users\Je K\Desktop\faves
2012-04-14 02:00 - 2012-01-31 02:02 - 0000000 ____D C:\Users\Je K\Desktop\coupons
2012-04-13 19:58 - 2012-04-13 19:58 - 0000197 ____A C:\Users\Je K\Desktop\With a

little help from his (famous) friends Paul McCartney ropes in Hollywood A-listers

Johnny Depp and Natalie Portman for.URL
2012-04-13 18:50 - 2012-04-13 18:49 - 22909218 ____A C:\Users\Je K\Downloads\J

G.mp4
2012-04-13 13:19 - 2011-11-08 19:16 - 0000000 ____D C:\Users\Ja K\Desktop\KmReading
2012-04-13 02:34 - 2012-04-13 02:34 - 0000071 ____A C:\Users\Je K\Desktop\THE

CASUAL VACANCY - Little, Brown Book Group.URL
2012-04-13 02:34 - 2012-04-13 02:34 - 0000059 ____A C:\Users\Je K\Desktop\J.K.

Rowling.URL
2012-04-12 17:59 - 2012-04-12 17:57 - 0000000 ____D C:\Users\Je K\Documents\My

Kindle Content
2012-04-12 17:57 - 2012-04-12 17:57 - 0002271 ____A C:\Users\Je K\Desktop

\Kindle.lnk
2012-04-12 17:57 - 2012-04-12 17:56 - 0000000 ____D C:\Users\Je K\AppData\Local

\Amazon
2012-04-12 17:56 - 2012-04-12 17:56 - 28901696 ____A (Amazon.com) C:\Users\Je K

\Downloads\KindleForPC-installer.exe
2012-04-12 02:30 - 2012-04-12 02:29 - 12392190 ____A C:\Users\Ja K\Desktop\J F.mp4
2012-04-12 01:10 - 2012-04-09 19:25 - 0000000 ____D C:\Users\Je K\Downloads\ITA
2012-04-11 02:07 - 2011-12-22 14:41 - 0000000 ____D C:\Users\All Users\Microsoft

Help
2012-04-11 02:07 - 2011-12-22 14:41 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-11 02:06 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-11 02:01 - 2011-11-02 09:09 - 57249312 ____A (Microsoft Corporation) C:

\Windows\System32\MRT.exe
2012-04-08 18:39 - 2012-01-19 19:05 - 0000000 ____D C:\Users\Ja K\Documents\BACK-UP

Blogger blogs
2012-04-08 14:59 - 2012-04-08 14:58 - 64090754 ____A C:\Users\Je K\Downloads\M

S.mp4
2012-04-08 14:56 - 2012-04-08 14:55 - 35294726 ____A C:\Users\Je K\Downloads

\M_S_R.mp4
2012-04-08 04:56 - 2012-04-08 04:53 - 301883064 ____A C:\Users\Je K\Downloads

\I_S.mp4
2012-04-08 04:52 - 2012-04-08 04:50 - 162982123 ____A C:\Users\Je K\Downloads

\I_S_47.mp4
2012-04-08 04:49 - 2012-04-08 04:47 - 166086979 ____A C:\Users\Je K\Downloads

\S_D_C_C_C.mp4
2012-04-08 04:47 - 2012-04-08 04:45 - 172158308 ____A C:\Users\Je K\Downloads

\S_F_D_B_N.mp4
2012-04-08 04:25 - 2012-04-08 04:22 - 216581474 ____A C:\Users\Je K\Downloads

\L_A_P_T_B_L_B.mp4
2012-04-07 21:17 - 2012-01-27 22:15 - 0003098 ____A C:\Users\Ja K\Desktop\POI.txt
2012-04-07 18:13 - 2012-04-07 18:13 - 0326659 ____A C:\Users\Ja K\Desktop\WP POI-

MagSH-MystG, APRIL 2012.jpg
2012-04-07 11:42 - 2012-04-07 11:42 - 0000000 ____D C:\Users\Ja K\AppData\Local

\Apps\2.0
2012-04-06 01:17 - 2012-04-05 22:02 - 0153301 ____A C:\Users\Ja K\Desktop\new

1.txt
2012-04-05 21:53 - 2011-10-31 15:29 - 0000000 ____D C:\Users\Ja K\AppData\LocalLow
2012-04-05 14:33 - 2012-04-05 14:33 - 8571185 ____A C:\Users\Ja K\Documents\Je

Reduced Fee Application Form.png
2012-04-05 14:32 - 2012-04-05 14:32 - 8571859 ____A C:\Users\Ja K\Documents\Ja R F

A F.png
2012-04-05 14:31 - 2012-04-05 14:31 - 9883570 ____A C:\Users\Ja K\Documents\Ja ID

a.png
2012-04-05 00:26 - 2006-03-09 16:42 - 0000000 ____D C:\Users\Je K\Desktop\Je's

stuff
2012-04-04 20:23 - 2012-04-04 20:23 - 1284232 ____A (Coupons.com Incorporated) C:

\Users\Je K\Downloads\couponprinter.exe
2012-04-04 20:23 - 2012-04-04 20:23 - 0000000 ____D C:\Program Files (x86)\Coupons
2012-04-04 20:23 - 2011-10-29 12:02 - 0000000 ____D C:\Program Files (x86)\Mozilla

Firefox
2012-04-04 03:33 - 2012-04-04 03:33 - 0000127 ____A C:\Users\Je K\Desktop\Midnight

Oil Productions Hollywood Writers’ Series – Part 7 with Dan Shotz.URL
2012-04-04 02:58 - 2012-04-04 02:58 - 0000120 ____A C:\Users\Je K\Desktop\Sony

Hires Matthew Federman & Stephen Scaia To Pen 'Zorro' Reboot - Deadline.com.URL
2012-04-04 00:00 - 2012-04-04 00:00 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Atheros
2012-04-03 22:13 - 2012-04-03 22:13 - 0000062 ____A C:\Users\Je K\Desktop\George

Takei.URL
2012-04-02 20:01 - 2012-04-02 20:01 - 0001031 ____A C:\Users\Je K\Start Menu

\Programs\Startup\GmoteServer.lnk
2012-04-02 20:01 - 2012-04-02 20:01 - 0001031 ____A C:\Users\Je K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
2012-04-02 20:01 - 2012-04-02 20:01 - 0000000 ___HD C:\Program Files

(x86)\InstallJammer Registry
2012-04-02 20:01 - 2012-04-02 20:00 - 0000000 ____D C:\Program Files

(x86)\GmoteServer
2012-04-02 19:59 - 2012-04-02 19:59 - 24363190 ____A (Gmote.org) C:\Users\Je K

\Downloads\GmoteServer-2.0.2-Setup.exe
2012-04-02 17:24 - 2012-04-02 17:24 - 0001806 ____A C:\Users\Je K\Desktop

\WeatherBug.lnk
2012-04-02 17:24 - 2012-04-02 17:24 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\WeatherBug
2012-04-02 17:24 - 2012-04-02 17:24 - 0000000 ____D C:\Users\All Users\Premium
2012-04-02 17:24 - 2012-04-02 17:24 - 0000000 ____D C:\ProgramData\Premium
2012-04-02 17:24 - 2012-04-02 17:24 - 0000000 ____D C:\Program Files (x86)\AWS
2012-04-02 17:24 - 2012-02-11 02:38 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-02 17:24 - 2012-02-11 02:38 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-02 17:22 - 2012-04-02 17:22 - 0266224 ____A (Premium) C:\Users\Je K

\Downloads\Codec-C.exe
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\Users\Je K\AppData\Local

\Premiumplay Codec-C
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\Users\Je K\AppData\Local

\Google
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\Program Files

(x86)\Premiumplay Codec-C
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\codec-info
2012-04-02 12:12 - 2012-04-02 12:12 - 0056320 ____A C:\Users\Je K\Downloads\free-

timesheet-template.doc
2012-04-02 04:49 - 2012-01-27 02:25 - 0000000 ____D C:\Users\Je K\Desktop\copies of

photos for cropping
2012-04-02 03:31 - 2012-04-02 03:31 - 0000061 ____A C:\Users\Je K\Desktop\Wildlife

Wallpapers Defenders of Wildlife.URL
2012-03-29 14:56 - 2012-03-29 14:55 - 0026829 ____A C:\1020.log
2012-03-29 14:55 - 2011-11-07 12:23 - 0000000 ____D C:\Program Files\HP
2012-03-29 14:54 - 2012-03-29 14:54 - 2954536 ____A C:\Users\Ja K\Downloads\lj1020

-HB-pnp-win64-en.exe
2012-03-29 14:34 - 2012-03-29 14:12 - 0002871 ____A C:\Windows\SysWOW64\zhp1020.log
2012-03-29 14:25 - 2012-03-29 14:12 - 0000000 ____D C:\Program Files

(x86)\Hewlett-Packard
2012-03-29 14:12 - 2012-03-29 14:12 - 0000000 ___HD C:\Program Files

(x86)\Zenographics
2012-03-29 13:31 - 2011-11-06 16:18 - 0000000 ____D C:\Users\Ja K\AppData\Local

\CrashDumps
2012-03-29 00:50 - 2011-11-22 09:49 - 0000000 ____D C:\Users\Je K\Desktop\Facebook
2012-03-28 18:41 - 2012-03-28 18:40 - 0000000 ____D C:\Users\Ja K\Desktop\Tdss

killer
2012-03-28 18:40 - 2012-03-28 18:39 - 0136168 ____A C:

\TDSSKiller.2.7.23.0_28.03.2012_19.39.33_log.txt
2012-03-28 17:43 - 2012-01-15 12:14 - 0000000 ____D C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2012-03-28 17:41 - 2012-03-28 17:41 - 0000000 ____D C:\Users\Ja K\AppData\Roaming

\Malwarebytes
2012-03-25 09:37 - 2011-11-08 18:31 - 0000000 ____D C:\Users\Ja K\Desktop\Media

Programs
2012-03-24 22:43 - 2012-03-24 22:42 - 22259528 ____A C:\Users\Je K\Downloads\vlc-

2.0.1-win32.exe
2012-03-24 17:05 - 2012-03-24 17:05 - 0000000 ____D C:\Users\Ja K\Documents\PDF's
2012-03-24 15:32 - 2011-11-22 10:33 - 0055589 ____A C:\test.xml
2012-03-20 19:29 - 2012-03-20 18:26 - 459025897 ____A C:\Users\Ja K\Desktop

\47_t.t.flv
2012-03-20 12:24 - 2012-03-20 12:24 - 0000000 ____D C:\Users\Ja K\dwhelper
2012-03-19 21:13 - 2012-03-19 21:13 - 0159757 ____A (Free OCR) C:\Users\Ja K

\Downloads\freeocr.exe
2012-03-19 21:13 - 2012-03-19 21:13 - 0000000 ____D C:\Windows\tessdata
2012-03-19 21:13 - 2012-03-19 21:13 - 0000000 ____D C:\Users\All Users\Tarma

Installer
2012-03-19 21:13 - 2012-03-19 21:13 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-03-19 21:13 - 2012-03-19 21:13 - 0000000 ____D C:\Program Files (x86)\FreeOCR
2012-03-19 15:51 - 2012-02-03 18:49 - 0001262 ____A C:\Users\Ja K\Start Menu

\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-19 15:51 - 2012-02-03 18:49 - 0001262 ____A C:\Users\Ja K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and

Launcher.lnk
2012-03-17 00:33 - 2012-03-17 00:32 - 16987117 ____A C:\Users\Je K\Downloads

\J_L_L.mp4
2012-03-17 00:04 - 2012-03-17 00:04 - 0000097 ____A C:\Users\Je K\Desktop\Amazon

Best Sellers best Kindle Store.URL
2012-03-16 00:51 - 2012-03-16 00:51 - 0000081 ____A C:\Users\Je K\Desktop\POI

Forums - TV.com.URL
2012-03-15 15:21 - 2012-03-15 15:15 - 94878942 ____A C:\Users\Je K\Downloads

\M_J_G.mp4
2012-03-15 15:13 - 2012-03-15 15:07 - 122183253 ____A C:\Users\Je K\Downloads

\MJG.mp4
2012-03-15 14:54 - 2012-03-15 14:52 - 33711959 ____A C:\Users\Je K\Downloads

\M_J_C_E.mp4
2012-03-15 14:50 - 2012-03-15 14:48 - 40073381 ____A C:\Users\Je K\Downloads

\M_J_C_E_H.mp4
2012-03-15 14:48 - 2012-03-15 14:45 - 26401842 ____A C:\Users\Je K\Downloads

\M_J_C_E_V.mp4
2012-03-14 11:17 - 2009-07-13 20:45 - 0436160 ____A C:\Windows

\System32\FNTCACHE.DAT
2012-03-13 21:29 - 2012-04-19 01:49 - 358000639 ____A C:\Users\Je K\Downloads

\5010.mp4
2012-03-13 01:03 - 2011-10-24 14:21 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\Sony
2012-03-11 13:13 - 2011-12-19 18:59 - 0577824 ____A (COMODO) C:\Windows

\System32\Drivers\cmdGuard.sys
2012-03-11 13:13 - 2011-12-19 18:59 - 0043248 ____A (COMODO) C:\Windows

\System32\Drivers\cmdhlp.sys
2012-03-11 13:13 - 2011-12-19 18:59 - 0022696 ____A (COMODO) C:\Windows

