Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Background Ads


  • This topic is locked This topic is locked
20 replies to this topic

#1 vegetalordofall

vegetalordofall

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 09 May 2012 - 05:40 AM

Hey there,

I have been infected by some nasty little thing that is creating instances of 32bit Iexplorer windows in the background that are running audio adverts that I cannot tab onto or prevent occuring. I have tried a few things already such as running TDSKiller, Malware Bytes and ComboFix, all of which have not fixed this problem so far.

Here is my combofix log:

ComboFix 12-05-08.02 - Genya 09/05/2012 10:54:02.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8098.6610 [GMT 1:00]
Running from: c:\users\Genya\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\esgibaa.tmp
c:\programdata\fsgibaa.tmp
c:\programdata\slctbaa.tmp
c:\programdata\tlctbaa.tmp
c:\users\Genya\FixTDSS.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 09:57 . 2012-05-09 09:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-09 09:57 . 2012-05-09 09:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-09 09:57 . 2012-05-09 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 09:57 . 2012-05-09 09:57 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\users\Genya\AppData\Roaming\runic games
2012-05-05 11:33 . 2012-05-05 11:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 10:45 . 2011-09-22 16:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
2012-04-29 10:45 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-20 09:13 . 2012-04-20 09:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:44 . 2012-04-20 09:13 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 07:43 . 2012-04-20 07:43 -------- d-----w- c:\programdata\Battle.net
2012-04-20 07:19 . 2012-05-04 23:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:40 . 2012-05-04 23:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:22 . 2012-04-16 09:22 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-04-12 01:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:36 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:36 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:36 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:36 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 07:14 . 2012-04-10 07:14 -------- d-----w- c:\users\Genya\AppData\Local\Chromium
2012-04-09 22:31 . 2012-04-09 22:31 -------- d-----w- c:\users\Genya\AppData\Local\Funcom
2012-04-09 16:13 . 2012-04-09 16:13 -------- d-----w- c:\users\Public\Games
2012-04-09 14:49 . 2012-04-09 14:49 -------- d-----w- C:\STO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:19 . 2011-07-28 12:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-19 22:44 . 2012-03-19 22:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 22:44 . 2012-03-19 22:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 22:44 . 2012-03-19 22:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 22:44 . 2012-03-19 22:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 22:44 . 2012-03-19 22:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 22:44 . 2012-03-19 22:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-19 22:42 . 2012-03-19 22:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 22:32 . 2012-03-19 22:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 22:31 . 2012-03-19 22:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 22:31 . 2012-03-19 22:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-19 22:31 . 2012-03-19 22:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-19 22:31 . 2012-03-19 22:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 22:26 . 2012-03-19 22:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 22:25 . 2012-03-19 22:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 22:22 . 2012-03-19 22:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 22:11 . 2012-03-19 22:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 21:31 . 2012-03-19 21:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 21:21 . 2012-03-19 21:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 21:18 . 2012-03-19 21:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 21:18 . 2012-03-19 21:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 21:18 . 2012-03-19 21:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 21:18 . 2012-03-19 21:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-19 21:18 . 2012-03-19 21:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-19 21:18 . 2012-03-19 21:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-19 21:17 . 2012-03-19 21:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-19 21:17 . 2011-07-26 12:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-19 21:17 . 2011-07-26 12:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-19 21:17 . 2012-03-19 21:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-19 21:17 . 2012-03-19 21:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-19 21:17 . 2012-03-19 21:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-19 21:16 . 2012-03-19 21:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-19 21:16 . 2012-03-19 21:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-19 21:16 . 2012-03-19 21:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-19 21:12 . 2012-03-19 21:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-19 21:11 . 2012-03-19 21:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-19 21:09 . 2012-03-19 21:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-19 21:09 . 2012-03-19 21:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-19 21:09 . 2012-03-19 21:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-19 21:09 . 2012-03-19 21:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-19 21:09 . 2012-03-19 21:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-19 21:09 . 2012-03-19 21:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 00:02 . 2012-03-13 16:45 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-03-13 16:45 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-03-13 16:45 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-03-13 16:45 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-13 16:45 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-13 16:45 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-03-13 16:45 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-03-13 16:45 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-13 16:45 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2012-03-13 16:45 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2011-11-03 01:46 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-11-03 01:46 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-11-03 01:46 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2011-08-29 19:07 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-08-29 19:07 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-07-26 12:22 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-07-26 12:22 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2010-11-21 . 232DA8CA74D73220FA723C2F20258C8F . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-25 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-24 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\Desktop\2NVIDIA\REALTEMP\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:19]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003Core.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003UA.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,57,86,3e,c5,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
.
[HKEY_USERS\S-1-5-21-3433945081-1426626829-1563182973-1003\Software\SecuROM\License information*]
"datasecu"=hex:0b,ee,8f,3b,81,5b,c3,f0,56,8d,70,e0,c4,62,ba,ab,87,6c,e6,b3,4d,
14,3b,3a,17,80,a6,64,a9,4f,dd,17,ec,96,51,10,78,d4,17,74,84,2d,a7,80,d7,52,\
"rkeysecu"=hex:b7,b6,25,85,91,58,ef,5a,b9,2b,d9,ae,c1,44,36,dd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2012-05-09 11:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 10:00
.
Pre-Run: 166,852,272,128 bytes free
Post-Run: 167,058,636,800 bytes free
.
- - End Of File - - 0645B93A63D19E0157A3D4F5DDFA4168

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 11:36 AM

Hi,

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



For 64bit systems please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 02:28 PM

Thank you for the response, TDS killer did not find anything or request to reboot, here is its log:

20:25:42.0865 4040 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:25:42.0965 4040 ============================================================
20:25:42.0965 4040 Current date / time: 2012/05/12 20:25:42.0965
20:25:42.0965 4040 SystemInfo:
20:25:42.0965 4040
20:25:42.0965 4040 OS Version: 6.1.7601 ServicePack: 1.0
20:25:42.0965 4040 Product type: Workstation
20:25:42.0965 4040 ComputerName: GENYAMAIN
20:25:42.0965 4040 UserName: Genya
20:25:42.0965 4040 Windows directory: C:\Windows
20:25:42.0965 4040 System windows directory: C:\Windows
20:25:42.0965 4040 Running under WOW64
20:25:42.0965 4040 Processor architecture: Intel x64
20:25:42.0965 4040 Number of processors: 8
20:25:42.0965 4040 Page size: 0x1000
20:25:42.0965 4040 Boot type: Normal boot
20:25:42.0965 4040 ============================================================
20:25:43.0145 4040 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:43.0145 4040 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:43.0155 4040 ============================================================
20:25:43.0155 4040 \Device\Harddisk0\DR0:
20:25:43.0155 4040 MBR partitions:
20:25:43.0155 4040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:25:43.0155 4040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3B9A9AB0
20:25:43.0155 4040 \Device\Harddisk1\DR1:
20:25:43.0155 4040 MBR partitions:
20:25:43.0155 4040 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:25:43.0155 4040 ============================================================
20:25:43.0155 4040 C: <-> \Device\Harddisk0\DR0\Partition1
20:25:43.0195 4040 D: <-> \Device\Harddisk1\DR1\Partition0
20:25:43.0195 4040 ============================================================
20:25:43.0195 4040 Initialize success
20:25:43.0195 4040 ============================================================
20:25:59.0785 1700 ============================================================
20:25:59.0785 1700 Scan started
20:25:59.0785 1700 Mode: Manual; TDLFS;
20:25:59.0785 1700 ============================================================
20:25:59.0945 1700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:25:59.0955 1700 1394ohci - ok
20:25:59.0955 1700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:25:59.0965 1700 ACPI - ok
20:25:59.0965 1700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:25:59.0965 1700 AcpiPmi - ok
20:25:59.0965 1700 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:25:59.0975 1700 AdobeARMservice - ok
20:25:59.0995 1700 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:25:59.0995 1700 AdobeFlashPlayerUpdateSvc - ok
20:26:00.0005 1700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:26:00.0015 1700 adp94xx - ok