\System32\Drivers\cmderd.sys
2012-03-11 13:13 - 2011-12-19 18:58 - 0389840 ____A (COMODO) C:\Windows

\System32\guard64.dll
2012-03-11 13:13 - 2011-12-19 18:58 - 0301224 ____A (COMODO) C:\Windows

\SysWOW64\guard32.dll
2012-03-11 13:13 - 2011-12-19 18:58 - 0041200 ____A (COMODO) C:\Windows

\System32\cmdcsr.dll
2012-03-10 03:43 - 2012-01-20 02:10 - 0000000 ____D C:\Users\Je K\Desktop\Bbstn
2012-03-08 02:15 - 2012-03-08 02:15 - 0000068 ____A C:\Users\Je K\Desktop

\Frankenweenie.URL
2012-03-08 01:26 - 2011-10-23 16:50 - 0000000 ____D C:\Users\Je K\AppData\LocalLow
2012-03-07 14:43 - 2012-03-07 14:43 - 0000000 ____D C:\Users\Je K\AppData\Local

\Solid State Networks
2012-03-06 10:02 - 2011-11-20 12:30 - 0001036 ____A C:\Users\Ja K\Desktop

\Dropbox.lnk
2012-03-06 10:02 - 2011-11-20 12:28 - 0001016 ____A C:\Users\Ja K\Start Menu

\Programs\Startup\Dropbox.lnk
2012-03-06 10:02 - 2011-11-20 12:28 - 0001016 ____A C:\Users\Ja K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-05 22:53 - 2012-04-11 02:04 - 5559152 ____A (Microsoft Corporation) C:

\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 02:04 - 3968368 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 02:04 - 3913072 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ntoskrnl.exe
2012-03-02 13:15 - 2012-03-02 13:15 - 0190892 ____A C:\Users\Ja K\Documents\K F 12

-11-11.pdf
2012-03-01 21:52 - 2012-03-03 02:10 - 0000061 ____A C:\Users\Je K\Desktop\Kindle

Books for Kids & Teens Pixel of Ink – Young Edition.URL
2012-03-01 15:53 - 2012-03-01 15:14 - 319528259 ____A C:\Users\Ja K\Desktop\AI

1115.flv
2012-03-01 13:09 - 2011-11-28 09:31 - 0001045 ____A C:\Users\Je K\Desktop

\Dropbox.lnk
2012-03-01 13:09 - 2011-11-28 09:29 - 0001025 ____A C:\Users\Je K\Start Menu

\Programs\Startup\Dropbox.lnk
2012-03-01 13:09 - 2011-11-28 09:29 - 0001025 ____A C:\Users\Je K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-01 02:54 - 2011-02-10 15:03 - 0772558 ____A C:\Windows

\SysWOW64\PerfStringBackup.INI
2012-02-29 22:46 - 2012-04-11 02:01 - 0023408 ____A (Microsoft Corporation) C:

\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 02:01 - 0220672 ____A (Microsoft Corporation) C:

\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 02:01 - 0081408 ____A (Microsoft Corporation) C:

\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 02:01 - 0005120 ____A (Microsoft Corporation) C:

\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 02:01 - 0172544 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 02:01 - 0159232 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 02:01 - 0005120 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 02:05 - 17790976 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 02:05 - 10888704 ____A (Microsoft Corporation) C:

\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 02:05 - 2311168 ____A (Microsoft Corporation) C:

\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 02:05 - 1345536 ____A (Microsoft Corporation) C:

\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 02:05 - 1390080 ____A (Microsoft Corporation) C:

\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 02:05 - 1493504 ____A (Microsoft Corporation) C:

\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 02:05 - 0237056 ____A (Microsoft Corporation) C:

\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 02:05 - 0085504 ____A (Microsoft Corporation) C:

\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 02:05 - 0818688 ____A (Microsoft Corporation) C:

\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 02:06 - 2144256 ____A (Microsoft Corporation) C:

\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 02:06 - 0096256 ____A (Microsoft Corporation) C:

\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 02:06 - 2382848 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 02:05 - 0248320 ____A (Microsoft Corporation) C:

\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 02:05 - 12281856 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 02:05 - 9705984 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 02:05 - 1799168 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 02:05 - 1103360 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 02:05 - 1427456 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 02:05 - 1127424 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 02:05 - 0231936 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 02:05 - 0065024 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 02:05 - 0716800 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 02:05 - 1792000 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 02:06 - 2382848 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 02:06 - 0072704 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 02:05 - 0176640 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieui.dll
2012-02-23 20:17 - 2011-11-05 21:57 - 0000000 ____D C:\Users\Ja K\AppData\Local

\Windows Live
2012-02-23 09:18 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:

\Windows\System32\MpSigStub.exe
2012-02-22 05:35 - 2011-12-21 11:07 - 0000000 ____D C:\Users\Je K\AppData\Local

\CrashDumps
2012-02-21 18:59 - 2012-02-21 18:59 - 0000000 ____D C:\Users\Ja K\AppData\Local

\VeriSign
2012-02-20 18:53 - 2012-02-20 18:53 - 0000000 ____D C:\Users\Je K\Desktop\eBooks
2012-02-16 22:38 - 2012-03-13 10:30 - 1031680 ____A (Microsoft Corporation) C:

\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 10:30 - 0826880 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 10:30 - 0210944 ____A (Microsoft Corporation) C:

\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 10:30 - 0023552 ____A (Microsoft Corporation) C:

\Windows\System32\Drivers\tdtcp.sys
2012-02-16 10:04 - 2011-08-14 01:04 - 0000000 ____D C:\Program Files

(x86)\Microsoft Silverlight
2012-02-15 09:56 - 2011-10-31 15:29 - 0000174 ___SH C:\Users\Ja K\Start Menu

\Programs\Startup\desktop.ini
2012-02-15 09:56 - 2011-10-31 15:29 - 0000174 ___SH C:\Users\Ja K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 03:28 - 2011-10-23 16:51 - 0000174 ___SH C:\Users\Je K\Start Menu

\Programs\Startup\desktop.ini
2012-02-15 03:28 - 2011-10-23 16:51 - 0000174 ___SH C:\Users\Je K\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-11 02:40 - 2012-02-11 02:40 - 0000000 ____D C:\Users\All Users\100
2012-02-11 02:40 - 2012-02-11 02:40 - 0000000 ____D C:\ProgramData\100
2012-02-11 02:39 - 2012-02-11 02:39 - 0000449 ____A C:\user.js
2012-02-11 02:39 - 2012-02-11 02:39 - 0000000 ____D C:\Program Files

(x86)\Incredibar.com
2012-02-09 22:36 - 2012-03-13 16:29 - 1544192 ____A (Microsoft Corporation) C:

\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 16:29 - 1077248 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\DWrite.dll
2012-02-09 01:42 - 2012-02-09 01:42 - 0000102 ____A C:\Users\Je K\Desktop\What

George Carlin Knew About The ‘Pro-Life’ Movement MoveOn.Org.URL
2012-02-08 20:39 - 2012-02-08 22:34 - 0000057 ____A C:\Users\Je K\Desktop\The

Inland Adventurer.URL
2012-02-08 17:16 - 2009-07-13 21:08 - 0032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-05 01:00 - 2012-02-05 01:00 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\avidemux
2012-02-03 18:49 - 2012-02-03 18:49 - 0000000 ____D C:\Users\Ja K\Documents\OneNote

Notebooks
2012-02-03 02:11 - 2012-02-03 02:11 - 0000064 ____A C:\Users\Je K\Desktop\Rdio.URL
2012-02-02 20:34 - 2012-03-13 16:29 - 3145728 ____A (Microsoft Corporation) C:

\Windows\System32\win32k.sys
2012-02-01 09:01 - 2011-12-07 10:23 - 0000358 ____A C:\Windows\Tasks\At1.job
2012-01-31 03:23 - 2012-01-31 03:23 - 0000000 ____D C:\Users\Je K\AppData\Roaming

\iolo
2012-01-31 02:51 - 2012-01-31 02:51 - 0000165 ____A C:\Users\Je K\Desktop\Mary

Tyler Moore Honored At SAG Awards 2012 For Lifetime Achievement.URL
2012-01-30 17:51 - 2011-12-20 01:23 - 0000000 ____D C:\Users\Ja K\Desktop\G's stuff
2012-01-30 13:48 - 2012-01-02 17:21 - 0000000 ____D C:\Users\Ja K\Desktop\Ppws
2012-01-29 02:10 - 2012-01-29 02:10 - 0000125 ____A C:\Users\Je K\Desktop\Hobbit

Blog.url
2012-01-28 01:58 - 2012-01-07 01:21 - 0000000 ____D C:\Users\Je K\Desktop\Km stuff
2012-01-27 14:17 - 2012-01-27 14:17 - 0014259 ____A C:\Users\Ja K\Documents\A OF

I.docx
2012-01-26 22:04 - 2012-01-26 22:04 - 0000093 ____A C:\Users\Je K\Desktop\Google

eBookstore.URL
2012-01-26 22:03 - 2012-01-26 22:04 - 0000129 ____A C:\Users\Je K\Desktop\My Google

eBooks - Google eBookstore.URL
2012-01-26 20:30 - 2012-01-26 21:16 - 0000191 ____A C:\Users\Je K\Desktop\Best of

the Free - Google eBookstore.URL
2012-01-24 22:38 - 2012-03-13 10:30 - 0149504 ____A (Microsoft Corporation) C:

\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 10:30 - 0077312 ____A (Microsoft Corporation) C:

\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 10:30 - 0009216 ____A (Microsoft Corporation) C:

\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-14 00:05] - [2011-08-14 00:05] - 0296320 ____A (Microsoft Corporation)

DF8126BD41180351A093A3AD2FC8903B


========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3943.23 MB
Available physical RAM: 3324.8 MB
Total Pagefile: 3941.43 MB
Available Pagefile: 3317.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:918.9 GB) (Free:322.19 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:12.52 GB) (Free:1.08 GB) NTFS ==>[System with

boot components (obtained from reading drive)]
4 Drive g: (DIFF THMB 1) (Removable) (Total:3.73 GB) (Free:1.86 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System

with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 918 GB 12 GB

===================================================================================

===================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 12 GB Healthy Hidden

===================================================================================

===================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

===================================================================================

===================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 918 GB Healthy

===================================================================================

===================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB

===================================================================================

===================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G DIFF THMB 1 FAT32 Removable 3823 MB Healthy

===================================================================================

===================

==========================================================

Last Boot: 2012-04-19 03:07

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 22 April 2012 - 06:13 PM

Hello


what I was looking for in that report was not there so that is good

I want you to run this now and when you get to the report with notepad I want you to make sure word wrap is off (makes it very hard to read



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 22 April 2012 - 07:35 PM

Hi,

I ran OTL as instructed, and will post the results below.

It ran smoothly with no surprises.

(sorry for forgetting about wordwrap!)

Thank you.


OTL logfile created on: 4/22/2012 4:45:04 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Ja K\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 49.69% Memory free
7.70 Gb Paging File | 5.20 Gb Available in Paging File | 67.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.90 Gb Total Space | 322.18 Gb Free Space | 35.06% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 1.86 Gb Free Space | 49.94% Space Free | Partition Type: FAT32

Computer Name: JEK | User Name: Ja K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ja K\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ja K\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe ()
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe ()
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll ()
MOD - C:\Users\Ja K\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe ()
MOD - C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll ()
MOD - C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe ()
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (APC Data Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe (American Power Conversion Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (PTAPCVSP) Pantech Android USB Serial Port (PTAPC) -- C:\Windows\SysNative\drivers\PTAPCVSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTAPCMDM) Pantech Android USB Modem Drivers (PTAPC) -- C:\Windows\SysNative\drivers\PTAPCMDM.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTAPCBUS) Pantech Android USB Composite Device (PTAPC) -- C:\Windows\SysNative\drivers\PTAPCBUS.sys (DEVGURU Co., LTD.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsnxc64.sys (REDC)
DRV:64bit: - (NWWakeFilterV) NextWindow Remote Wake Blocker (V) -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys (n/a)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NWVoltron) -- C:\Windows\SysNative\drivers\NWVoltron.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1114595451-408832447-3388839214-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKU\S-1-5-21-1114595451-408832447-3388839214-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKU\S-1-5-21-1114595451-408832447-3388839214-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1114595451-408832447-3388839214-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/08/14 01:14:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/08/14 01:14:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2011/08/14 01:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 21:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 13:40:59 | 000,000,000 | ---D | M]

[2011/10/31 16:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ja K\AppData\Roaming\Mozilla\Extensions
[2012/04/06 17:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions
[2012/03/29 22:10:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/03 11:16:26 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\extensions\crossriderapp435@crossrider.com
[2012/04/19 11:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/19 11:45:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\JA K\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NTYJD5MS.DEFAULT\EXTENSIONS\{57068FBE-1506-42EE-AB02-BD183E7999E4}.XPI
() (No name found) -- C:\USERS\JA K\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NTYJD5MS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JA K\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NTYJD5MS.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JA K\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NTYJD5MS.DEFAULT\EXTENSIONS\LFCBAAAIYR@LFCBAAAIYR.ORG.XPI
[2012/03/17 13:22:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/17 11:18:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/17 11:18:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {22C85E5E-3BE9-7A1A-7239-3E5961F46544} - C:\Windows\SysWOW64\remoteppg.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-1114595451-408832447-3388839214-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1114595451-408832447-3388839214-1003..\Run: [Spotify] C:\Users\Ja K\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Je K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Je K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
O4 - Startup: C:\Users\Je K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A7F6C92-AF34-4702-BE94-CA2AD7A94DC1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/13 19:09:44 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{44783b89-7a99-11e1-822c-ccaf78da75d4}\Shell - "" = AutoRun
O33 - MountPoints2\{44783b89-7a99-11e1-822c-ccaf78da75d4}\Shell\AutoRun\command - "" = D:\TL_Bootstrap.exe
O33 - MountPoints2\{5cc9a804-328b-11e1-8c5a-ccaf78da75d4}\Shell - "" = AutoRun
O33 - MountPoints2\{5cc9a804-328b-11e1-8c5a-ccaf78da75d4}\Shell\AutoRun\command - "" = D:\TL_Bootstrap.exe
O33 - MountPoints2\{60645a08-0264-11e1-9749-f0bf97d1e8c2}\Shell - "" = AutoRun
O33 - MountPoints2\{60645a08-0264-11e1-9749-f0bf97d1e8c2}\Shell\AutoRun\command - "" = D:\TL_Bootstrap.exe
O33 - MountPoints2\{f99a7c6f-030b-11e1-98af-ccaf78da75d4}\Shell - "" = AutoRun
O33 - MountPoints2\{f99a7c6f-030b-11e1-98af-ccaf78da75d4}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2012/04/22 16:42:05 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ja K\Desktop\OTL.exe
[2012/04/22 16:41:08 | 000,000,000 | R--D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/04/22 15:59:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/21 21:03:00 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Ja K\Desktop\dds.scr
[2012/04/19 11:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/19 11:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/18 03:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponAlert_2pEI
[2012/04/11 03:06:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 03:06:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 03:05:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 03:05:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 03:05:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 03:05:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 03:05:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 03:05:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 03:05:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 03:05:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 03:05:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 03:04:45 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 03:04:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 03:04:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 03:01:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 03:01:12 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 03:01:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/07 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Apps
[2012/04/04 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/04/04 21:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/04/04 01:00:14 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Atheros
[2012/04/02 21:01:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2012/04/02 21:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2012/04/02 21:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer
[2012/04/02 18:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/02 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2012/04/02 18:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premiumplay Codec-C
[2012/04/02 18:22:40 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/03/30 13:14:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/30 12:18:05 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/29 15:12:45 | 000,143,360 | R--- | C] (Zenographics) -- C:\Windows\apptune1020.exe
[2012/03/29 15:12:39 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\Windows\SysWow64\ZSPOOL.DLL
[2012/03/29 15:12:39 | 000,024,576 | R--- | C] (Zenographics, Inc.) -- C:\Windows\SysWow64\ZTAG32.DLL
[2012/03/29 15:12:38 | 000,102,400 | R--- | C] (Zenographics, Inc.) -- C:\Windows\SysWow64\ZLhp1020.dll
[2012/03/29 15:12:38 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\Windows\SysWow64\zlm.dll
[2012/03/29 15:12:38 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\Windows\SysWow64\IMF32.DLL
[2012/03/29 15:12:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zenographics
[2012/03/29 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/03/28 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\Tdss killer
[2012/03/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Malwarebytes
[2012/03/24 23:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/03/24 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\PDF's
[2012/03/20 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\Ja K\dwhelper
[2012/03/19 22:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
[2012/03/19 22:13:51 | 001,883,136 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\SysWow64\QuickPDFAX0717.dll
[2012/03/19 22:13:51 | 000,000,000 | ---D | C] -- C:\Windows\tessdata
[2012/03/19 22:13:50 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx
[2012/03/19 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeOCR
[2012/03/19 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/03/13 17:29:38 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 11:30:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 11:30:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 11:30:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 11:30:08 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 11:30:08 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/21 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\VeriSign
[2012/02/14 16:03:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 16:03:37 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 16:03:37 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 16:03:34 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/11 03:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\100
[2012/02/11 03:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com
[2012/02/11 03:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/02/03 19:49:02 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\OneNote Notebooks
[2012/01/23 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\-com.springbox.mobilizer
[2012/01/23 20:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobilizer
[2012/01/23 20:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/23 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Spotify
[2012/01/23 18:20:37 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Spotify
[2012/01/19 20:05:43 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\BACK-UP Blogger blogs
[2012/01/18 00:55:09 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/18 00:55:09 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/18 00:55:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/18 00:55:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/18 00:55:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/18 00:55:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 15:11:45 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/01/15 13:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 13:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/15 13:14:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/15 13:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/10 14:07:38 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 14:07:38 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 14:07:38 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 14:07:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 14:07:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 14:07:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 14:07:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/02 18:21:35 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\Ppwz
[2012/01/02 18:18:37 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\avidemux
[2012/01/02 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\-iolo
[2012/01/02 16:27:45 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\NCH Software
[2012/01/02 16:26:36 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Sony
[2011/12/29 21:24:18 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/12/29 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\COMODO
[2011/12/29 19:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/12/29 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/12/29 19:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/12/26 19:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/12/22 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\ArcSoft
[2011/12/22 16:02:22 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\ArcSoft
[2011/12/22 15:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/12/22 15:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/22 15:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/22 15:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/12/22 15:42:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/22 15:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/12/22 15:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/12/22 15:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/12/22 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/22 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/22 15:41:05 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Microsoft Help
[2011/12/22 15:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/12/22 15:40:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/22 15:24:09 | 000,000,000 | ---D | C] -- C:\Microsoft.Office.2010.Pro.plus.vl.combo.x86.x64
[2011/12/22 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
[2011/12/22 15:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\APC
[2011/12/22 15:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/22 15:09:15 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/22 15:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/12/22 15:07:55 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\DAEMON Tools Lite
[2011/12/22 15:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/20 14:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011/12/20 14:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2011/12/20 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\RapidCRC
[2011/12/20 14:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidCRC
[2011/12/20 02:23:49 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\G's stuff
[2011/12/19 19:59:16 | 000,022,696 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011/12/19 19:58:58 | 000,041,200 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011/12/19 19:58:56 | 000,389,840 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011/12/19 19:58:56 | 000,301,224 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011/12/13 19:51:01 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\gtk-2.0
[2011/12/13 11:10:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/13 11:10:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/13 11:10:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/12 21:24:33 | 000,000,000 | ---D | C] -- C:\Users\Ja K\.thumbnails
[2011/12/12 20:38:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\gegl-0.0
[2011/12/12 20:38:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\.gimp-2.6
[2011/12/12 20:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/12/12 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/12/10 02:07:41 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\gimp-2.6.11-i686-setup-1.exe
[2011/12/07 11:23:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2011/11/30 18:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011/11/20 13:30:46 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Dropbox
[2011/11/20 13:28:13 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/11/20 13:27:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Dropbox
[2011/11/16 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Adobe
[2011/11/14 07:34:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/10 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Notepad++
[2011/11/10 19:15:38 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Diagnostics
[2011/11/09 00:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
[2011/11/08 20:16:25 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\KmR
[2011/11/08 19:31:29 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\Media Programs
[2011/11/08 15:37:28 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\Edwards Process Service
[2011/11/07 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\HpUpdate
[2011/11/07 13:25:44 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll
[2011/11/07 13:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/07 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/07 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/11/07 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/07 13:22:47 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\HP
[2011/11/07 12:41:34 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2011/11/07 12:41:34 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MShflxgd.ocx
[2011/11/07 12:41:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Comdlg32.ocx
[2011/11/07 12:41:34 | 000,124,448 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSPELL.OCX
[2011/11/07 12:41:34 | 000,118,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSADODC.OCX
[2011/11/07 12:41:34 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSBIND.DLL
[2011/11/07 12:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CEB
[2011/11/07 12:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 4.0
[2011/11/07 12:41:14 | 000,277,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Msvcrt.dll
[2011/11/07 12:41:11 | 000,052,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\Pdfshell.dll
[2011/11/07 12:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/07 12:41:08 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/11/06 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\CrashDumps
[2011/11/05 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Windows Live
[2011/11/05 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\{54C800B3-EB4B-4AF1-B2EB-9FE0C4663200}
[2011/11/05 22:54:57 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\TechSmith
[2011/11/05 22:54:48 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\Camtasia Studio
[2011/11/05 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Sony Corporation
[2011/11/03 17:01:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011/11/03 17:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2011/11/03 17:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/03 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011/11/03 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011/11/03 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011/11/02 10:02:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/11/02 10:02:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/11/01 23:38:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/11/01 23:38:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/11/01 23:38:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/11/01 23:38:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/11/01 23:38:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/11/01 23:38:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/11/01 23:38:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/11/01 23:38:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/11/01 23:38:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/11/01 23:38:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/11/01 23:38:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/11/01 23:38:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/11/01 23:38:51 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/11/01 23:38:50 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/11/01 23:38:50 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/11/01 23:38:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/11/01 23:38:50 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/11/01 23:38:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/11/01 23:38:50 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/11/01 23:38:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/11/01 23:38:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/11/01 23:38:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/11/01 23:38:50 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/11/01 23:38:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/11/01 23:38:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/11/01 23:38:41 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/11/01 23:38:41 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/11/01 23:38:39 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/11/01 23:36:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/01 23:36:01 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/01 23:36:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/01 23:36:01 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/01 23:30:24 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/11/01 23:30:24 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/11/01 23:30:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/11/01 23:30:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/11/01 23:30:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/11/01 23:30:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/11/01 23:30:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/11/01 23:30:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/11/01 23:30:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/11/01 23:30:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/11/01 23:30:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/11/01 23:30:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/11/01 23:30:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/11/01 23:30:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/11/01 23:30:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/11/01 23:30:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/11/01 23:30:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/11/01 23:30:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/11/01 23:30:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/11/01 23:30:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/11/01 23:30:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/11/01 23:30:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/11/01 23:27:58 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/01 23:27:58 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/01 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Skype
[2011/10/31 19:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/10/31 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Macromedia
[2011/10/31 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Adobe
[2011/10/31 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\SoftGrid Client
[2011/10/31 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\-SoftGrid Client
[2011/10/31 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\TP
[2011/10/31 17:06:10 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Sony
[2011/10/31 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\vlc
[2011/10/31 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Mozilla
[2011/10/31 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Mozilla
[2011/10/31 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\BMExplorer
[2011/10/31 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Documents\Bluetooth Folder
[2011/10/31 16:29:59 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Intel Corporation
[2011/10/31 16:29:58 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\-Atheros
[2011/10/31 16:29:47 | 000,000,000 | R--D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/31 16:29:47 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Searches
[2011/10/31 16:29:47 | 000,000,000 | R--D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/31 16:29:47 | 000,000,000 | -H-D | C] -- C:\Users\Ja K\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/10/31 16:29:40 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\-Identities
[2011/10/31 16:29:39 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Contacts
[2011/10/31 16:29:38 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\VirtualStore
[2011/10/31 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Sony Corporation
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\AppData\Local\Temporary Internet Files
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Templates
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Start Menu
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\SendTo
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Recent
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\PrintHood
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\NetHood
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Documents\My Videos
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Documents\My Pictures
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Documents\My Music
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\My Documents
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Local Settings
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\AppData\Local\History
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Cookies
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\Application Data
[2011/10/31 16:29:06 | 000,000,000 | -HSD | C] -- C:\Users\Ja K\AppData\Local\Application Data
[2011/10/31 16:29:05 | 000,000,000 | --SD | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Videos
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Saved Games
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Pictures
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Music
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Links
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Favorites
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Downloads
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Documents
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\Desktop
[2011/10/31 16:29:05 | 000,000,000 | R--D | C] -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/31 16:29:05 | 000,000,000 | -H-D | C] -- C:\Users\Ja K\AppData
[2011/10/31 16:29:05 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Temp
[2011/10/31 16:29:05 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Local\Microsoft
[2011/10/31 16:29:05 | 000,000,000 | ---D | C] -- C:\Users\Ja K\AppData\Roaming\Media Center Programs
[2011/10/30 22:06:27 | 000,000,000 | ---D | C] -- C:\Users\Ja K\Desktop\For eBay
[2011/10/29 13:33:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/10/29 13:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011/10/29 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/10/29 13:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/10/29 13:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/10/29 13:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011/10/29 13:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2011/10/29 13:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/10/29 13:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/10/29 13:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/29 13:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/10/29 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidCRC
[2011/10/29 13:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/10/29 13:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/29 13:00:42 | 000,000,000 | ---D | C] -- C:\Update
[2011/10/29 12:58:32 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusbcoinstaller2.dll
[2011/10/29 12:58:32 | 000,183,424 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\PTAPCVSP.sys
[2011/10/29 12:58:32 | 000,183,424 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\PTAPCMDM.sys
[2011/10/29 12:58:32 | 000,122,880 | ---- | C] (DEVGURU) -- C:\Windows\SysWow64\ptapcwmcp64.dll
[2011/10/29 12:58:32 | 000,122,880 | ---- | C] (DEVGURU) -- C:\Windows\SysNative\ptapcwmcp64.dll
[2011/10/29 12:58:32 | 000,103,040 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\SysNative\drivers\PTAPCBUS.sys
[2011/10/29 12:58:32 | 000,102,400 | ---- | C] (DEVGURU) -- C:\Windows\SysWow64\ptapcwmcp.dll
[2011/10/29 12:58:32 | 000,102,400 | ---- | C] (DEVGURU) -- C:\Windows\SysNative\ptapcwmcp.dll
[2011/10/29 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pantech
[2011/10/29 12:56:20 | 000,015,360 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\SysNative\drivers\pneteth.sys
[2011/10/29 12:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
[2011/10/29 12:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android