20:26:00.0025 1700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:26:00.0025 1700 adpahci - ok
20:26:00.0025 1700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:26:00.0035 1700 adpu320 - ok
20:26:00.0035 1700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:26:00.0035 1700 AeLookupSvc - ok
20:26:00.0045 1700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:26:00.0055 1700 AFD - ok
20:26:00.0055 1700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:26:00.0055 1700 agp440 - ok
20:26:00.0055 1700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:26:00.0055 1700 ALG - ok
20:26:00.0055 1700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:26:00.0065 1700 aliide - ok
20:26:00.0065 1700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:26:00.0065 1700 amdide - ok
20:26:00.0065 1700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:26:00.0065 1700 AmdK8 - ok
20:26:00.0065 1700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:26:00.0065 1700 AmdPPM - ok
20:26:00.0075 1700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:26:00.0075 1700 amdsata - ok
20:26:00.0085 1700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:26:00.0085 1700 amdsbs - ok
20:26:00.0085 1700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:26:00.0085 1700 amdxata - ok
20:26:00.0085 1700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:26:00.0085 1700 AppID - ok
20:26:00.0095 1700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:26:00.0095 1700 AppIDSvc - ok
20:26:00.0095 1700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:26:00.0095 1700 Appinfo - ok
20:26:00.0105 1700 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:26:00.0105 1700 AppMgmt - ok
20:26:00.0105 1700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:26:00.0105 1700 arc - ok
20:26:00.0115 1700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:26:00.0115 1700 arcsas - ok
20:26:00.0125 1700 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:26:00.0125 1700 aspnet_state - ok
20:26:00.0125 1700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:00.0125 1700 AsyncMac - ok
20:26:00.0125 1700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:26:00.0125 1700 atapi - ok
20:26:00.0135 1700 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
20:26:00.0135 1700 atksgt - ok
20:26:00.0155 1700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:26:00.0155 1700 AudioEndpointBuilder - ok
20:26:00.0155 1700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:26:00.0165 1700 AudioSrv - ok
20:26:00.0165 1700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:26:00.0165 1700 AxInstSV - ok
20:26:00.0175 1700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:26:00.0185 1700 b06bdrv - ok
20:26:00.0195 1700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:00.0195 1700 b57nd60a - ok
20:26:00.0195 1700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:26:00.0195 1700 BDESVC - ok
20:26:00.0205 1700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:26:00.0205 1700 Beep - ok
20:26:00.0215 1700 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:26:00.0225 1700 BFE - ok
20:26:00.0245 1700 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:26:00.0255 1700 BITS - ok
20:26:00.0255 1700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:00.0255 1700 blbdrive - ok
20:26:00.0265 1700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:26:00.0265 1700 bowser - ok
20:26:00.0265 1700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:26:00.0265 1700 BrFiltLo - ok
20:26:00.0265 1700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:26:00.0265 1700 BrFiltUp - ok
20:26:00.0265 1700 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:26:00.0275 1700 BridgeMP - ok
20:26:00.0275 1700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:26:00.0275 1700 Browser - ok
20:26:00.0285 1700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:26:00.0285 1700 Brserid - ok
20:26:00.0285 1700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:00.0285 1700 BrSerWdm - ok
20:26:00.0295 1700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:00.0295 1700 BrUsbMdm - ok
20:26:00.0295 1700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:00.0295 1700 BrUsbSer - ok
20:26:00.0295 1700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:26:00.0295 1700 BTHMODEM - ok
20:26:00.0305 1700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:26:00.0305 1700 bthserv - ok
20:26:00.0305 1700 catchme - ok
20:26:00.0305 1700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:00.0305 1700 cdfs - ok
20:26:00.0315 1700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:00.0315 1700 cdrom - ok
20:26:00.0315 1700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:26:00.0315 1700 CertPropSvc - ok
20:26:00.0325 1700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:26:00.0325 1700 circlass - ok
20:26:00.0335 1700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:26:00.0335 1700 CLFS - ok
20:26:00.0345 1700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:00.0345 1700 clr_optimization_v2.0.50727_32 - ok
20:26:00.0345 1700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:00.0345 1700 clr_optimization_v2.0.50727_64 - ok
20:26:00.0355 1700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:00.0365 1700 clr_optimization_v4.0.30319_32 - ok
20:26:00.0375 1700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:00.0375 1700 clr_optimization_v4.0.30319_64 - ok
20:26:00.0375 1700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:26:00.0375 1700 CmBatt - ok
20:26:00.0375 1700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:26:00.0375 1700 cmdide - ok
20:26:00.0395 1700 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:26:00.0395 1700 CNG - ok
20:26:00.0395 1700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:26:00.0395 1700 Compbatt - ok
20:26:00.0395 1700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:26:00.0405 1700 CompositeBus - ok
20:26:00.0405 1700 COMSysApp - ok
20:26:00.0425 1700 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:26:00.0425 1700 cphs - ok
20:26:00.0425 1700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:26:00.0425 1700 crcdisk - ok
20:26:00.0435 1700 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:26:00.0435 1700 CryptSvc - ok
20:26:00.0445 1700 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:26:00.0455 1700 CSC - ok
20:26:00.0475 1700 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:26:00.0475 1700 CscService - ok
20:26:00.0485 1700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:26:00.0495 1700 DcomLaunch - ok
20:26:00.0505 1700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:26:00.0505 1700 defragsvc - ok
20:26:00.0515 1700 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
20:26:00.0515 1700 Desura Install Service - ok
20:26:00.0515 1700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:26:00.0515 1700 DfsC - ok
20:26:00.0525 1700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:26:00.0525 1700 Dhcp - ok
20:26:00.0535 1700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:26:00.0535 1700 discache - ok
20:26:00.0535 1700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:26:00.0535 1700 Disk - ok
20:26:00.0535 1700 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:26:00.0545 1700 dmvsc - ok
20:26:00.0545 1700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:26:00.0545 1700 Dnscache - ok
20:26:00.0555 1700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:26:00.0555 1700 dot3svc - ok
20:26:00.0565 1700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:26:00.0565 1700 DPS - ok
20:26:00.0565 1700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:26:00.0565 1700 drmkaud - ok
20:26:00.0585 1700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:00.0595 1700 DXGKrnl - ok
20:26:00.0605 1700 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys
20:26:00.0605 1700 e1cexpress - ok
20:26:00.0615 1700 e1qexpress (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
20:26:00.0615 1700 e1qexpress - ok
20:26:00.0615 1700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:26:00.0615 1700 EapHost - ok
20:26:00.0695 1700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:26:00.0715 1700 ebdrv - ok
20:26:00.0735 1700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:26:00.0735 1700 EFS - ok
20:26:00.0755 1700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:26:00.0755 1700 ehRecvr - ok
20:26:00.0755 1700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:26:00.0765 1700 ehSched - ok
20:26:00.0775 1700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:26:00.0785 1700 elxstor - ok
20:26:00.0785 1700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:26:00.0785 1700 ErrDev - ok
20:26:00.0795 1700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:26:00.0795 1700 EventSystem - ok
20:26:00.0805 1700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:26:00.0805 1700 exfat - ok
20:26:00.0815 1700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:26:00.0815 1700 fastfat - ok
20:26:00.0835 1700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:26:00.0835 1700 Fax - ok
20:26:00.0835 1700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:26:00.0835 1700 fdc - ok
20:26:00.0835 1700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:26:00.0845 1700 fdPHost - ok
20:26:00.0845 1700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:26:00.0845 1700 FDResPub - ok
20:26:00.0845 1700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:26:00.0845 1700 FileInfo - ok
20:26:00.0845 1700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:26:00.0845 1700 Filetrace - ok
20:26:00.0855 1700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:26:00.0855 1700 flpydisk - ok
20:26:00.0855 1700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:26:00.0865 1700 FltMgr - ok
20:26:00.0885 1700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:26:00.0895 1700 FontCache - ok
20:26:00.0905 1700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:00.0905 1700 FontCache3.0.0.0 - ok
20:26:00.0905 1700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:26:00.0905 1700 FsDepends - ok
20:26:00.0905 1700 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:00.0905 1700 Fs_Rec - ok
20:26:00.0915 1700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:26:00.0915 1700 fvevol - ok
20:26:00.0915 1700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:26:00.0925 1700 gagp30kx - ok
20:26:00.0935 1700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:26:00.0945 1700 gpsvc - ok
20:26:00.0945 1700 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:26:00.0945 1700 hamachi - ok
20:26:01.0005 1700 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:26:01.0015 1700 Hamachi2Svc - ok
20:26:01.0035 1700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:26:01.0035 1700 hcw85cir - ok
20:26:01.0045 1700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:26:01.0045 1700 HdAudAddService - ok
20:26:01.0055 1700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:01.0055 1700 HDAudBus - ok