========== Files - Modified Within 180 Days ==========

[2012/04/22 16:50:12 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/04/22 16:45:49 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 16:45:49 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 16:44:21 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/22 16:44:21 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/22 16:44:21 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 16:40:50 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/04/22 16:40:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 16:40:13 | 3101,081,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 16:38:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ja K\Desktop\OTL.exe
[2012/04/22 14:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 21:03:02 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Ja K\Desktop\dds.scr
[2012/04/21 20:56:06 | 000,000,000 | ---- | M] () -- C:\Users\Ja K\defogger_reenable
[2012/04/21 20:54:53 | 000,050,477 | ---- | M] () -- C:\Users\Ja K\Desktop\Defogger.exe
[2012/04/18 20:55:32 | 003,914,686 | ---- | M] () -- C:\Users\Ja K\Desktop\T J LM.mp4
[2012/04/15 14:53:46 | 000,043,738 | ---- | M] () -- C:\Users\Ja K\.recently-used.xbel
[2012/04/14 04:14:37 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:14:37 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:14:32 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 03:30:05 | 012,392,190 | ---- | M] () -- C:\Users\Ja K\Desktop\J F S D.mp4
[2012/04/07 19:13:07 | 000,326,659 | ---- | M] () -- C:\Users\Ja K\Desktop\WP POI-MagSH-MystG, APRIL 2012.jpg
[2012/04/05 15:33:48 | 008,571,185 | ---- | M] () -- C:\Users\Ja K\Documents\Je R F A F.png
[2012/04/05 15:32:50 | 008,571,859 | ---- | M] () -- C:\Users\Ja K\Documents\Ja R F A F.png
[2012/04/05 15:31:57 | 009,883,570 | ---- | M] () -- C:\Users\Ja K\Documents\Ja I D A.png
[2012/03/24 16:32:40 | 000,055,589 | ---- | M] () -- C:\test.xml
[2012/03/20 20:29:39 | 459,025,897 | ---- | M] () -- C:\Users\Ja K\Desktop\47 t t.flv
[2012/03/19 16:51:54 | 000,001,262 | ---- | M] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/14 12:17:12 | 000,436,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/11 14:13:38 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 14:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/11 14:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 14:13:17 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/06 11:02:44 | 000,001,036 | ---- | M] () -- C:\Users\Ja K\Desktop\Dropbox.lnk
[2012/03/06 11:02:44 | 000,001,016 | ---- | M] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/05 23:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/05 22:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/05 22:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/02 14:15:55 | 000,190,892 | ---- | M] () -- C:\Users\Ja K\Documents\K F 12-11-11.pdf
[2012/03/01 16:53:39 | 319,528,259 | ---- | M] () -- C:\Users\Ja K\Desktop\A I 1115.flv
[2012/03/01 03:54:54 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/02/29 23:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/02/29 23:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/27 23:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/27 23:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/27 23:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/27 23:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/27 23:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/27 23:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/27 18:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/27 18:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/27 18:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/27 18:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/27 17:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/11 03:39:36 | 000,000,449 | ---- | M] () -- C:\user.js
[2012/02/09 23:36:07 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/01 10:01:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/24 23:38:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/01/24 23:38:38 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/01/24 23:33:30 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/01/04 03:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/01/03 17:54:28 | 000,144,695 | ---- | M] () -- C:\Users\Ja K\Documents\bookmarks 1-2012.html
[2011/12/29 23:26:08 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2011/12/29 22:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2011/12/29 19:16:45 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/12/26 19:12:06 | 000,072,080 | ---- | M] () -- C:\Users\Ja K\g2mdlhlpx.exe
[2011/12/22 15:14:06 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011/12/22 15:13:16 | 006,918,144 | ---- | M] () -- C:\Users\Ja K\PCPE_3.0.msi
[2011/12/22 15:09:15 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/16 01:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/07 11:24:00 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/11/26 13:52:10 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\gimp-2.6.11-i686-setup-1.exe
[2011/11/19 07:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2011/11/19 07:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/11/16 23:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/11/16 23:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/11/16 23:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011/11/16 23:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2011/11/16 23:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2011/11/16 23:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/11/16 22:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/11/07 13:25:44 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011/11/07 13:25:43 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011/11/07 12:41:31 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\SmartLaser.lnk
[2011/10/31 16:45:57 | 000,001,437 | ---- | M] () -- C:\Users\Ja K\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/29 12:58:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011/10/25 22:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011/10/25 22:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011/10/25 22:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/10/25 21:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011/10/25 21:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

========== Files Created - No Company Name ==========

[2012/04/21 20:56:06 | 000,000,000 | ---- | C] () -- C:\Users\Ja K\defogger_reenable
[2012/04/21 20:54:48 | 000,050,477 | ---- | C] () -- C:\Users\Ja K\Desktop\Defogger.exe
[2012/04/18 20:55:16 | 003,914,686 | ---- | C] () -- C:\Users\Ja K\Desktop\T J G M J.mp4
[2012/04/15 14:53:46 | 000,043,738 | ---- | C] () -- C:\Users\Ja K\.recently-used.xbel
[2012/04/12 03:29:38 | 012,392,190 | ---- | C] () -- C:\Users\Ja K\Desktop\J F S D.mp4
[2012/04/07 19:13:06 | 000,326,659 | ---- | C] () -- C:\Users\Ja K\Desktop\WP POI-MagSH-MystG, APRIL 2012.jpg
[2012/04/05 15:33:39 | 008,571,185 | ---- | C] () -- C:\Users\Ja K\Documents\Je R F A F.png
[2012/04/05 15:32:40 | 008,571,859 | ---- | C] () -- C:\Users\Ja K\Documents\Ja R F A F.png
[2012/04/05 15:31:49 | 009,883,570 | ---- | C] () -- C:\Users\Ja K\Documents\Ja I D A.png
[2012/03/30 12:18:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 15:55:35 | 000,501,760 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.EXE
[2012/03/29 15:55:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysNative\ZLhp1020.DLL
[2012/03/29 15:55:29 | 000,245,248 | ---- | C] () -- C:\Windows\SysNative\zshp1020s.dll
[2012/03/29 15:55:29 | 000,128,820 | ---- | C] () -- C:\Windows\SysNative\hp1020.img
[2012/03/29 15:55:29 | 000,010,632 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.CHM
[2012/03/29 15:12:38 | 000,128,820 | R--- | C] () -- C:\Windows\SysWow64\hp1020.img
[2012/03/29 15:12:38 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2012/03/29 15:12:37 | 000,442,368 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2012/03/20 19:26:01 | 459,025,897 | ---- | C] () -- C:\Users\Ja K\Desktop\47 tt.flv
[2012/03/19 22:13:50 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012/03/02 14:15:54 | 000,190,892 | ---- | C] () -- C:\Users\Ja K\Documents\K F 12-11-11.pdf
[2012/03/01 16:14:12 | 319,528,259 | ---- | C] () -- C:\Users\Ja K\Desktop\A I 1115.flv
[2012/02/11 03:39:35 | 000,000,449 | ---- | C] () -- C:\user.js
[2012/02/03 19:49:04 | 000,001,262 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/23 20:14:02 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobilizer.lnk
[2012/01/23 18:21:33 | 000,001,820 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/15 15:11:45 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/01/03 17:54:28 | 000,144,695 | ---- | C] () -- C:\Users\Ja K\Documents\bookmarks 1-2012.html
[2011/12/29 19:17:48 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/12/29 19:16:45 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/12/26 19:12:05 | 000,072,080 | ---- | C] () -- C:\Users\Ja K\g2mdlhlpx.exe
[2011/12/22 15:14:05 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011/12/22 15:13:16 | 006,918,144 | ---- | C] () -- C:\Users\Ja K\PCPE_3.0.msi
[2011/12/07 11:23:06 | 000,000,502 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/07 11:23:06 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/22 11:33:26 | 000,055,589 | ---- | C] () -- C:\test.xml
[2011/11/20 13:30:46 | 000,001,036 | ---- | C] () -- C:\Users\Ja K\Desktop\Dropbox.lnk
[2011/11/20 13:28:18 | 000,001,016 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/09 00:31:26 | 000,001,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
[2011/11/09 00:31:20 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
[2011/11/07 13:26:27 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/11/07 13:25:44 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011/11/07 13:25:43 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011/11/07 12:41:34 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\USERDIC.TLX
[2011/11/07 12:41:33 | 000,309,534 | ---- | C] () -- C:\Windows\SysWow64\SSCEAM2.CLX
[2011/11/07 12:41:33 | 000,024,705 | ---- | C] () -- C:\Windows\SysWow64\SSCELE2.CLX
[2011/11/07 12:41:33 | 000,007,691 | ---- | C] () -- C:\Windows\SysWow64\SSCEAM.TLX
[2011/11/07 12:41:33 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\SSCELE.TLX
[2011/11/07 12:41:31 | 000,000,840 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CEB SmartLaser.lnk
[2011/11/07 12:41:31 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\SmartLaser.lnk
[2011/11/07 12:41:14 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2011/10/31 16:45:57 | 000,001,437 | ---- | C] () -- C:\Users\Ja K\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/31 16:29:55 | 000,001,409 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/10/31 16:29:52 | 000,001,443 | ---- | C] () -- C:\Users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/31 16:29:05 | 000,000,290 | ---- | C] () -- C:\Users\Ja K\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/31 16:29:05 | 000,000,272 | ---- | C] () -- C:\Users\Ja K\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/29 13:23:38 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2011/10/29 13:23:04 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/10/29 13:02:54 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/29 12:58:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011/08/14 01:37:36 | 000,340,480 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011/07/26 23:15:12 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/26 23:15:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/26 23:15:12 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/26 23:15:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/26 23:15:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/02/10 16:03:27 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 22 April 2012 - 08:47 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 24 April 2012 - 10:24 PM

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 24 April 2012 - 11:13 PM

Sorry about the false alarm (re: Combofix stalling), Combofix has finished running properly as far as I can tell, with no errors or other snags, so I'm proceeding with the instructions from post #6.

Everything seems to be working okay (though the PC forgot that Firefox was my default browser). I don't know how to tell if Happili is still active at this point, since its effects are intermittent. (oh, and I can't be totally sure the Happili redirect stuff has only been active from within the last month -- it could have been longer -- I hope that won't complicate things.)

[Combofix log:]

ComboFix 12-04-24.05 - Ja K 04/24/2012 20:04:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2372 [GMT -7:00]
Running from: c:\users\Ja K\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\programdata\100
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E14FAA4-E205-4FA3-9742-98933AF3D951}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2503082D-9930-4862-9EA4-23F0D2F447EF}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C703870-04C2-4CA4-91D4-C814C4A76432}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68822D62-45EA-4B46-A11A-2FF248FED04A}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98E16F25-D253-4D4E-9E6A-F3F49C373651}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2AC0BC5-88FA-4742-9AD6-625F7D5B3D05}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF72EBBE-530F-4E6E-907F-4ABE3394A231}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4520D07-CEEF-4588-8EED-201928E223DF}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF6AED35-3C34-4278-8FA3-E1E74971110E}.xps
c:\users\Ja K\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E53A82D9-D22C-4739-BDCD-94A123BE6A3F}.xps
c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\weave\toFetch
c:\users\Ja K\g2mdlhlpx.exe
c:\windows\Tasks\At2.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 03:40 . 2012-04-25 03:40 -------- d-----w- c:\users\Je K\AppData\Local\temp
2012-04-25 03:40 . 2012-04-25 03:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 02:28 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F1414E2-4671-4778-BDA7-D459D8C1331A}\mpengine.dll
2012-04-22 22:59 . 2012-04-22 23:00 -------- d-----w- C:\FRST
2012-04-19 18:44 . 2012-04-19 18:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-13 01:56 . 2012-04-13 01:57 -------- d-----w- c:\users\Je K\AppData\Local\Amazon
2012-04-11 10:06 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 10:06 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 10:06 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 10:06 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-11 10:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 10:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 19:42 . 2012-04-07 19:42 -------- d-----w- c:\users\Ja K\AppData\Local\Apps
2012-04-05 04:23 . 2012-04-05 04:23 -------- d-----w- c:\program files (x86)\Coupons
2012-04-04 08:00 . 2012-04-04 08:00 -------- d-----w- c:\users\Ja K\AppData\Roaming\Atheros
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-03 04:01 . 2012-04-03 04:01 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-04-03 04:01 . 2012-04-21 22:06 -------- d-----w- c:\users\Je K\AppData\Roaming\Gmote
2012-04-03 04:00 . 2012-04-03 04:01 -------- d-----w- c:\program files (x86)\GmoteServer
2012-04-03 01:24 . 2012-04-20 03:55 -------- d-----w- c:\users\Je K\AppData\Local\WeatherBug
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\programdata\Premium
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\users\Je K\AppData\Roaming\WeatherBug
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\program files (x86)\AWS
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- c:\users\Je K\AppData\Local\Google
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- c:\users\Je K\AppData\Local\Premiumplay Codec-C
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- c:\program files (x86)\Premiumplay Codec-C
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- C:\codec-info
2012-03-30 20:14 . 2012-04-14 11:14 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 19:18 . 2012-04-14 11:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 22:56 . 2010-05-14 06:48 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2012-03-29 22:55 . 2010-05-14 06:48 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-03-29 22:55 . 2010-05-14 06:48 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-03-29 22:55 . 2010-05-14 05:52 245248 ----a-w- c:\windows\system32\zshp1020s.dll
2012-03-29 22:12 . 2006-01-28 16:00 143360 ----a-r- c:\windows\apptune1020.exe
2012-03-29 22:12 . 2006-01-28 16:00 86016 ----a-r- c:\windows\SysWow64\ZSPOOL.DLL
2012-03-29 22:12 . 2006-01-28 16:00 24576 ----a-r- c:\windows\SysWow64\ZTAG32.DLL
2012-03-29 22:12 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\zlm.dll
2012-03-29 22:12 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\IMF32.DLL
2012-03-29 22:12 . 2006-01-28 16:00 106496 ----a-r- c:\windows\SysWow64\vshp1020.dll
2012-03-29 22:12 . 2006-01-28 16:00 102400 ----a-r- c:\windows\SysWow64\ZLhp1020.dll
2012-03-29 22:12 . 2006-01-28 16:00 442368 ----a-r- c:\windows\SysWow64\zshp1020.exe
2012-03-29 22:12 . 2012-03-29 22:25 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-03-29 22:12 . 2012-03-29 22:12 -------- d--h--w- c:\program files (x86)\Zenographics
2012-03-29 01:41 . 2012-03-29 01:41 -------- d-----w- c:\users\Ja K\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:14 . 2011-08-14 08:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 21:13 . 2011-12-20 02:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-12-20 02:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-20 02:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-20 02:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-20 02:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-12-20 02:58 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 18:30 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:30 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:30 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 00:29 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 00:29 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Ja K\AppData\Roaming\Spotify\Spotify.exe" [2012-03-16 4011184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-16 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-16 91296]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-06-16 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-07-22 259512]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-06 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys [x]
S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-07-24 53176]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:14]
.
2012-04-25 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-15 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-03 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-16 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-16 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-25 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-25 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-25 416024]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{22C85E5E-3BE9-7A1A-7239-3E5961F46544} - c:\windows\SysWOW64\remoteppg.dll
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-24 20:44:39
ComboFix-quarantined-files.txt 2012-04-25 03:44
.
Pre-Run: 354,021,109,760 bytes free
Post-Run: 354,266,701,824 bytes free
.
- - End Of File - - 5CB9B64E35A9C6349D8A3349DD1F58ED