20:26:01.0055 1700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:26:01.0055 1700 HidBatt - ok
20:26:01.0065 1700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:26:01.0065 1700 HidBth - ok
20:26:01.0065 1700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:26:01.0065 1700 HidIr - ok
20:26:01.0065 1700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:26:01.0065 1700 hidserv - ok
20:26:01.0065 1700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:01.0075 1700 HidUsb - ok
20:26:01.0075 1700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:26:01.0075 1700 hkmsvc - ok
20:26:01.0085 1700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:26:01.0085 1700 HomeGroupListener - ok
20:26:01.0085 1700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:26:01.0095 1700 HomeGroupProvider - ok
20:26:01.0095 1700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:26:01.0095 1700 HpSAMD - ok
20:26:01.0115 1700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:26:01.0115 1700 HTTP - ok
20:26:01.0125 1700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:26:01.0125 1700 hwpolicy - ok
20:26:01.0125 1700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:01.0125 1700 i8042prt - ok
20:26:01.0135 1700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:26:01.0145 1700 iaStorV - ok
20:26:01.0165 1700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:01.0175 1700 idsvc - ok
20:26:01.0495 1700 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:26:01.0585 1700 igfx - ok
20:26:01.0605 1700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:26:01.0605 1700 iirsp - ok
20:26:01.0625 1700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:26:01.0625 1700 IKEEXT - ok
20:26:01.0695 1700 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
20:26:01.0705 1700 IntcAzAudAddService - ok
20:26:01.0735 1700 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:26:01.0735 1700 IntcDAud - ok
20:26:01.0745 1700 Intel® PROSet Monitoring Service (7a3f838f2d7c8fd8e8cff480384a798c) C:\Windows\system32\IProsetMonitor.exe
20:26:01.0745 1700 Intel® PROSet Monitoring Service - ok
20:26:01.0745 1700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:26:01.0745 1700 intelide - ok
20:26:01.0745 1700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:01.0745 1700 intelppm - ok
20:26:01.0755 1700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:26:01.0755 1700 IPBusEnum - ok
20:26:01.0755 1700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:01.0755 1700 IpFilterDriver - ok
20:26:01.0775 1700 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:26:01.0775 1700 iphlpsvc - ok
20:26:01.0775 1700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:26:01.0775 1700 IPMIDRV - ok
20:26:01.0785 1700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:26:01.0785 1700 IPNAT - ok
20:26:01.0785 1700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:26:01.0785 1700 IRENUM - ok
20:26:01.0785 1700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:26:01.0785 1700 isapnp - ok
20:26:01.0795 1700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:26:01.0795 1700 iScsiPrt - ok
20:26:01.0805 1700 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
20:26:01.0805 1700 JRAID - ok
20:26:01.0805 1700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:01.0805 1700 kbdclass - ok
20:26:01.0805 1700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:26:01.0815 1700 kbdhid - ok
20:26:01.0815 1700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:01.0815 1700 KeyIso - ok
20:26:01.0815 1700 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:26:01.0815 1700 KSecDD - ok
20:26:01.0825 1700 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:26:01.0825 1700 KSecPkg - ok
20:26:01.0825 1700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:26:01.0825 1700 ksthunk - ok
20:26:01.0835 1700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:26:01.0835 1700 KtmRm - ok
20:26:01.0845 1700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:26:01.0845 1700 LanmanServer - ok
20:26:01.0855 1700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:26:01.0855 1700 LanmanWorkstation - ok
20:26:01.0855 1700 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
20:26:01.0855 1700 lirsgt - ok
20:26:01.0865 1700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:26:01.0865 1700 lltdio - ok
20:26:01.0865 1700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:26:01.0875 1700 lltdsvc - ok
20:26:01.0875 1700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:26:01.0875 1700 lmhosts - ok
20:26:01.0875 1700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:26:01.0875 1700 LSI_FC - ok
20:26:01.0885 1700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:26:01.0885 1700 LSI_SAS - ok
20:26:01.0885 1700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:26:01.0885 1700 LSI_SAS2 - ok
20:26:01.0895 1700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:26:01.0895 1700 LSI_SCSI - ok
20:26:01.0895 1700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:26:01.0895 1700 luafv - ok
20:26:01.0905 1700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:26:01.0905 1700 Mcx2Svc - ok
20:26:01.0905 1700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:26:01.0905 1700 megasas - ok
20:26:01.0915 1700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:26:01.0915 1700 MegaSR - ok
20:26:01.0915 1700 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:26:01.0925 1700 MEIx64 - ok
20:26:01.0925 1700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:26:01.0925 1700 MMCSS - ok
20:26:01.0925 1700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:26:01.0925 1700 Modem - ok
20:26:01.0925 1700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:26:01.0925 1700 monitor - ok
20:26:01.0935 1700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:26:01.0935 1700 mouclass - ok
20:26:01.0935 1700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:26:01.0935 1700 mouhid - ok
20:26:01.0935 1700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:26:01.0935 1700 mountmgr - ok
20:26:01.0945 1700 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:26:01.0945 1700 MpFilter - ok
20:26:01.0955 1700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:26:01.0955 1700 mpio - ok
20:26:01.0955 1700 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:26:01.0955 1700 MpNWMon - ok
20:26:01.0965 1700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:26:01.0965 1700 mpsdrv - ok
20:26:01.0985 1700 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:26:01.0985 1700 MpsSvc - ok
20:26:01.0995 1700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:26:01.0995 1700 MRxDAV - ok
20:26:01.0995 1700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:01.0995 1700 mrxsmb - ok
20:26:02.0005 1700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:02.0005 1700 mrxsmb10 - ok
20:26:02.0015 1700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:02.0015 1700 mrxsmb20 - ok
20:26:02.0015 1700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:26:02.0015 1700 msahci - ok
20:26:02.0025 1700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:26:02.0025 1700 msdsm - ok
20:26:02.0025 1700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:26:02.0025 1700 MSDTC - ok
20:26:02.0035 1700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:26:02.0035 1700 Msfs - ok
20:26:02.0035 1700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:26:02.0035 1700 mshidkmdf - ok
20:26:02.0035 1700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:26:02.0035 1700 msisadrv - ok
20:26:02.0045 1700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:26:02.0045 1700 MSiSCSI - ok
20:26:02.0045 1700 msiserver - ok
20:26:02.0045 1700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:26:02.0045 1700 MSKSSRV - ok
20:26:02.0055 1700 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:26:02.0055 1700 MsMpSvc - ok
20:26:02.0055 1700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:02.0055 1700 MSPCLOCK - ok
20:26:02.0055 1700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:26:02.0055 1700 MSPQM - ok
20:26:02.0065 1700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:26:02.0065 1700 MsRPC - ok
20:26:02.0075 1700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:26:02.0075 1700 mssmbios - ok
20:26:02.0075 1700 MSSQL$SQLEXPRESS - ok
20:26:02.0075 1700 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:26:02.0085 1700 MSSQLServerADHelper100 - ok
20:26:02.0085 1700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:26:02.0085 1700 MSTEE - ok
20:26:02.0195 1700 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
20:26:02.0225 1700 msvsmon90 - ok
20:26:02.0235 1700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:26:02.0235 1700 MTConfig - ok
20:26:02.0245 1700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:26:02.0245 1700 Mup - ok
20:26:02.0255 1700 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
20:26:02.0255 1700 mv91xx - ok
20:26:02.0265 1700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:26:02.0265 1700 napagent - ok
20:26:02.0275 1700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:26:02.0285 1700 NativeWifiP - ok
20:26:02.0305 1700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:26:02.0315 1700 NDIS - ok
20:26:02.0315 1700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:26:02.0315 1700 NdisCap - ok
20:26:02.0315 1700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:02.0315 1700 NdisTapi - ok
20:26:02.0315 1700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:02.0315 1700 Ndisuio - ok
20:26:02.0325 1700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:02.0325 1700 NdisWan - ok
20:26:02.0325 1700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:26:02.0325 1700 NDProxy - ok
20:26:02.0335 1700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:26:02.0335 1700 NetBIOS - ok
20:26:02.0335 1700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:26:02.0345 1700 NetBT - ok
20:26:02.0345 1700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:02.0345 1700 Netlogon - ok
20:26:02.0365 1700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:26:02.0365 1700 Netman - ok
20:26:02.0375 1700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:02.0385 1700 NetMsmqActivator - ok
20:26:02.0385 1700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:02.0385 1700 NetPipeActivator - ok
20:26:02.0395 1700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:26:02.0395 1700 netprofm - ok
20:26:02.0405 1700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:02.0405 1700 NetTcpActivator - ok
20:26:02.0405 1700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:02.0405 1700 NetTcpPortSharing - ok
20:26:02.0405 1700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:26:02.0405 1700 nfrd960 - ok
20:26:02.0415 1700 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:26:02.0415 1700 NisDrv - ok
20:26:02.0425 1700 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:26:02.0425 1700 NisSrv - ok
20:26:02.0435 1700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:26:02.0435 1700 NlaSvc - ok
20:26:02.0435 1700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:26:02.0435 1700 Npfs - ok