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 24 April 2012 - 11:23 PM

Greetings

If you do get redirected again I will need to know which browser it happened in

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 25 April 2012 - 01:29 AM

Hi, here are the TDSS and aswMBR logs:

[TDSS Killer log:]

21:28:05.0720 6716 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
21:28:06.0235 6716 ============================================================
21:28:06.0235 6716 Current date / time: 2012/04/24 21:28:06.0235
21:28:06.0235 6716 SystemInfo:
21:28:06.0235 6716
21:28:06.0235 6716 OS Version: 6.1.7601 ServicePack: 1.0
21:28:06.0235 6716 Product type: Workstation
21:28:06.0235 6716 ComputerName: JE K
21:28:06.0235 6716 UserName: Ja K
21:28:06.0235 6716 Windows directory: C:\Windows
21:28:06.0235 6716 System windows directory: C:\Windows
21:28:06.0235 6716 Running under WOW64
21:28:06.0235 6716 Processor architecture: Intel x64
21:28:06.0235 6716 Number of processors: 4
21:28:06.0235 6716 Page size: 0x1000
21:28:06.0235 6716 Boot type: Normal boot
21:28:06.0235 6716 ============================================================
21:28:06.0656 6716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:06.0656 6716 ============================================================
21:28:06.0656 6716 \Device\Harddisk0\DR0:
21:28:06.0656 6716 MBR partitions:
21:28:06.0656 6716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1908800, BlocksNum 0x32000
21:28:06.0656 6716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x193A800, BlocksNum 0x72DCBDB0
21:28:06.0656 6716 ============================================================
21:28:06.0688 6716 C: <-> \Device\Harddisk0\DR0\Partition1
21:28:06.0688 6716 ============================================================
21:28:06.0688 6716 Initialize success
21:28:06.0688 6716 ============================================================
21:28:26.0827 6848 ============================================================
21:28:26.0827 6848 Scan started
21:28:26.0827 6848 Mode: Manual; SigCheck; TDLFS;
21:28:26.0827 6848 ============================================================
21:28:27.0264 6848 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:28:27.0342 6848 1394ohci - ok
21:28:27.0404 6848 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:28:27.0467 6848 ACDaemon - ok
21:28:27.0482 6848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:28:27.0498 6848 ACPI - ok
21:28:27.0529 6848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:28:27.0560 6848 AcpiPmi - ok
21:28:27.0623 6848 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:27.0638 6848 AdobeARMservice - ok
21:28:27.0732 6848 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:27.0763 6848 AdobeFlashPlayerUpdateSvc - ok
21:28:27.0810 6848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:28:27.0826 6848 adp94xx - ok
21:28:27.0857 6848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:28:27.0872 6848 adpahci - ok
21:28:27.0888 6848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:28:27.0904 6848 adpu320 - ok
21:28:27.0935 6848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:28:27.0966 6848 AeLookupSvc - ok
21:28:28.0044 6848 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:28:28.0091 6848 AFD - ok
21:28:28.0106 6848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:28:28.0122 6848 agp440 - ok
21:28:28.0153 6848 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:28:28.0169 6848 ALG - ok
21:28:28.0169 6848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:28:28.0184 6848 aliide - ok
21:28:28.0200 6848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:28:28.0200 6848 amdide - ok
21:28:28.0216 6848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:28:28.0231 6848 AmdK8 - ok
21:28:28.0247 6848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:28:28.0262 6848 AmdPPM - ok
21:28:28.0278 6848 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:28:28.0294 6848 amdsata - ok
21:28:28.0325 6848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:28:28.0340 6848 amdsbs - ok
21:28:28.0340 6848 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:28:28.0356 6848 amdxata - ok
21:28:28.0434 6848 APC Data Service (378a326ba649e01aac767355aab9e90c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
21:28:28.0450 6848 APC Data Service - ok
21:28:28.0481 6848 APC UPS Service (84a1a403d2dd63ef941674cc87ff503c) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
21:28:28.0496 6848 APC UPS Service - ok
21:28:28.0528 6848 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:28:28.0574 6848 AppID - ok
21:28:28.0590 6848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:28:28.0621 6848 AppIDSvc - ok
21:28:28.0652 6848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:28:28.0684 6848 Appinfo - ok
21:28:28.0730 6848 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:28:28.0730 6848 arc - ok
21:28:28.0762 6848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:28:28.0762 6848 arcsas - ok
21:28:28.0793 6848 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:28:28.0808 6848 ArcSoftKsUFilter - ok
21:28:28.0855 6848 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:28:28.0855 6848 aspnet_state - ok
21:28:28.0886 6848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:28.0918 6848 AsyncMac - ok
21:28:28.0933 6848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:28:28.0949 6848 atapi - ok
21:28:28.0965 6848 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
21:28:28.0980 6848 AthBTPort - ok
21:28:29.0011 6848 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
21:28:29.0011 6848 ATHDFU - ok
21:28:29.0058 6848 Atheros Bt&Wlan Coex Agent (650f111d5cda64c10ae4b9d1ba9d4fff) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:28:29.0074 6848 Atheros Bt&Wlan Coex Agent - ok
21:28:29.0089 6848 AtherosSvc (8ff605af2c4c3f79277ea13f6a151dda) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:28:29.0105 6848 AtherosSvc - ok
21:28:29.0214 6848 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:28:29.0308 6848 athr - ok
21:28:29.0417 6848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:28:29.0495 6848 AudioEndpointBuilder - ok
21:28:29.0511 6848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:28:29.0542 6848 AudioSrv - ok
21:28:29.0589 6848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:28:29.0651 6848 AxInstSV - ok
21:28:29.0698 6848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:28:29.0729 6848 b06bdrv - ok
21:28:29.0760 6848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:28:29.0776 6848 b57nd60a - ok
21:28:29.0823 6848 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:28:29.0838 6848 BBSvc - ok
21:28:29.0869 6848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:28:29.0885 6848 BDESVC - ok
21:28:29.0901 6848 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:28:29.0947 6848 Beep - ok
21:28:29.0994 6848 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:28:30.0041 6848 BFE - ok
21:28:30.0088 6848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:28:30.0135 6848 BITS - ok
21:28:30.0150 6848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:28:30.0166 6848 blbdrive - ok
21:28:30.0166 6848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:28:30.0213 6848 bowser - ok
21:28:30.0213 6848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:28:30.0228 6848 BrFiltLo - ok
21:28:30.0244 6848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:28:30.0259 6848 BrFiltUp - ok
21:28:30.0275 6848 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:28:30.0306 6848 BridgeMP - ok
21:28:30.0322 6848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:28:30.0353 6848 Browser - ok
21:28:30.0369 6848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:28:30.0384 6848 Brserid - ok
21:28:30.0400 6848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:30.0415 6848 BrSerWdm - ok
21:28:30.0447 6848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:30.0462 6848 BrUsbMdm - ok
21:28:30.0478 6848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:30.0493 6848 BrUsbSer - ok
21:28:30.0525 6848 BTATH_A2DP (848af6f0ca27a9878f95489cf3858562) C:\Windows\system32\drivers\btath_a2dp.sys
21:28:30.0540 6848 BTATH_A2DP - ok
21:28:30.0556 6848 btath_avdt (5e8dc51f85980ad3680ece33f0086ed1) C:\Windows\system32\drivers\btath_avdt.sys
21:28:30.0571 6848 btath_avdt - ok
21:28:30.0603 6848 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys
21:28:30.0603 6848 BTATH_BUS - ok
21:28:30.0634 6848 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys
21:28:30.0649 6848 BTATH_HCRP - ok
21:28:30.0665 6848 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:28:30.0665 6848 BTATH_LWFLT - ok
21:28:30.0696 6848 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys
21:28:30.0712 6848 BTATH_RCP - ok
21:28:30.0743 6848 BtFilter (65ace46f948b794bc9379abbeb8c1073) C:\Windows\system32\DRIVERS\btfilter.sys
21:28:30.0759 6848 BtFilter - ok
21:28:30.0790 6848 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:28:30.0821 6848 BthEnum - ok
21:28:30.0837 6848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:28:30.0868 6848 BTHMODEM - ok
21:28:30.0883 6848 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:28:30.0899 6848 BthPan - ok
21:28:30.0930 6848 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:28:30.0946 6848 BTHPORT - ok
21:28:30.0977 6848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:28:31.0024 6848 bthserv - ok
21:28:31.0039 6848 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:28:31.0071 6848 BTHUSB - ok
21:28:31.0102 6848 catchme - ok
21:28:31.0133 6848 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:31.0195 6848 cdfs - ok
21:28:31.0211 6848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:28:31.0242 6848 cdrom - ok
21:28:31.0258 6848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:28:31.0305 6848 CertPropSvc - ok
21:28:31.0336 6848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:28:31.0351 6848 circlass - ok
21:28:31.0367 6848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:28:31.0383 6848 CLFS - ok
21:28:31.0445 6848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:31.0445 6848 clr_optimization_v2.0.50727_32 - ok
21:28:31.0476 6848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:28:31.0476 6848 clr_optimization_v2.0.50727_64 - ok
21:28:31.0523 6848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:31.0539 6848 clr_optimization_v4.0.30319_32 - ok
21:28:31.0554 6848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:28:31.0554 6848 clr_optimization_v4.0.30319_64 - ok
21:28:31.0585 6848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:28:31.0601 6848 CmBatt - ok
21:28:31.0788 6848 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
21:28:31.0835 6848 cmdAgent - ok
21:28:31.0897 6848 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
21:28:31.0913 6848 cmderd - ok
21:28:31.0960 6848 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
21:28:31.0991 6848 cmdGuard - ok
21:28:32.0007 6848 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
21:28:32.0022 6848 cmdHlp - ok
21:28:32.0038 6848 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:28:32.0053 6848 cmdide - ok
21:28:32.0100 6848 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:28:32.0116 6848 CNG - ok
21:28:32.0131 6848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:32.0147 6848 Compbatt - ok
21:28:32.0163 6848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:28:32.0178 6848 CompositeBus - ok
21:28:32.0194 6848 COMSysApp - ok
21:28:32.0209 6848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:28:32.0209 6848 crcdisk - ok
21:28:32.0241 6848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:28:32.0287 6848 CryptSvc - ok
21:28:32.0319 6848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:28:32.0365 6848 DcomLaunch - ok
21:28:32.0381 6848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:28:32.0428 6848 defragsvc - ok
21:28:32.0443 6848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:28:32.0490 6848 DfsC - ok
21:28:32.0506 6848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:28:32.0568 6848 Dhcp - ok
21:28:32.0584 6848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:28:32.0631 6848 discache - ok
21:28:32.0631 6848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:28:32.0646 6848 Disk - ok
21:28:32.0662 6848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:28:32.0677 6848 Dnscache - ok
21:28:32.0709 6848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:28:32.0755 6848 dot3svc - ok
21:28:32.0771 6848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:28:32.0818 6848 DPS - ok
21:28:32.0833 6848 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:28:32.0849 6848 drmkaud - ok
21:28:32.0896 6848 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:28:32.0911 6848 dtsoftbus01 - ok
21:28:32.0958 6848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:32.0989 6848 DXGKrnl - ok
21:28:33.0005 6848 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
21:28:33.0021 6848 e1yexpress - ok
21:28:33.0052 6848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:28:33.0099 6848 EapHost - ok
21:28:33.0223 6848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:28:33.0301 6848 ebdrv - ok
21:28:33.0379 6848 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:28:33.0411 6848 EFS - ok
21:28:33.0473 6848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:28:33.0504 6848 ehRecvr - ok
21:28:33.0520 6848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:28:33.0535 6848 ehSched - ok
21:28:33.0582 6848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:28:33.0598 6848 elxstor - ok
21:28:33.0629 6848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:28:33.0645 6848 ErrDev - ok
21:28:33.0676 6848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:28:33.0707 6848 EventSystem - ok
21:28:33.0738 6848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:28:33.0769 6848 exfat - ok
21:28:33.0785 6848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:28:33.0832 6848 fastfat - ok
21:28:33.0863 6848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:28:33.0894 6848 Fax - ok
21:28:33.0910 6848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:28:33.0925 6848 fdc - ok
21:28:33.0941 6848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:28:33.0972 6848 fdPHost - ok
21:28:33.0988 6848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:28:34.0035 6848 FDResPub - ok
21:28:34.0050 6848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:28:34.0066 6848 FileInfo - ok
21:28:34.0066 6848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:28:34.0113 6848 Filetrace - ok
21:28:34.0128 6848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:28:34.0144 6848 flpydisk - ok
21:28:34.0159 6848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:28:34.0175 6848 FltMgr - ok
21:28:34.0222 6848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:28:34.0269 6848 FontCache - ok
21:28:34.0300 6848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:28:34.0315 6848 FontCache3.0.0.0 - ok
21:28:34.0347 6848 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:28:34.0362 6848 FsDepends - ok
21:28:34.0393 6848 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:34.0409 6848 Fs_Rec - ok
21:28:34.0440 6848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:28:34.0456 6848 fvevol - ok
21:28:34.0471 6848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:28:34.0487 6848 gagp30kx - ok
21:28:34.0534 6848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:28:34.0581 6848 gpsvc - ok
21:28:34.0596 6848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:28:34.0612 6848 hcw85cir - ok
21:28:34.0627 6848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:28:34.0659 6848 HdAudAddService - ok
21:28:34.0674 6848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:28:34.0721 6848 HDAudBus - ok
21:28:34.0737 6848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:34.0752 6848 HidBatt - ok
21:28:34.0768 6848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:28:34.0783 6848 HidBth - ok
21:28:34.0815 6848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:28:34.0830 6848 HidIr - ok
21:28:34.0830 6848 hidkmdf (c641d3b57f37da825f820f1c8d1cae5e) C:\Windows\system32\drivers\hidkmdf.sys
21:28:34.0846 6848 hidkmdf - ok
21:28:34.0861 6848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:28:34.0893 6848 hidserv - ok
21:28:34.0908 6848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:34.0924 6848 HidUsb - ok
21:28:34.0955 6848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:28:35.0002 6848 hkmsvc - ok
21:28:35.0017 6848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:28:35.0033 6848 HomeGroupListener - ok
21:28:35.0064 6848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:28:35.0064 6848 HomeGroupProvider - ok
21:28:35.0080 6848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:28:35.0095 6848 HpSAMD - ok
21:28:35.0127 6848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:28:35.0205 6848 HTTP - ok
21:28:35.0220 6848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:28:35.0220 6848 hwpolicy - ok
21:28:35.0251 6848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:28:35.0251 6848 i8042prt - ok
21:28:35.0298 6848 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
21:28:35.0314 6848 iaStor - ok
21:28:35.0392 6848 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:28:35.0407 6848 IAStorDataMgrSvc - ok
21:28:35.0454 6848 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:28:35.0485 6848 iaStorV - ok
21:28:35.0579 6848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:28:35.0610 6848 idsvc - ok
21:28:36.0031 6848 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:28:36.0312 6848 igfx - ok
21:28:36.0390 6848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:28:36.0406 6848 iirsp - ok
21:28:36.0453 6848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:28:36.0515 6848 IKEEXT - ok
21:28:36.0562 6848 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
21:28:36.0562 6848 inspect - ok
21:28:36.0671 6848 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
21:28:36.0749 6848 IntcAzAudAddService - ok
21:28:36.0858 6848 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:28:36.0889 6848 IntcDAud - ok
21:28:36.0905 6848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:28:36.0921 6848 intelide - ok
21:28:36.0952 6848 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:28:36.0983 6848 intelppm - ok
21:28:37.0014 6848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:28:37.0045 6848 IPBusEnum - ok
21:28:37.0077 6848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:37.0123 6848 IpFilterDriver - ok
21:28:37.0155 6848 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:28:37.0217 6848 iphlpsvc - ok
21:28:37.0233 6848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:37.0248 6848 IPMIDRV - ok
21:28:37.0264 6848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:28:37.0295 6848 IPNAT - ok
21:28:37.0311 6848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:28:37.0326 6848 IRENUM - ok
21:28:37.0342 6848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:28:37.0342 6848 isapnp - ok
21:28:37.0373 6848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:28:37.0389 6848 iScsiPrt - ok
21:28:37.0467 6848 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
21:28:37.0482 6848 jhi_service - ok
21:28:37.0498 6848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:37.0513 6848 kbdclass - ok
21:28:37.0529 6848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:37.0545 6848 kbdhid - ok
21:28:37.0560 6848 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:37.0576 6848 KeyIso - ok
21:28:37.0607 6848 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:28:37.0607 6848 KSecDD - ok
21:28:37.0623 6848 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:28:37.0638 6848 KSecPkg - ok
21:28:37.0654 6848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:28:37.0685 6848 ksthunk - ok
21:28:37.0716 6848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:28:37.0779 6848 KtmRm - ok
21:28:37.0810 6848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:28:37.0857 6848 LanmanServer - ok
21:28:37.0888 6848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:28:37.0935 6848 LanmanWorkstation - ok
21:28:37.0950 6848 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:37.0997 6848 lltdio - ok
21:28:38.0028 6848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:28:38.0091 6848 lltdsvc - ok
21:28:38.0106 6848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:28:38.0137 6848 lmhosts - ok
21:28:38.0231 6848 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:28:38.0262 6848 LMS - ok
21:28:38.0293 6848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:28:38.0309 6848 LSI_FC - ok
21:28:38.0325 6848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:28:38.0340 6848 LSI_SAS - ok
21:28:38.0340 6848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:28:38.0356 6848 LSI_SAS2 - ok
21:28:38.0371 6848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:28:38.0371 6848 LSI_SCSI - ok
21:28:38.0403 6848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:28:38.0449 6848 luafv - ok
21:28:38.0465 6848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:28:38.0481 6848 Mcx2Svc - ok
21:28:38.0496 6848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:28:38.0512 6848 megasas - ok
21:28:38.0527 6848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:28:38.0543 6848 MegaSR - ok
21:28:38.0590 6848 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
21:28:38.0590 6848 MEIx64 - ok
21:28:38.0668 6848 Microsoft SharePoint Workspace Audit Service - ok
21:28:38.0699 6848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:28:38.0746 6848 MMCSS - ok
21:28:38.0761 6848 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:28:38.0808 6848 Modem - ok
21:28:38.0824 6848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:28:38.0839 6848 monitor - ok
21:28:38.0855 6848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:38.0871 6848 mouclass - ok
21:28:38.0886 6848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:38.0902 6848 mouhid - ok
21:28:38.0917 6848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:28:38.0933 6848 mountmgr - ok
21:28:38.0949 6848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:28:38.0964 6848 mpio - ok
21:28:38.0980 6848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:28:39.0011 6848 mpsdrv - ok
21:28:39.0058 6848 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:28:39.0089 6848 MpsSvc - ok
21:28:39.0120 6848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:28:39.0136 6848 MRxDAV - ok
21:28:39.0183 6848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:39.0198 6848 mrxsmb - ok
21:28:39.0214 6848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:39.0229 6848 mrxsmb10 - ok
21:28:39.0245 6848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:39.0276 6848 mrxsmb20 - ok
21:28:39.0292 6848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:28:39.0292 6848 msahci - ok
21:28:39.0323 6848 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:28:39.0339 6848 msdsm - ok
21:28:39.0354 6848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:28:39.0370 6848 MSDTC - ok
21:28:39.0385 6848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:28:39.0417 6848 Msfs - ok
21:28:39.0432 6848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:28:39.0463 6848 mshidkmdf - ok
21:28:39.0479 6848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:28:39.0479 6848 msisadrv - ok
21:28:39.0510 6848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:28:39.0557 6848 MSiSCSI - ok
21:28:39.0557 6848 msiserver - ok
21:28:39.0588 6848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:39.0619 6848 MSKSSRV - ok
21:28:39.0635 6848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:39.0666 6848 MSPCLOCK - ok
21:28:39.0682 6848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:28:39.0729 6848 MSPQM - ok
21:28:39.0744 6848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:28:39.0760 6848 MsRPC - ok
21:28:39.0791 6848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:28:39.0791 6848 mssmbios - ok
21:28:39.0807 6848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:28:39.0853 6848 MSTEE - ok
21:28:39.0869 6848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:28:39.0885 6848 MTConfig - ok
21:28:39.0885 6848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:28:39.0900 6848 Mup - ok
21:28:39.0931 6848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:28:39.0994 6848 napagent - ok
21:28:40.0009 6848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:40.0041 6848 NativeWifiP - ok
21:28:40.0087 6848 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:28:40.0119 6848 NDIS - ok
21:28:40.0134 6848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:40.0165 6848 NdisCap - ok
21:28:40.0181 6848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:40.0212 6848 NdisTapi - ok
21:28:40.0228 6848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:40.0259 6848 Ndisuio - ok
21:28:40.0275 6848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:40.0321 6848 NdisWan - ok