20:26:02.0445 1700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:26:02.0445 1700 nsi - ok
20:26:02.0445 1700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:26:02.0445 1700 nsiproxy - ok
20:26:02.0485 1700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:26:02.0495 1700 Ntfs - ok
20:26:02.0515 1700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:26:02.0515 1700 Null - ok
20:26:02.0515 1700 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:26:02.0515 1700 nusb3hub - ok
20:26:02.0525 1700 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:26:02.0525 1700 nusb3xhc - ok
20:26:02.0535 1700 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:26:02.0535 1700 NVHDA - ok
20:26:02.0845 1700 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:26:02.0895 1700 nvlddmkm - ok
20:26:02.0915 1700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:26:02.0915 1700 nvraid - ok
20:26:02.0925 1700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:26:02.0925 1700 nvstor - ok
20:26:02.0945 1700 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
20:26:02.0955 1700 nvsvc - ok
20:26:03.0005 1700 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:26:03.0025 1700 nvUpdatusService - ok
20:26:03.0045 1700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:26:03.0045 1700 nv_agp - ok
20:26:03.0045 1700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:26:03.0045 1700 ohci1394 - ok
20:26:03.0055 1700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:26:03.0055 1700 p2pimsvc - ok
20:26:03.0065 1700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:26:03.0075 1700 p2psvc - ok
20:26:03.0075 1700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:26:03.0075 1700 Parport - ok
20:26:03.0075 1700 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:26:03.0075 1700 partmgr - ok
20:26:03.0085 1700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:26:03.0085 1700 PcaSvc - ok
20:26:03.0095 1700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:26:03.0095 1700 pci - ok
20:26:03.0095 1700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:26:03.0095 1700 pciide - ok
20:26:03.0105 1700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:26:03.0105 1700 pcmcia - ok
20:26:03.0105 1700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:26:03.0105 1700 pcw - ok
20:26:03.0125 1700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:26:03.0125 1700 PEAUTH - ok
20:26:03.0165 1700 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:26:03.0175 1700 PeerDistSvc - ok
20:26:03.0185 1700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:26:03.0185 1700 PerfHost - ok
20:26:03.0235 1700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:26:03.0245 1700 pla - ok
20:26:03.0255 1700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:26:03.0265 1700 PlugPlay - ok
20:26:03.0265 1700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:26:03.0265 1700 PNRPAutoReg - ok
20:26:03.0275 1700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:26:03.0275 1700 PNRPsvc - ok
20:26:03.0275 1700 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:26:03.0275 1700 Point64 - ok
20:26:03.0295 1700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:26:03.0295 1700 PolicyAgent - ok
20:26:03.0305 1700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:26:03.0305 1700 Power - ok
20:26:03.0305 1700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:03.0305 1700 PptpMiniport - ok
20:26:03.0315 1700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:26:03.0315 1700 Processor - ok
20:26:03.0315 1700 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:26:03.0325 1700 ProfSvc - ok
20:26:03.0325 1700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:03.0325 1700 ProtectedStorage - ok
20:26:03.0325 1700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:26:03.0335 1700 Psched - ok
20:26:03.0365 1700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:26:03.0375 1700 ql2300 - ok
20:26:03.0395 1700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:26:03.0395 1700 ql40xx - ok
20:26:03.0405 1700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:26:03.0405 1700 QWAVE - ok
20:26:03.0415 1700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:26:03.0415 1700 QWAVEdrv - ok
20:26:03.0415 1700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:03.0415 1700 RasAcd - ok
20:26:03.0415 1700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:26:03.0415 1700 RasAgileVpn - ok
20:26:03.0425 1700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:26:03.0425 1700 RasAuto - ok
20:26:03.0425 1700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:03.0425 1700 Rasl2tp - ok
20:26:03.0435 1700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:26:03.0445 1700 RasMan - ok
20:26:03.0445 1700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:03.0445 1700 RasPppoe - ok
20:26:03.0455 1700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:03.0455 1700 RasSstp - ok
20:26:03.0455 1700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:03.0465 1700 rdbss - ok
20:26:03.0465 1700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:26:03.0465 1700 rdpbus - ok
20:26:03.0465 1700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:03.0465 1700 RDPCDD - ok
20:26:03.0475 1700 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:26:03.0475 1700 RDPDR - ok
20:26:03.0475 1700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:26:03.0475 1700 RDPENCDD - ok
20:26:03.0475 1700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:26:03.0475 1700 RDPREFMP - ok
20:26:03.0485 1700 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:26:03.0485 1700 RDPWD - ok
20:26:03.0495 1700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:26:03.0495 1700 rdyboost - ok
20:26:03.0495 1700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:26:03.0505 1700 RemoteAccess - ok
20:26:03.0505 1700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:26:03.0505 1700 RemoteRegistry - ok
20:26:03.0515 1700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:26:03.0515 1700 RpcEptMapper - ok
20:26:03.0515 1700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:26:03.0515 1700 RpcLocator - ok
20:26:03.0525 1700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:26:03.0525 1700 RpcSs - ok
20:26:03.0535 1700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:03.0535 1700 rspndr - ok
20:26:03.0535 1700 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:26:03.0535 1700 s3cap - ok
20:26:03.0535 1700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:03.0535 1700 SamSs - ok
20:26:03.0545 1700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:26:03.0545 1700 sbp2port - ok
20:26:03.0545 1700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:26:03.0555 1700 SCardSvr - ok
20:26:03.0555 1700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:26:03.0555 1700 scfilter - ok
20:26:03.0585 1700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:26:03.0585 1700 Schedule - ok
20:26:03.0595 1700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:26:03.0595 1700 SCPolicySvc - ok
20:26:03.0595 1700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:26:03.0605 1700 SDRSVC - ok
20:26:03.0605 1700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:26:03.0605 1700 secdrv - ok
20:26:03.0605 1700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:26:03.0605 1700 seclogon - ok
20:26:03.0615 1700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:26:03.0615 1700 SENS - ok
20:26:03.0615 1700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:26:03.0615 1700 SensrSvc - ok
20:26:03.0615 1700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:26:03.0615 1700 Serenum - ok
20:26:03.0625 1700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:26:03.0625 1700 Serial - ok
20:26:03.0625 1700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:26:03.0625 1700 sermouse - ok
20:26:03.0635 1700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:26:03.0635 1700 SessionEnv - ok
20:26:03.0635 1700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:26:03.0635 1700 sffdisk - ok
20:26:03.0635 1700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:03.0635 1700 sffp_mmc - ok
20:26:03.0645 1700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:26:03.0645 1700 sffp_sd - ok
20:26:03.0645 1700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:26:03.0645 1700 sfloppy - ok
20:26:03.0655 1700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:26:03.0655 1700 SharedAccess - ok
20:26:03.0665 1700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:26:03.0665 1700 ShellHWDetection - ok
20:26:03.0675 1700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:26:03.0675 1700 SiSRaid2 - ok
20:26:03.0675 1700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:26:03.0675 1700 SiSRaid4 - ok
20:26:03.0685 1700 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:26:03.0685 1700 SkypeUpdate - ok
20:26:03.0685 1700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:26:03.0695 1700 Smb - ok
20:26:03.0695 1700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:26:03.0695 1700 SNMPTRAP - ok
20:26:03.0695 1700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:26:03.0695 1700 spldr - ok
20:26:03.0715 1700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:26:03.0715 1700 Spooler - ok
20:26:03.0795 1700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:26:03.0825 1700 sppsvc - ok
20:26:03.0845 1700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:26:03.0845 1700 sppuinotify - ok
20:26:03.0855 1700 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:26:03.0855 1700 SQLAgent$SQLEXPRESS - ok
20:26:03.0865 1700 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:26:03.0865 1700 SQLBrowser - ok
20:26:03.0875 1700 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:26:03.0875 1700 SQLWriter - ok
20:26:03.0895 1700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:26:03.0895 1700 srv - ok
20:26:03.0905 1700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:26:03.0905 1700 srv2 - ok
20:26:03.0915 1700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:03.0915 1700 srvnet - ok
20:26:03.0925 1700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:26:03.0925 1700 SSDPSRV - ok
20:26:03.0925 1700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:26:03.0925 1700 SstpSvc - ok
20:26:03.0935 1700 Steam Client Service - ok
20:26:03.0945 1700 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:26:03.0945 1700 Stereo Service - ok
20:26:03.0945 1700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:26:03.0945 1700 stexstor - ok
20:26:03.0965 1700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:26:03.0965 1700 stisvc - ok
20:26:03.0975 1700 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:26:03.0975 1700 storflt - ok
20:26:03.0975 1700 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:26:03.0975 1700 StorSvc - ok
20:26:03.0975 1700 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:26:03.0975 1700 storvsc - ok
20:26:03.0975 1700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:26:03.0975 1700 swenum - ok
20:26:03.0995 1700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:26:03.0995 1700 swprv - ok