21:28:40.0337 6848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:28:40.0368 6848 NDProxy - ok
21:28:40.0399 6848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:28:40.0446 6848 NetBIOS - ok
21:28:40.0462 6848 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:28:40.0509 6848 NetBT - ok
21:28:40.0540 6848 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:40.0555 6848 Netlogon - ok
21:28:40.0602 6848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:28:40.0633 6848 Netman - ok
21:28:40.0680 6848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:40.0696 6848 NetMsmqActivator - ok
21:28:40.0696 6848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:40.0711 6848 NetPipeActivator - ok
21:28:40.0743 6848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:28:40.0821 6848 netprofm - ok
21:28:40.0821 6848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:40.0836 6848 NetTcpActivator - ok
21:28:40.0836 6848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:40.0852 6848 NetTcpPortSharing - ok
21:28:40.0883 6848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:28:40.0883 6848 nfrd960 - ok
21:28:40.0914 6848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:28:40.0961 6848 NlaSvc - ok
21:28:40.0977 6848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:28:41.0008 6848 Npfs - ok
21:28:41.0023 6848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:28:41.0055 6848 nsi - ok
21:28:41.0070 6848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:28:41.0101 6848 nsiproxy - ok
21:28:41.0179 6848 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:28:41.0242 6848 Ntfs - ok
21:28:41.0289 6848 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:28:41.0320 6848 Null - ok
21:28:41.0335 6848 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys
21:28:41.0367 6848 nusb3hub - ok
21:28:41.0382 6848 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys
21:28:41.0413 6848 nusb3xhc - ok
21:28:41.0803 6848 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:28:42.0084 6848 nvlddmkm - ok
21:28:42.0162 6848 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:28:42.0193 6848 nvraid - ok
21:28:42.0209 6848 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:28:42.0225 6848 nvstor - ok
21:28:42.0240 6848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:28:42.0256 6848 nv_agp - ok
21:28:42.0287 6848 NWVoltron (8c7f89f2b87a0cfdf9ce47eaf60149dc) C:\Windows\system32\drivers\NWVoltron.sys
21:28:42.0303 6848 NWVoltron - ok
21:28:42.0303 6848 NWWakeFilterV (81ab7400e263dc6a3ae61622f1fd5861) C:\Windows\system32\drivers\NWWakeFilterV.sys
21:28:42.0318 6848 NWWakeFilterV - ok
21:28:42.0396 6848 Oasis2Service (9e125d1634f5abd7adc95705f193828c) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
21:28:42.0396 6848 Oasis2Service ( UnsignedFile.Multi.Generic ) - warning
21:28:42.0396 6848 Oasis2Service - detected UnsignedFile.Multi.Generic (1)
21:28:42.0427 6848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:28:42.0443 6848 ohci1394 - ok
21:28:42.0537 6848 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:42.0552 6848 ose64 - ok
21:28:42.0786 6848 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:42.0880 6848 osppsvc - ok
21:28:42.0958 6848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:28:42.0973 6848 p2pimsvc - ok
21:28:43.0005 6848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:28:43.0020 6848 p2psvc - ok
21:28:43.0051 6848 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:28:43.0067 6848 Parport - ok
21:28:43.0083 6848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:28:43.0098 6848 partmgr - ok
21:28:43.0145 6848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:28:43.0192 6848 PcaSvc - ok
21:28:43.0207 6848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:28:43.0223 6848 pci - ok
21:28:43.0239 6848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:28:43.0254 6848 pciide - ok
21:28:43.0254 6848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:28:43.0285 6848 pcmcia - ok
21:28:43.0285 6848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:28:43.0301 6848 pcw - ok
21:28:43.0332 6848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:28:43.0379 6848 PEAUTH - ok
21:28:43.0441 6848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:28:43.0457 6848 PerfHost - ok
21:28:43.0519 6848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:28:43.0597 6848 pla - ok
21:28:43.0660 6848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:28:43.0691 6848 PlugPlay - ok
21:28:43.0769 6848 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
21:28:43.0800 6848 PMBDeviceInfoProvider - ok
21:28:43.0847 6848 pneteth (8ac5649c9070674d4607301c180ab10b) C:\Windows\system32\DRIVERS\pneteth.sys
21:28:43.0894 6848 pneteth - ok
21:28:43.0909 6848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:28:43.0925 6848 PNRPAutoReg - ok
21:28:43.0956 6848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:28:43.0972 6848 PNRPsvc - ok
21:28:44.0003 6848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:28:44.0050 6848 PolicyAgent - ok
21:28:44.0081 6848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:28:44.0112 6848 Power - ok
21:28:44.0143 6848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:44.0190 6848 PptpMiniport - ok
21:28:44.0206 6848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:28:44.0221 6848 Processor - ok
21:28:44.0253 6848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:28:44.0299 6848 ProfSvc - ok
21:28:44.0331 6848 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:44.0346 6848 ProtectedStorage - ok
21:28:44.0362 6848 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:28:44.0393 6848 Psched - ok
21:28:44.0440 6848 PTAPCBUS (475a16f67798a9ffe9366f20551eef95) C:\Windows\system32\DRIVERS\PTAPCBUS.sys
21:28:44.0455 6848 PTAPCBUS - ok
21:28:44.0502 6848 PTAPCMDM (3954bdf96e224c590b8f6a3730e3f9a6) C:\Windows\system32\DRIVERS\PTAPCMDM.sys
21:28:44.0518 6848 PTAPCMDM - ok
21:28:44.0549 6848 PTAPCVSP (784a2938956eaeef4582278d6eae99e7) C:\Windows\system32\DRIVERS\PTAPCVSP.sys
21:28:44.0565 6848 PTAPCVSP - ok
21:28:44.0643 6848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:28:44.0705 6848 ql2300 - ok
21:28:44.0783 6848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:28:44.0814 6848 ql40xx - ok
21:28:44.0845 6848 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:28:44.0861 6848 QWAVE - ok
21:28:44.0877 6848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:28:44.0892 6848 QWAVEdrv - ok
21:28:44.0923 6848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:28:44.0955 6848 RasAcd - ok
21:28:44.0970 6848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:45.0017 6848 RasAgileVpn - ok
21:28:45.0033 6848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:28:45.0064 6848 RasAuto - ok
21:28:45.0095 6848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:45.0126 6848 Rasl2tp - ok
21:28:45.0157 6848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:28:45.0220 6848 RasMan - ok
21:28:45.0235 6848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:45.0267 6848 RasPppoe - ok
21:28:45.0282 6848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:28:45.0313 6848 RasSstp - ok
21:28:45.0329 6848 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:28:45.0376 6848 rdbss - ok
21:28:45.0391 6848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:28:45.0391 6848 rdpbus - ok
21:28:45.0407 6848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:45.0438 6848 RDPCDD - ok
21:28:45.0469 6848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:28:45.0501 6848 RDPENCDD - ok
21:28:45.0516 6848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:28:45.0547 6848 RDPREFMP - ok
21:28:45.0579 6848 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:28:45.0594 6848 RDPWD - ok
21:28:45.0610 6848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:28:45.0625 6848 rdyboost - ok
21:28:45.0657 6848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:28:45.0688 6848 RemoteAccess - ok
21:28:45.0719 6848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:28:45.0750 6848 RemoteRegistry - ok
21:28:45.0781 6848 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:28:45.0797 6848 RFCOMM - ok
21:28:45.0828 6848 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys
21:28:45.0844 6848 rimspci - ok
21:28:45.0859 6848 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys
21:28:45.0875 6848 risdsnpe - ok
21:28:45.0906 6848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:28:45.0937 6848 RpcEptMapper - ok
21:28:45.0953 6848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:28:45.0969 6848 RpcLocator - ok
21:28:46.0000 6848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
21:28:46.0047 6848 RpcSs - ok
21:28:46.0047 6848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:28:46.0093 6848 rspndr - ok
21:28:46.0140 6848 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:28:46.0156 6848 RTL8167 - ok
21:28:46.0203 6848 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:46.0218 6848 SamSs - ok
21:28:46.0234 6848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:28:46.0249 6848 sbp2port - ok
21:28:46.0281 6848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:28:46.0327 6848 SCardSvr - ok
21:28:46.0343 6848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:28:46.0390 6848 scfilter - ok
21:28:46.0452 6848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:28:46.0515 6848 Schedule - ok
21:28:46.0546 6848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:28:46.0577 6848 SCPolicySvc - ok
21:28:46.0593 6848 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
21:28:46.0608 6848 sdbus - ok
21:28:46.0639 6848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:28:46.0655 6848 SDRSVC - ok
21:28:46.0717 6848 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:28:46.0749 6848 SeaPort - ok
21:28:46.0764 6848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:28:46.0811 6848 secdrv - ok
21:28:46.0827 6848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:28:46.0858 6848 seclogon - ok
21:28:46.0873 6848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:28:46.0920 6848 SENS - ok
21:28:46.0936 6848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:28:46.0951 6848 SensrSvc - ok
21:28:46.0967 6848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:28:46.0983 6848 Serenum - ok
21:28:46.0998 6848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:28:47.0029 6848 Serial - ok
21:28:47.0045 6848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:28:47.0061 6848 sermouse - ok
21:28:47.0092 6848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:28:47.0123 6848 SessionEnv - ok
21:28:47.0154 6848 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
21:28:47.0185 6848 SFEP - ok
21:28:47.0185 6848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:28:47.0217 6848 sffdisk - ok
21:28:47.0217 6848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:28:47.0232 6848 sffp_mmc - ok
21:28:47.0263 6848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:28:47.0295 6848 sffp_sd - ok
21:28:47.0310 6848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:28:47.0326 6848 sfloppy - ok
21:28:47.0357 6848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:28:47.0404 6848 SharedAccess - ok
21:28:47.0419 6848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:28:47.0466 6848 ShellHWDetection - ok
21:28:47.0482 6848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:28:47.0497 6848 SiSRaid2 - ok
21:28:47.0497 6848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:28:47.0513 6848 SiSRaid4 - ok
21:28:47.0607 6848 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:28:47.0622 6848 SkypeUpdate - ok
21:28:47.0653 6848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:28:47.0685 6848 Smb - ok
21:28:47.0716 6848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:28:47.0731 6848 SNMPTRAP - ok
21:28:47.0794 6848 SOHCImp (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:28:47.0809 6848 SOHCImp - ok
21:28:47.0809 6848 SOHDs (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:28:47.0825 6848 SOHDs - ok
21:28:47.0887 6848 SpfService (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
21:28:47.0919 6848 SpfService - ok
21:28:47.0934 6848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:28:47.0950 6848 spldr - ok
21:28:48.0012 6848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:28:48.0059 6848 Spooler - ok
21:28:48.0168 6848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:28:48.0309 6848 sppsvc - ok
21:28:48.0387 6848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:28:48.0433 6848 sppuinotify - ok
21:28:48.0496 6848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:28:48.0527 6848 srv - ok
21:28:48.0558 6848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:28:48.0589 6848 srv2 - ok
21:28:48.0605 6848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:28:48.0605 6848 srvnet - ok
21:28:48.0636 6848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:28:48.0667 6848 SSDPSRV - ok
21:28:48.0683 6848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:28:48.0730 6848 SstpSvc - ok
21:28:48.0745 6848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:28:48.0745 6848 stexstor - ok
21:28:48.0792 6848 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:28:48.0823 6848 StillCam - ok
21:28:48.0870 6848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:28:48.0917 6848 stisvc - ok
21:28:48.0933 6848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:28:48.0933 6848 swenum - ok
21:28:48.0964 6848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:28:49.0026 6848 swprv - ok
21:28:49.0089 6848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:28:49.0151 6848 SysMain - ok
21:28:49.0213 6848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:28:49.0229 6848 TabletInputService - ok
21:28:49.0260 6848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:28:49.0291 6848 TapiSrv - ok
21:28:49.0307 6848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:28:49.0338 6848 TBS - ok
21:28:49.0447 6848 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:28:49.0525 6848 Tcpip - ok
21:28:49.0619 6848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:28:49.0666 6848 TCPIP6 - ok
21:28:49.0728 6848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:28:49.0791 6848 tcpipreg - ok
21:28:49.0806 6848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:28:49.0806 6848 TDPIPE - ok
21:28:49.0837 6848 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:28:49.0853 6848 TDTCP - ok
21:28:49.0884 6848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:28:49.0915 6848 tdx - ok
21:28:49.0931 6848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:28:49.0947 6848 TermDD - ok
21:28:49.0978 6848 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:28:50.0025 6848 TermService - ok
21:28:50.0056 6848 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:28:50.0071 6848 Themes - ok
21:28:50.0087 6848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:28:50.0118 6848 THREADORDER - ok
21:28:50.0134 6848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:28:50.0165 6848 TrkWks - ok
21:28:50.0212 6848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:28:50.0259 6848 TrustedInstaller - ok
21:28:50.0274 6848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:50.0321 6848 tssecsrv - ok
21:28:50.0337 6848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:28:50.0337 6848 TsUsbFlt - ok
21:28:50.0368 6848 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:28:50.0368 6848 TsUsbGD - ok
21:28:50.0399 6848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:28:50.0430 6848 tunnel - ok
21:28:50.0446 6848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:28:50.0461 6848 uagp35 - ok
21:28:50.0524 6848 uCamMonitor (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:28:50.0539 6848 uCamMonitor - ok
21:28:50.0571 6848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:28:50.0617 6848 udfs - ok
21:28:50.0649 6848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:28:50.0664 6848 UI0Detect - ok
21:28:50.0680 6848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:28:50.0695 6848 uliagpkx - ok
21:28:50.0711 6848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:28:50.0727 6848 umbus - ok
21:28:50.0758 6848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:28:50.0773 6848 UmPass - ok
21:28:50.0914 6848 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:28:50.0961 6848 UNS - ok
21:28:51.0023 6848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:28:51.0101 6848 upnphost - ok
21:28:51.0148 6848 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:28:51.0195 6848 usbaudio - ok
21:28:51.0210 6848 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:51.0226 6848 usbccgp - ok
21:28:51.0241 6848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:28:51.0257 6848 usbcir - ok
21:28:51.0273 6848 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:28:51.0273 6848 usbehci - ok
21:28:51.0319 6848 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
21:28:51.0335 6848 usbhub - ok
21:28:51.0351 6848 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:28:51.0366 6848 usbohci - ok
21:28:51.0397 6848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:28:51.0413 6848 usbprint - ok
21:28:51.0429 6848 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:51.0444 6848 USBSTOR - ok
21:28:51.0460 6848 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:28:51.0475 6848 usbuhci - ok
21:28:51.0507 6848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:28:51.0522 6848 usbvideo - ok
21:28:51.0538 6848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:28:51.0585 6848 UxSms - ok
21:28:51.0647 6848 VAIO Event Service (387d3dffcf0a544539e9c5d8b81169a2) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
21:28:51.0663 6848 VAIO Event Service - ok
21:28:51.0756 6848 VAIO Power Management (d1933e428d991b15affd48b1a7beb643) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:28:51.0787 6848 VAIO Power Management - ok
21:28:51.0834 6848 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:28:51.0850 6848 VaultSvc - ok
21:28:51.0943 6848 VCFw (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:28:51.0990 6848 VCFw - ok
21:28:52.0021 6848 VcmIAlzMgr (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:28:52.0053 6848 VcmIAlzMgr - ok
21:28:52.0084 6848 VcmINSMgr (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:28:52.0099 6848 VcmINSMgr - ok
21:28:52.0146 6848 VcmXmlIfHelper (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:28:52.0146 6848 VcmXmlIfHelper - ok
21:28:52.0177 6848 VCService (3c7ebb0924b7f469674ea417fdb6d7e3) C:\Program Files\Sony\VAIO Care\VCService.exe
21:28:52.0193 6848 VCService - ok
21:28:52.0271 6848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:28:52.0302 6848 vdrvroot - ok
21:28:52.0318 6848 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:28:52.0380 6848 vds - ok
21:28:52.0396 6848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:52.0411 6848 vga - ok
21:28:52.0427 6848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:28:52.0474 6848 VgaSave - ok
21:28:52.0505 6848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:28:52.0521 6848 vhdmp - ok
21:28:52.0521 6848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:28:52.0536 6848 viaide - ok
21:28:52.0599 6848 VIPAppService (6ad85f32ea4aa65bb2ea652f2b9d4005) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
21:28:52.0614 6848 VIPAppService - ok
21:28:52.0645 6848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:28:52.0661 6848 volmgr - ok
21:28:52.0692 6848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:28:52.0708 6848 volmgrx - ok
21:28:52.0723 6848 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
21:28:52.0739 6848 volsnap - ok
21:28:52.0755 6848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:28:52.0770 6848 vsmraid - ok
21:28:52.0879 6848 VSNService (8be8c47d5b09f5550dcbf6fcd8832ccb) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
21:28:52.0926 6848 VSNService - ok
21:28:53.0363 6848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:28:53.0441 6848 VSS - ok
21:28:53.0550 6848 VUAgent (0826112cc64529ad5cf28ac6dd6eba44) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:28:53.0581 6848 VUAgent - ok
21:28:54.0065 6848 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:54.0081 6848 vwifibus - ok
21:28:54.0112 6848 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:54.0143 6848 vwififlt - ok
21:28:54.0174 6848 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:28:54.0205 6848 W32Time - ok
21:28:54.0237 6848 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:28:54.0268 6848 WacomPen - ok
21:28:54.0283 6848 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:54.0346 6848 WANARP - ok
21:28:54.0361 6848 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:54.0393 6848 Wanarpv6 - ok
21:28:54.0471 6848 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:28:54.0502 6848 WatAdminSvc - ok
21:28:54.0580 6848 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:28:54.0658 6848 wbengine - ok
21:28:54.0829 6848 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:28:54.0892 6848 WbioSrvc - ok
21:28:54.0923 6848 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:28:54.0954 6848 wcncsvc - ok
21:28:54.0970 6848 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:28:54.0985 6848 WcsPlugInService - ok
21:28:55.0017 6848 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:28:55.0032 6848 Wd - ok
21:28:55.0079 6848 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:28:55.0095 6848 Wdf01000 - ok
21:28:55.0110 6848 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:28:55.0126 6848 WdiServiceHost - ok
21:28:55.0126 6848 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:28:55.0141 6848 WdiSystemHost - ok
21:28:55.0173 6848 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:28:55.0204 6848 WebClient - ok
21:28:55.0219 6848 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:28:55.0266 6848 Wecsvc - ok
21:28:55.0282 6848 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:28:55.0313 6848 wercplsupport - ok
21:28:55.0329 6848 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:28:55.0375 6848 WerSvc - ok
21:28:55.0391 6848 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:55.0422 6848 WfpLwf - ok
21:28:55.0438 6848 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:28:55.0453 6848 WIMMount - ok
21:28:55.0469 6848 WinDefend - ok
21:28:55.0485 6848 WinHttpAutoProxySvc - ok
21:28:55.0765 6848 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:28:55.0843 6848 Winmgmt - ok
21:28:57.0372 6848 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:28:57.0450 6848 WinRM - ok
21:28:57.0575 6848 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
21:28:57.0606 6848 WinUSB - ok
21:28:58.0417 6848 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:28:58.0464 6848 Wlansvc - ok
21:28:58.0527 6848 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:28:58.0542 6848 wlcrasvc - ok
21:28:59.0541 6848 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:28:59.0603 6848 wlidsvc - ok
21:29:00.0570 6848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:29:00.0633 6848 WmiAcpi - ok
21:29:00.0695 6848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:00.0742 6848 wmiApSrv - ok
21:29:00.0757 6848 WMPNetworkSvc - ok
21:29:00.0789 6848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:29:00.0804 6848 WPCSvc - ok
21:29:00.0820 6848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:29:00.0835 6848 WPDBusEnum - ok
21:29:00.0851 6848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:00.0882 6848 ws2ifsl - ok
21:29:00.0991 6848 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:29:01.0054 6848 wscsvc - ok
21:29:01.0069 6848 WSearch - ok
21:29:01.0257 6848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:29:01.0397 6848 wuauserv - ok
21:29:01.0459 6848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:01.0537 6848 WudfPf - ok
21:29:01.0600 6848 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:01.0631 6848 WUDFRd - ok
21:29:01.0647 6848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:29:01.0678 6848 wudfsvc - ok
21:29:01.0834 6848 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:29:01.0881 6848 WwanSvc - ok
21:29:01.0912 6848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:02.0442 6848 \Device\Harddisk0\DR0 - ok
21:29:02.0458 6848 Boot (0x1200) (4e84b7025860845bcf1dea6b699b070d) \Device\Harddisk0\DR0\Partition0
21:29:02.0458 6848 \Device\Harddisk0\DR0\Partition0 - ok
21:29:02.0489 6848 Boot (0x1200) (14ff3f5151598187038e7b2097bbeac7) \Device\Harddisk0\DR0\Partition1
21:29:02.0489 6848 \Device\Harddisk0\DR0\Partition1 - ok
21:29:02.0489 6848 ============================================================
21:29:02.0489 6848 Scan finished
21:29:02.0489 6848 ============================================================
21:29:02.0520 6840 Detected object count: 1
21:29:02.0520 6840 Actual detected object count: 1
21:29:17.0325 6840 Oasis2Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:17.0325 6840 Oasis2Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

[aswMBR log:]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 21:44:49
-----------------------------
21:44:49.178 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:49.178 Number of processors: 4 586 0x2A07
21:44:49.178 ComputerName: JE K UserName: Ja K
21:44:52.314 Initialize success
21:45:45.125 AVAST engine defs: 12042401
21:53:10.272 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:53:10.288 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 3
21:53:10.303 Disk 0 MBR read successfully
21:53:10.303 Disk 0 MBR scan
21:53:10.319 Disk 0 Windows 7 default MBR code
21:53:10.334 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12816 MB offset 2048
21:53:10.350 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26249216
21:53:10.366 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 940951 MB offset 26454016
21:53:10.397 Disk 0 scanning C:\Windows\system32\drivers
21:53:18.883 Service scanning
21:53:38.274 Modules scanning
21:53:38.274 Disk 0 trace - called modules:
21:53:38.290 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
21:53:38.305 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ff8060]
21:53:38.633 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80041d4c50]
21:53:38.648 5 ACPI.sys[fffff88000d607a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80041d3050]
21:53:46.214 AVAST engine scan C:\Windows
21:53:49.241 AVAST engine scan C:\Windows\system32
21:56:30.483 AVAST engine scan C:\Windows\system32\drivers
21:56:45.817 AVAST engine scan C:\Users\Ja K
22:14:19.022 AVAST engine scan C:\ProgramData
22:16:15.196 Scan finished successfully
22:47:16.226 Disk 0 MBR has been saved successfully to "C:\Users\Ja K\Desktop\MBR.dat"
22:47:16.226 The log file has been saved successfully to "C:\Users\Ja K\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 25 April 2012 - 01:47 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\Je K\AppData\Local\Premiumplay Codec-C
c:\program files (x86)\Premiumplay Codec-C
C:\codec-info