20:26:04.0035 1700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:26:04.0055 1700 SysMain - ok
20:26:04.0065 1700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:26:04.0075 1700 TabletInputService - ok
20:26:04.0075 1700 tap0901 (4f0c42022bb83b275fdb724ae476b686) C:\Windows\system32\DRIVERS\tap0901.sys
20:26:04.0075 1700 tap0901 - ok
20:26:04.0085 1700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:26:04.0085 1700 TapiSrv - ok
20:26:04.0095 1700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:26:04.0095 1700 TBS - ok
20:26:04.0135 1700 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:26:04.0145 1700 Tcpip - ok
20:26:04.0205 1700 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:26:04.0215 1700 TCPIP6 - ok
20:26:04.0235 1700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:26:04.0235 1700 tcpipreg - ok
20:26:04.0235 1700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:26:04.0235 1700 TDPIPE - ok
20:26:04.0235 1700 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:26:04.0235 1700 TDTCP - ok
20:26:04.0245 1700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:26:04.0245 1700 tdx - ok
20:26:04.0245 1700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:26:04.0245 1700 TermDD - ok
20:26:04.0265 1700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:26:04.0265 1700 TermService - ok
20:26:04.0275 1700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:26:04.0275 1700 Themes - ok
20:26:04.0275 1700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:26:04.0275 1700 THREADORDER - ok
20:26:04.0275 1700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:26:04.0285 1700 TrkWks - ok
20:26:04.0285 1700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:26:04.0285 1700 TrustedInstaller - ok
20:26:04.0295 1700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:26:04.0295 1700 tssecsrv - ok
20:26:04.0295 1700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:26:04.0295 1700 TsUsbFlt - ok
20:26:04.0295 1700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:26:04.0305 1700 TsUsbGD - ok
20:26:04.0305 1700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:26:04.0305 1700 tunnel - ok
20:26:04.0305 1700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:26:04.0305 1700 uagp35 - ok
20:26:04.0315 1700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:26:04.0325 1700 udfs - ok
20:26:04.0325 1700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:26:04.0325 1700 UI0Detect - ok
20:26:04.0325 1700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:26:04.0335 1700 uliagpkx - ok
20:26:04.0335 1700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:26:04.0335 1700 umbus - ok
20:26:04.0335 1700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:26:04.0335 1700 UmPass - ok
20:26:04.0345 1700 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:26:04.0345 1700 UmRdpService - ok
20:26:04.0357 1700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:26:04.0360 1700 upnphost - ok
20:26:04.0365 1700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
20:26:04.0367 1700 usbccgp - ok
20:26:04.0370 1700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:26:04.0372 1700 usbcir - ok
20:26:04.0375 1700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:26:04.0375 1700 usbehci - ok
20:26:04.0385 1700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:26:04.0387 1700 usbhub - ok
20:26:04.0390 1700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:26:04.0392 1700 usbohci - ok
20:26:04.0395 1700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:26:04.0395 1700 usbprint - ok
20:26:04.0397 1700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:26:04.0400 1700 USBSTOR - ok
20:26:04.0402 1700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:26:04.0402 1700 usbuhci - ok
20:26:04.0405 1700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:26:04.0405 1700 UxSms - ok
20:26:04.0407 1700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:04.0410 1700 VaultSvc - ok
20:26:04.0412 1700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:26:04.0412 1700 vdrvroot - ok
20:26:04.0425 1700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:26:04.0430 1700 vds - ok
20:26:04.0432 1700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:26:04.0432 1700 vga - ok
20:26:04.0435 1700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:26:04.0435 1700 VgaSave - ok
20:26:04.0442 1700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:26:04.0442 1700 vhdmp - ok
20:26:04.0445 1700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:26:04.0447 1700 viaide - ok
20:26:04.0452 1700 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:26:04.0455 1700 vmbus - ok
20:26:04.0457 1700 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:26:04.0457 1700 VMBusHID - ok
20:26:04.0460 1700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:26:04.0462 1700 volmgr - ok
20:26:04.0472 1700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:26:04.0475 1700 volmgrx - ok
20:26:04.0482 1700 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
20:26:04.0485 1700 volsnap - ok
20:26:04.0490 1700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:26:04.0490 1700 vsmraid - ok
20:26:04.0525 1700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:26:04.0537 1700 VSS - ok
20:26:04.0555 1700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:26:04.0555 1700 vwifibus - ok
20:26:04.0565 1700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:26:04.0567 1700 W32Time - ok
20:26:04.0570 1700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:26:04.0572 1700 WacomPen - ok
20:26:04.0575 1700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:04.0577 1700 WANARP - ok
20:26:04.0577 1700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:04.0577 1700 Wanarpv6 - ok
20:26:04.0607 1700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:26:04.0617 1700 WatAdminSvc - ok
20:26:04.0652 1700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:26:04.0662 1700 wbengine - ok
20:26:04.0682 1700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:26:04.0682 1700 WbioSrvc - ok
20:26:04.0692 1700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:26:04.0692 1700 wcncsvc - ok
20:26:04.0702 1700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:26:04.0702 1700 WcsPlugInService - ok
20:26:04.0702 1700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:26:04.0702 1700 Wd - ok
20:26:04.0722 1700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:26:04.0722 1700 Wdf01000 - ok
20:26:04.0722 1700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:26:04.0732 1700 WdiServiceHost - ok
20:26:04.0732 1700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:26:04.0732 1700 WdiSystemHost - ok
20:26:04.0742 1700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:26:04.0742 1700 WebClient - ok
20:26:04.0742 1700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:26:04.0752 1700 Wecsvc - ok
20:26:04.0752 1700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:26:04.0752 1700 wercplsupport - ok
20:26:04.0762 1700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:26:04.0762 1700 WerSvc - ok
20:26:04.0762 1700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:26:04.0762 1700 WfpLwf - ok
20:26:04.0762 1700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:26:04.0762 1700 WIMMount - ok
20:26:04.0772 1700 WinDefend - ok
20:26:04.0772 1700 WinHttpAutoProxySvc - ok
20:26:04.0782 1700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:26:04.0782 1700 Winmgmt - ok
20:26:04.0782 1700 WinRing0_1_2_0 - ok
20:26:04.0832 1700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:26:04.0842 1700 WinRM - ok
20:26:04.0882 1700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:26:04.0892 1700 Wlansvc - ok
20:26:04.0942 1700 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:26:04.0962 1700 wlidsvc - ok
20:26:04.0982 1700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:26:04.0982 1700 WmiAcpi - ok
20:26:04.0982 1700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:26:04.0992 1700 wmiApSrv - ok
20:26:04.0992 1700 WMPNetworkSvc - ok
20:26:04.0992 1700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:26:04.0992 1700 WPCSvc - ok
20:26:05.0002 1700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:26:05.0002 1700 WPDBusEnum - ok
20:26:05.0002 1700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:26:05.0002 1700 ws2ifsl - ok
20:26:05.0002 1700 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:26:05.0012 1700 wscsvc - ok
20:26:05.0012 1700 WSearch - ok
20:26:05.0062 1700 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:26:05.0082 1700 wuauserv - ok
20:26:05.0102 1700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:26:05.0102 1700 WudfPf - ok
20:26:05.0102 1700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:26:05.0102 1700 WUDFRd - ok
20:26:05.0112 1700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:26:05.0112 1700 wudfsvc - ok
20:26:05.0122 1700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:26:05.0122 1700 WwanSvc - ok
20:26:05.0122 1700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:26:05.0162 1700 \Device\Harddisk0\DR0 - ok
20:26:05.0165 1700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:26:05.0265 1700 \Device\Harddisk1\DR1 - ok
20:26:05.0275 1700 Boot (0x1200) (f43806b6b936b6e5d1196842d6fbd8c7) \Device\Harddisk0\DR0\Partition0
20:26:05.0275 1700 \Device\Harddisk0\DR0\Partition0 - ok
20:26:05.0275 1700 Boot (0x1200) (f82898fd0a80f1c7ef576e2614fa2917) \Device\Harddisk0\DR0\Partition1
20:26:05.0275 1700 \Device\Harddisk0\DR0\Partition1 - ok
20:26:05.0275 1700 Boot (0x1200) (ab02f1d66ca0092506182a7c26d6eb0c) \Device\Harddisk1\DR1\Partition0
20:26:05.0285 1700 \Device\Harddisk1\DR1\Partition0 - ok
20:26:05.0285 1700 ============================================================
20:26:05.0285 1700 Scan finished
20:26:05.0285 1700 ============================================================
20:26:05.0285 5320 Detected object count: 0
20:26:05.0285 5320 Actual detected object count: 0
20:26:31.0891 4032 ============================================================
20:26:31.0891 4032 Scan started
20:26:31.0891 4032 Mode: Manual; TDLFS;
20:26:31.0891 4032 ============================================================
20:26:32.0086 4032 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:26:32.0087 4032 1394ohci - ok
20:26:32.0095 4032 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:26:32.0096 4032 ACPI - ok
20:26:32.0098 4032 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:26:32.0098 4032 AcpiPmi - ok
20:26:32.0103 4032 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:32.0103 4032 AdobeARMservice - ok
20:26:32.0124 4032 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:32.0125 4032 AdobeFlashPlayerUpdateSvc - ok
20:26:32.0137 4032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:26:32.0139 4032 adp94xx - ok
20:26:32.0148 4032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:26:32.0149 4032 adpahci - ok
20:26:32.0155 4032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:26:32.0156 4032 adpu320 - ok