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 25 April 2012 - 02:41 AM

Hi, I ran the CFScript.txt, as instructed.

Combofix started up as it did before, and appeared to be running the same way -- it just went a lot faster. It also did a few extra things (as indicated in the script) and it also deleted the CFScript.txt file.

It did reboot the PC, and then created a log, however, there is a problem, because everything is locked up. Whenever I attempt to open something from the taskbar, start menu, or desktop (notepad, explorer, etc.) it pops up a warning window that says "Illegal operation attempted on a registry key that has been marked for deletion".

I'm posting this on another PC, and I don't know how to get the Combofix log to you.

Help :)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 25 April 2012 - 02:58 AM

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 SafeDragon

SafeDragon
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 25 April 2012 - 03:12 AM

:whistle:

Uh, yeah, that worked :)

There aren't any obvious problems on the PC that I can see.

Here's the second Combofix log:

ComboFix 12-04-24.05 - Ja K 04/24/2012 23:59:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2781 [GMT -7:00]
Running from: c:\users\Ja K\Desktop\ComboFix.exe
Command switches used :: c:\users\Ja K\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\program files (x86)\Premiumplay Codec-C
c:\program files (x86)\Premiumplay Codec-C\appAPIinternalWrapper.js
c:\program files (x86)\Premiumplay Codec-C\fb.js
c:\program files (x86)\Premiumplay Codec-C\jquery.js
c:\program files (x86)\Premiumplay Codec-C\json.js
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.exe
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ico
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ini
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-CGui.exe
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-CInstaller.log
c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
c:\users\Je K\AppData\Local\Premiumplay Codec-C
c:\users\Je K\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 07:11 . 2012-04-25 07:11 -------- d-----w- c:\users\Je K\AppData\Local\temp
2012-04-25 07:11 . 2012-04-25 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 02:28 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F1414E2-4671-4778-BDA7-D459D8C1331A}\mpengine.dll
2012-04-22 22:59 . 2012-04-22 23:00 -------- d-----w- C:\FRST
2012-04-19 18:44 . 2012-04-19 18:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-13 01:56 . 2012-04-13 01:57 -------- d-----w- c:\users\Je K\AppData\Local\Amazon
2012-04-11 10:06 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 10:06 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 10:06 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 10:06 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-11 10:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 10:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 19:42 . 2012-04-07 19:42 -------- d-----w- c:\users\Ja K\AppData\Local\Apps
2012-04-05 04:23 . 2012-04-05 04:23 -------- d-----w- c:\program files (x86)\Coupons
2012-04-04 08:00 . 2012-04-04 08:00 -------- d-----w- c:\users\Ja K\AppData\Roaming\Atheros
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-03 04:01 . 2012-04-03 04:01 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-04-03 04:01 . 2012-04-21 22:06 -------- d-----w- c:\users\Je K\AppData\Roaming\Gmote
2012-04-03 04:00 . 2012-04-03 04:01 -------- d-----w- c:\program files (x86)\GmoteServer
2012-04-03 01:24 . 2012-04-20 03:55 -------- d-----w- c:\users\Je K\AppData\Local\WeatherBug
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\programdata\Premium
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\users\Je K\AppData\Roaming\WeatherBug
2012-04-03 01:24 . 2012-04-03 01:24 -------- d-----w- c:\program files (x86)\AWS
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- c:\users\Je K\AppData\Local\Google
2012-03-30 20:14 . 2012-04-14 11:14 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 19:18 . 2012-04-14 11:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 22:56 . 2010-05-14 06:48 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2012-03-29 22:55 . 2010-05-14 06:48 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2012-03-29 22:55 . 2010-05-14 06:48 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2012-03-29 22:55 . 2010-05-14 05:52 245248 ----a-w- c:\windows\system32\zshp1020s.dll
2012-03-29 22:12 . 2006-01-28 16:00 143360 ----a-r- c:\windows\apptune1020.exe
2012-03-29 22:12 . 2006-01-28 16:00 86016 ----a-r- c:\windows\SysWow64\ZSPOOL.DLL
2012-03-29 22:12 . 2006-01-28 16:00 24576 ----a-r- c:\windows\SysWow64\ZTAG32.DLL
2012-03-29 22:12 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\zlm.dll
2012-03-29 22:12 . 2006-01-28 16:00 28672 ----a-r- c:\windows\SysWow64\IMF32.DLL
2012-03-29 22:12 . 2006-01-28 16:00 106496 ----a-r- c:\windows\SysWow64\vshp1020.dll
2012-03-29 22:12 . 2006-01-28 16:00 102400 ----a-r- c:\windows\SysWow64\ZLhp1020.dll
2012-03-29 22:12 . 2006-01-28 16:00 442368 ----a-r- c:\windows\SysWow64\zshp1020.exe
2012-03-29 22:12 . 2012-03-29 22:25 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-03-29 22:12 . 2012-03-29 22:12 -------- d--h--w- c:\program files (x86)\Zenographics
2012-03-29 01:41 . 2012-03-29 01:41 -------- d-----w- c:\users\Ja K\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:14 . 2011-08-14 08:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-11 21:13 . 2011-12-20 02:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-12-20 02:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-20 02:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-20 02:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-20 02:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-12-20 02:58 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 18:30 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:30 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:30 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 00:29 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 00:29 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_03.42.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-25 07:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-25 02:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-25 02:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 07:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-25 02:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 07:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 10:03 . 2012-04-25 02:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 10:03 . 2012-04-25 05:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-21 10:03 . 2012-04-25 02:40 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-21 10:03 . 2012-04-25 05:46 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-25 02:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 05:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 02:40 . 2012-04-25 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 07:14 . 2012-04-25 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 07:14 . 2012-04-25 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-25 02:40 . 2012-04-25 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-24 18:23 . 2012-04-25 06:51 299690 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-25 02:44 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 05:52 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 05:52 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-25 02:44 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-25 02:39 411124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 07:13 411124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-01 07:27 . 2012-04-25 07:13 23517060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1114595451-408832447-3388839214-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{22C85E5E-3BE9-7A1A-7239-3E5961F46544}]
c:\windows\SysWOW64\remoteppg.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Ja K\AppData\Roaming\Spotify\Spotify.exe" [2012-03-16 4011184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\users\Ja K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ja K\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-06 2656536]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-07-24 53176]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-06-30 1380480]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-16 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-16 91296]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-06-16 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-07-22 259512]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys [x]
S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:14]
.
2012-04-25 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-15 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Ja K\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-03 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-16 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-16 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-25 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-25 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-25 416024]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ja K\AppData\Roaming\Mozilla\Firefox\Profiles\ntyjd5ms.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2012-04-25 00:17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 07:17
ComboFix2.txt 2012-04-25 03:44
.
Pre-Run: 346,658,369,536 bytes free
Post-Run: 346,690,076,672 bytes free
.
- - End Of File - - 90CA534C7C52C735913C67DCA9FC9AC6

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:05 PM

Posted 25 April 2012 - 03:21 AM

Hello

Don't worry you are not the first and Im pretty sure you won't be the last

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users