20:26:32.0159 4032 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:26:32.0160 4032 AeLookupSvc - ok
20:26:32.0172 4032 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:26:32.0174 4032 AFD - ok
20:26:32.0177 4032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:26:32.0177 4032 agp440 - ok
20:26:32.0180 4032 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:26:32.0180 4032 ALG - ok
20:26:32.0182 4032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:26:32.0182 4032 aliide - ok
20:26:32.0183 4032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:26:32.0184 4032 amdide - ok
20:26:32.0186 4032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:26:32.0186 4032 AmdK8 - ok
20:26:32.0189 4032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:26:32.0189 4032 AmdPPM - ok
20:26:32.0193 4032 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:26:32.0193 4032 amdsata - ok
20:26:32.0199 4032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:26:32.0199 4032 amdsbs - ok
20:26:32.0201 4032 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:26:32.0201 4032 amdxata - ok
20:26:32.0204 4032 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:26:32.0204 4032 AppID - ok
20:26:32.0206 4032 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:26:32.0206 4032 AppIDSvc - ok
20:26:32.0209 4032 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:26:32.0209 4032 Appinfo - ok
20:26:32.0214 4032 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:26:32.0215 4032 AppMgmt - ok
20:26:32.0218 4032 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:26:32.0218 4032 arc - ok
20:26:32.0222 4032 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:26:32.0222 4032 arcsas - ok
20:26:32.0233 4032 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:26:32.0233 4032 aspnet_state - ok
20:26:32.0235 4032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:32.0235 4032 AsyncMac - ok
20:26:32.0237 4032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:26:32.0237 4032 atapi - ok
20:26:32.0240 4032 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
20:26:32.0240 4032 atksgt - ok
20:26:32.0257 4032 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:26:32.0259 4032 AudioEndpointBuilder - ok
20:26:32.0262 4032 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:26:32.0264 4032 AudioSrv - ok
20:26:32.0268 4032 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:26:32.0269 4032 AxInstSV - ok
20:26:32.0280 4032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:26:32.0282 4032 b06bdrv - ok
20:26:32.0290 4032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:32.0291 4032 b57nd60a - ok
20:26:32.0295 4032 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:26:32.0296 4032 BDESVC - ok
20:26:32.0297 4032 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:26:32.0298 4032 Beep - ok
20:26:32.0315 4032 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:26:32.0317 4032 BFE - ok
20:26:32.0337 4032 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:26:32.0341 4032 BITS - ok
20:26:32.0345 4032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:32.0345 4032 blbdrive - ok
20:26:32.0349 4032 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:26:32.0349 4032 bowser - ok
20:26:32.0351 4032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:26:32.0351 4032 BrFiltLo - ok
20:26:32.0353 4032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:26:32.0353 4032 BrFiltUp - ok
20:26:32.0356 4032 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:26:32.0357 4032 BridgeMP - ok
20:26:32.0361 4032 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:26:32.0362 4032 Browser - ok
20:26:32.0369 4032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:26:32.0370 4032 Brserid - ok
20:26:32.0372 4032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:32.0373 4032 BrSerWdm - ok
20:26:32.0374 4032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:32.0375 4032 BrUsbMdm - ok
20:26:32.0377 4032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:32.0377 4032 BrUsbSer - ok
20:26:32.0380 4032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:26:32.0380 4032 BTHMODEM - ok
20:26:32.0384 4032 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:26:32.0384 4032 bthserv - ok
20:26:32.0385 4032 catchme - ok
20:26:32.0389 4032 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:32.0389 4032 cdfs - ok
20:26:32.0394 4032 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:32.0394 4032 cdrom - ok
20:26:32.0397 4032 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:26:32.0398 4032 CertPropSvc - ok
20:26:32.0400 4032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:26:32.0400 4032 circlass - ok
20:26:32.0409 4032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:26:32.0411 4032 CLFS - ok
20:26:32.0416 4032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:32.0416 4032 clr_optimization_v2.0.50727_32 - ok
20:26:32.0420 4032 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:32.0421 4032 clr_optimization_v2.0.50727_64 - ok
20:26:32.0428 4032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:32.0429 4032 clr_optimization_v4.0.30319_32 - ok
20:26:32.0435 4032 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:32.0436 4032 clr_optimization_v4.0.30319_64 - ok
20:26:32.0438 4032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:26:32.0438 4032 CmBatt - ok
20:26:32.0440 4032 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:26:32.0440 4032 cmdide - ok
20:26:32.0450 4032 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:26:32.0452 4032 CNG - ok
20:26:32.0454 4032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:26:32.0454 4032 Compbatt - ok
20:26:32.0457 4032 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:26:32.0457 4032 CompositeBus - ok
20:26:32.0458 4032 COMSysApp - ok
20:26:32.0477 4032 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:26:32.0478 4032 cphs - ok
20:26:32.0480 4032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:26:32.0481 4032 crcdisk - ok
20:26:32.0487 4032 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:26:32.0487 4032 CryptSvc - ok
20:26:32.0500 4032 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:26:32.0502 4032 CSC - ok
20:26:32.0518 4032 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:26:32.0521 4032 CscService - ok
20:26:32.0534 4032 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:26:32.0537 4032 DcomLaunch - ok
20:26:32.0544 4032 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:26:32.0545 4032 defragsvc - ok
20:26:32.0551 4032 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
20:26:32.0552 4032 Desura Install Service - ok
20:26:32.0557 4032 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:26:32.0557 4032 DfsC - ok
20:26:32.0565 4032 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:26:32.0567 4032 Dhcp - ok
20:26:32.0569 4032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:26:32.0569 4032 discache - ok
20:26:32.0573 4032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:26:32.0573 4032 Disk - ok
20:26:32.0576 4032 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:26:32.0576 4032 dmvsc - ok
20:26:32.0581 4032 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:26:32.0582 4032 Dnscache - ok
20:26:32.0589 4032 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:26:32.0590 4032 dot3svc - ok
20:26:32.0595 4032 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:26:32.0596 4032 DPS - ok
20:26:32.0597 4032 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:26:32.0597 4032 drmkaud - ok
20:26:32.0621 4032 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:32.0624 4032 DXGKrnl - ok
20:26:32.0633 4032 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys
20:26:32.0634 4032 e1cexpress - ok
20:26:32.0643 4032 e1qexpress (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
20:26:32.0644 4032 e1qexpress - ok
20:26:32.0648 4032 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:26:32.0649 4032 EapHost - ok
20:26:32.0723 4032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:26:32.0733 4032 ebdrv - ok
20:26:32.0750 4032 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:26:32.0750 4032 EFS - ok
20:26:32.0767 4032 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:26:32.0770 4032 ehRecvr - ok
20:26:32.0774 4032 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:26:32.0775 4032 ehSched - ok
20:26:32.0790 4032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:26:32.0792 4032 elxstor - ok
20:26:32.0794 4032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:26:32.0794 4032 ErrDev - ok
20:26:32.0806 4032 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:26:32.0807 4032 EventSystem - ok
20:26:32.0813 4032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:26:32.0814 4032 exfat - ok
20:26:32.0820 4032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:26:32.0821 4032 fastfat - ok
20:26:32.0837 4032 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:26:32.0840 4032 Fax - ok
20:26:32.0842 4032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:26:32.0842 4032 fdc - ok
20:26:32.0844 4032 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:26:32.0845 4032 fdPHost - ok
20:26:32.0847 4032 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:26:32.0847 4032 FDResPub - ok
20:26:32.0850 4032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:26:32.0851 4032 FileInfo - ok
20:26:32.0853 4032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:26:32.0853 4032 Filetrace - ok
20:26:32.0855 4032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:26:32.0855 4032 flpydisk - ok
20:26:32.0862 4032 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:26:32.0863 4032 FltMgr - ok
20:26:32.0890 4032 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:26:32.0894 4032 FontCache - ok
20:26:32.0898 4032 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:32.0899 4032 FontCache3.0.0.0 - ok
20:26:32.0903 4032 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:26:32.0903 4032 FsDepends - ok
20:26:32.0905 4032 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:32.0905 4032 Fs_Rec - ok
20:26:32.0911 4032 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:26:32.0912 4032 fvevol - ok
20:26:32.0915 4032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:26:32.0915 4032 gagp30kx - ok
20:26:32.0934 4032 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:26:32.0936 4032 gpsvc - ok
20:26:32.0939 4032 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:26:32.0939 4032 hamachi - ok
20:26:32.0992 4032 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:26:33.0000 4032 Hamachi2Svc - ok
20:26:33.0019 4032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:26:33.0019 4032 hcw85cir - ok
20:26:33.0028 4032 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:26:33.0029 4032 HdAudAddService - ok
20:26:33.0034 4032 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:33.0034 4032 HDAudBus - ok
20:26:33.0036 4032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:26:33.0037 4032 HidBatt - ok
20:26:33.0041 4032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:26:33.0041 4032 HidBth - ok
20:26:33.0043 4032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:26:33.0044 4032 HidIr - ok
20:26:33.0046 4032 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:26:33.0046 4032 hidserv - ok
20:26:33.0048 4032 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:33.0049 4032 HidUsb - ok
20:26:33.0053 4032 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:26:33.0053 4032 hkmsvc - ok
20:26:33.0060 4032 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:26:33.0061 4032 HomeGroupListener - ok
20:26:33.0067 4032 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:26:33.0068 4032 HomeGroupProvider - ok
20:26:33.0071 4032 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:26:33.0072 4032 HpSAMD - ok
20:26:33.0089 4032 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:26:33.0091 4032 HTTP - ok
20:26:33.0093 4032 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:26:33.0094 4032 hwpolicy - ok
20:26:33.0097 4032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:33.0098 4032 i8042prt - ok
20:26:33.0108 4032 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:26:33.0110 4032 iaStorV - ok
20:26:33.0132 4032 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:33.0135 4032 idsvc - ok
20:26:33.0449 4032 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:26:33.0497 4032 igfx - ok
20:26:33.0519 4032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:26:33.0519 4032 iirsp - ok
20:26:33.0539 4032 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:26:33.0542 4032 IKEEXT - ok
20:26:33.0609 4032 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
20:26:33.0619 4032 IntcAzAudAddService - ok
20:26:33.0644 4032 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:26:33.0645 4032 IntcDAud - ok
20:26:33.0650 4032 Intel® PROSet Monitoring Service (7a3f838f2d7c8fd8e8cff480384a798c) C:\Windows\system32\IProsetMonitor.exe
20:26:33.0651 4032 Intel® PROSet Monitoring Service - ok
20:26:33.0653 4032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:26:33.0653 4032 intelide - ok
20:26:33.0656 4032 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:33.0656 4032 intelppm - ok
20:26:33.0660 4032 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:26:33.0661 4032 IPBusEnum - ok
20:26:33.0663 4032 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:33.0664 4032 IpFilterDriver - ok
20:26:33.0678 4032 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:26:33.0680 4032 iphlpsvc - ok
20:26:33.0683 4032 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:26:33.0684 4032 IPMIDRV - ok
20:26:33.0688 4032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:26:33.0688 4032 IPNAT - ok
20:26:33.0690 4032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:26:33.0690 4032 IRENUM - ok
20:26:33.0692 4032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:26:33.0692 4032 isapnp - ok
20:26:33.0699 4032 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:26:33.0700 4032 iScsiPrt - ok
20:26:33.0705 4032 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
20:26:33.0706 4032 JRAID - ok
20:26:33.0708 4032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:33.0708 4032 kbdclass - ok
20:26:33.0710 4032 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:26:33.0710 4032 kbdhid - ok
20:26:33.0712 4032 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:33.0713 4032 KeyIso - ok
20:26:33.0716 4032 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:26:33.0717 4032 KSecDD - ok
20:26:33.0721 4032 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:26:33.0722 4032 KSecPkg - ok
20:26:33.0724 4032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:26:33.0724 4032 ksthunk - ok
20:26:33.0733 4032 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:26:33.0735 4032 KtmRm - ok
20:26:33.0742 4032 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:26:33.0743 4032 LanmanServer - ok
20:26:33.0747 4032 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:26:33.0749 4032 LanmanWorkstation - ok
20:26:33.0752 4032 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
20:26:33.0752 4032 lirsgt - ok
20:26:33.0754 4032 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:26:33.0755 4032 lltdio - ok
20:26:33.0763 4032 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:26:33.0764 4032 lltdsvc - ok
20:26:33.0766 4032 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:26:33.0767 4032 lmhosts - ok
20:26:33.0771 4032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:26:33.0772 4032 LSI_FC - ok
20:26:33.0775 4032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:26:33.0776 4032 LSI_SAS - ok
20:26:33.0778 4032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:26:33.0779 4032 LSI_SAS2 - ok
20:26:33.0782 4032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:26:33.0783 4032 LSI_SCSI - ok
20:26:33.0786 4032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:26:33.0787 4032 luafv - ok
20:26:33.0790 4032 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:26:33.0791 4032 Mcx2Svc - ok
20:26:33.0793 4032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:26:33.0793 4032 megasas - ok
20:26:33.0801 4032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:26:33.0802 4032 MegaSR - ok
20:26:33.0805 4032 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:26:33.0805 4032 MEIx64 - ok
20:26:33.0808 4032 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:26:33.0809 4032 MMCSS - ok
20:26:33.0811 4032 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:26:33.0811 4032 Modem - ok
20:26:33.0813 4032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:26:33.0813 4032 monitor - ok
20:26:33.0815 4032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:26:33.0816 4032 mouclass - ok
20:26:33.0818 4032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:26:33.0818 4032 mouhid - ok
20:26:33.0821 4032 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:26:33.0822 4032 mountmgr - ok
20:26:33.0827 4032 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:26:33.0828 4032 MpFilter - ok
20:26:33.0833 4032 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:26:33.0833 4032 mpio - ok
20:26:33.0835 4032 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:26:33.0836 4032 MpNWMon - ok
20:26:33.0838 4032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:26:33.0839 4032 mpsdrv - ok
20:26:33.0859 4032 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:26:33.0862 4032 MpsSvc - ok
20:26:33.0867 4032 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:26:33.0867 4032 MRxDAV - ok
20:26:33.0872 4032 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:33.0873 4032 mrxsmb - ok
20:26:33.0881 4032 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:33.0882 4032 mrxsmb10 - ok
20:26:33.0886 4032 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:33.0887 4032 mrxsmb20 - ok
20:26:33.0889 4032 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:26:33.0889 4032 msahci - ok
20:26:33.0898 4032 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:26:33.0898 4032 msdsm - ok
20:26:33.0903 4032 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:26:33.0904 4032 MSDTC - ok
20:26:33.0907 4032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:26:33.0908 4032 Msfs - ok
20:26:33.0909 4032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:26:33.0910 4032 mshidkmdf - ok
20:26:33.0912 4032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:26:33.0912 4032 msisadrv - ok
20:26:33.0916 4032 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:26:33.0918 4032 MSiSCSI - ok
20:26:33.0919 4032 msiserver - ok
20:26:33.0921 4032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:26:33.0921 4032 MSKSSRV - ok
20:26:33.0924 4032 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:26:33.0924 4032 MsMpSvc - ok
20:26:33.0926 4032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:33.0926 4032 MSPCLOCK - ok
20:26:33.0928 4032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:26:33.0928 4032 MSPQM - ok
20:26:33.0936 4032 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:26:33.0938 4032 MsRPC - ok
20:26:33.0941 4032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:26:33.0941 4032 mssmbios - ok
20:26:33.0945 4032 MSSQL$SQLEXPRESS - ok
20:26:33.0949 4032 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:26:33.0950 4032 MSSQLServerADHelper100 - ok
20:26:33.0951 4032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:26:33.0951 4032 MSTEE - ok
20:26:34.0061 4032 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
20:26:34.0076 4032 msvsmon90 - ok
20:26:34.0095 4032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:26:34.0096 4032 MTConfig - ok
20:26:34.0098 4032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:26:34.0099 4032 Mup - ok
20:26:34.0107 4032 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
20:26:34.0108 4032 mv91xx - ok
20:26:34.0120 4032 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:26:34.0122 4032 napagent - ok
20:26:34.0131 4032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:26:34.0132 4032 NativeWifiP - ok
20:26:34.0155 4032 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:26:34.0158 4032 NDIS - ok
20:26:34.0160 4032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:26:34.0161 4032 NdisCap - ok
20:26:34.0163 4032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:34.0163 4032 NdisTapi - ok
20:26:34.0165 4032 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:34.0166 4032 Ndisuio - ok
20:26:34.0170 4032 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:34.0171 4032 NdisWan - ok
20:26:34.0174 4032 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:26:34.0174 4032 NDProxy - ok
20:26:34.0176 4032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:26:34.0176 4032 NetBIOS - ok
20:26:34.0184 4032 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:26:34.0185 4032 NetBT - ok
20:26:34.0187 4032 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:34.0187 4032 Netlogon - ok
20:26:34.0197 4032 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:26:34.0199 4032 Netman - ok
20:26:34.0207 4032 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:34.0208 4032 NetMsmqActivator - ok
20:26:34.0209 4032 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:34.0210 4032 NetPipeActivator - ok
20:26:34.0221 4032 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:26:34.0223 4032 netprofm - ok
20:26:34.0225 4032 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:34.0226 4032 NetTcpActivator - ok
20:26:34.0227 4032 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:34.0228 4032 NetTcpPortSharing - ok
20:26:34.0233 4032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:26:34.0234 4032 nfrd960 - ok
20:26:34.0237 4032 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:26:34.0237 4032 NisDrv - ok
20:26:34.0245 4032 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:26:34.0247 4032 NisSrv - ok
20:26:34.0251 4032 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:26:34.0251 4032 NlaSvc - ok
20:26:34.0251 4032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:26:34.0251 4032 Npfs - ok
20:26:34.0261 4032 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:26:34.0261 4032 nsi - ok
20:26:34.0261 4032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:26:34.0261 4032 nsiproxy - ok
20:26:34.0301 4032 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:26:34.0301 4032 Ntfs - ok
20:26:34.0321 4032 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:26:34.0321 4032 Null - ok
20:26:34.0331 4032 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:26:34.0331 4032 nusb3hub - ok
20:26:34.0331 4032 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:26:34.0331 4032 nusb3xhc - ok
20:26:34.0341 4032 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:26:34.0341 4032 NVHDA - ok
20:26:34.0641 4032 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:26:34.0691 4032 nvlddmkm - ok
20:26:34.0711 4032 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:26:34.0711 4032 nvraid - ok
20:26:34.0721 4032 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:26:34.0724 4032 nvstor - ok
20:26:34.0736 4032 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
20:26:34.0746 4032 nvsvc - ok
20:26:34.0796 4032 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:26:34.0806 4032 nvUpdatusService - ok
20:26:34.0826 4032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:26:34.0826 4032 nv_agp - ok
20:26:34.0836 4032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:26:34.0836 4032 ohci1394 - ok
20:26:34.0846 4032 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:26:34.0846 4032 p2pimsvc - ok
20:26:34.0876 4032 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:26:34.0876 4032 p2psvc - ok
20:26:34.0886 4032 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:26:34.0886 4032 Parport - ok
20:26:34.0886 4032 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:26:34.0886 4032 partmgr - ok
20:26:34.0896 4032 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:26:34.0896 4032 PcaSvc - ok
20:26:34.0896 4032 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:26:34.0896 4032 pci - ok
20:26:34.0896 4032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:26:34.0896 4032 pciide - ok
20:26:34.0906 4032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:26:34.0906 4032 pcmcia - ok
20:26:34.0906 4032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:26:34.0916 4032 pcw - ok
20:26:34.0926 4032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:26:34.0926 4032 PEAUTH - ok
20:26:34.0966 4032 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:26:34.0966 4032 PeerDistSvc - ok
20:26:34.0986 4032 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:26:34.0986 4032 PerfHost - ok
20:26:35.0036 4032 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:26:35.0036 4032 pla - ok
20:26:35.0046 4032 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:26:35.0046 4032 PlugPlay - ok
20:26:35.0056 4032 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:26:35.0056 4032 PNRPAutoReg - ok
20:26:35.0066 4032 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:26:35.0066 4032 PNRPsvc - ok
20:26:35.0066 4032 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:26:35.0066 4032 Point64 - ok
20:26:35.0086 4032 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:26:35.0086 4032 PolicyAgent - ok
20:26:35.0086 4032 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:26:35.0096 4032 Power - ok
20:26:35.0096 4032 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:35.0096 4032 PptpMiniport - ok
20:26:35.0096 4032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:26:35.0096 4032 Processor - ok
20:26:35.0106 4032 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:26:35.0106 4032 ProfSvc - ok
20:26:35.0106 4032 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:35.0106 4032 ProtectedStorage - ok
20:26:35.0116 4032 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:26:35.0116 4032 Psched - ok
20:26:35.0166 4032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:26:35.0166 4032 ql2300 - ok
20:26:35.0196 4032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:26:35.0196 4032 ql40xx - ok
20:26:35.0196 4032 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:26:35.0196 4032 QWAVE - ok
20:26:35.0206 4032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:26:35.0206 4032 QWAVEdrv - ok
20:26:35.0206 4032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:35.0206 4032 RasAcd - ok
20:26:35.0206 4032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:26:35.0206 4032 RasAgileVpn - ok
20:26:35.0216 4032 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:26:35.0216 4032 RasAuto - ok
20:26:35.0216 4032 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:35.0216 4032 Rasl2tp - ok
20:26:35.0226 4032 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:26:35.0226 4032 RasMan - ok
20:26:35.0236 4032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:35.0236 4032 RasPppoe - ok
20:26:35.0236 4032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:35.0236 4032 RasSstp - ok
20:26:35.0246 4032 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:35.0246 4032 rdbss - ok
20:26:35.0246 4032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:26:35.0246 4032 rdpbus - ok
20:26:35.0256 4032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:35.0256 4032 RDPCDD - ok
20:26:35.0256 4032 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:26:35.0256 4032 RDPDR - ok
20:26:35.0256 4032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:26:35.0256 4032 RDPENCDD - ok
20:26:35.0266 4032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:26:35.0266 4032 RDPREFMP - ok
20:26:35.0266 4032 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:26:35.0266 4032 RDPWD - ok
20:26:35.0276 4032 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:26:35.0276 4032 rdyboost - ok
20:26:35.0286 4032 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:26:35.0286 4032 RemoteAccess - ok
20:26:35.0286 4032 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:26:35.0286 4032 RemoteRegistry - ok
20:26:35.0296 4032 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:26:35.0296 4032 RpcEptMapper - ok
20:26:35.0296 4032 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:26:35.0296 4032 RpcLocator - ok
20:26:35.0306 4032 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:26:35.0306 4032 RpcSs - ok
20:26:35.0316 4032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:35.0316 4032 rspndr - ok
20:26:35.0316 4032 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:26:35.0316 4032 s3cap - ok
20:26:35.0316 4032 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:35.0316 4032 SamSs - ok
20:26:35.0326 4032 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:26:35.0326 4032 sbp2port - ok
20:26:35.0326 4032 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:26:35.0326 4032 SCardSvr - ok
20:26:35.0336 4032 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:26:35.0336 4032 scfilter - ok
20:26:35.0356 4032 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:26:35.0366 4032 Schedule - ok
20:26:35.0366 4032 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:26:35.0366 4032 SCPolicySvc - ok
20:26:35.0376 4032 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:26:35.0376 4032 SDRSVC - ok
20:26:35.0376 4032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:26:35.0376 4032 secdrv - ok
20:26:35.0376 4032 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:26:35.0376 4032 seclogon - ok
20:26:35.0386 4032 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:26:35.0386 4032 SENS - ok
20:26:35.0386 4032 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:26:35.0386 4032 SensrSvc - ok
20:26:35.0386 4032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:26:35.0386 4032 Serenum - ok
20:26:35.0396 4032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:26:35.0396 4032 Serial - ok
20:26:35.0396 4032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:26:35.0396 4032 sermouse - ok
20:26:35.0406 4032 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:26:35.0406 4032 SessionEnv - ok
20:26:35.0406 4032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:26:35.0406 4032 sffdisk - ok
20:26:35.0406 4032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:35.0406 4032 sffp_mmc - ok
20:26:35.0406 4032 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:26:35.0406 4032 sffp_sd - ok
20:26:35.0416 4032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:26:35.0416 4032 sfloppy - ok
20:26:35.0426 4032 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:26:35.0426 4032 SharedAccess - ok
20:26:35.0436 4032 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:26:35.0436 4032 ShellHWDetection - ok
20:26:35.0436 4032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:26:35.0436 4032 SiSRaid2 - ok
20:26:35.0446 4032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:26:35.0446 4032 SiSRaid4 - ok
20:26:35.0446 4032 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:26:35.0446 4032 SkypeUpdate - ok
20:26:35.0456 4032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:26:35.0456 4032 Smb - ok
20:26:35.0456 4032 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:26:35.0456 4032 SNMPTRAP - ok
20:26:35.0456 4032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:26:35.0456 4032 spldr - ok
20:26:35.0476 4032 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:26:35.0476 4032 Spooler - ok
20:26:35.0556 4032 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:26:35.0566 4032 sppsvc - ok
20:26:35.0586 4032 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:26:35.0586 4032 sppuinotify - ok
20:26:35.0606 4032 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:26:35.0606 4032 SQLAgent$SQLEXPRESS - ok
20:26:35.0606 4032 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:26:35.0616 4032 SQLBrowser - ok
20:26:35.0616 4032 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:26:35.0616 4032 SQLWriter - ok
20:26:35.0636 4032 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:26:35.0636 4032 srv - ok
20:26:35.0646 4032 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:26:35.0646 4032 srv2 - ok
20:26:35.0656 4032 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:35.0656 4032 srvnet - ok
20:26:35.0656 4032 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:26:35.0656 4032 SSDPSRV - ok
20:26:35.0666 4032 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:26:35.0666 4032 SstpSvc - ok
20:26:35.0666 4032 Steam Client Service - ok
20:26:35.0676 4032 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:26:35.0676 4032 Stereo Service - ok
20:26:35.0686 4032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:26:35.0686 4032 stexstor - ok
20:26:35.0696 4032 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:26:35.0706 4032 stisvc - ok
20:26:35.0706 4032 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:26:35.0706 4032 storflt - ok
20:26:35.0706 4032 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:26:35.0706 4032 StorSvc - ok
20:26:35.0706 4032 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:26:35.0706 4032 storvsc - ok
20:26:35.0716 4032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:26:35.0716 4032 swenum - ok
20:26:35.0726 4032 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:26:35.0726 4032 swprv - ok
20:26:35.0766 4032 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:26:35.0776 4032 SysMain - ok
20:26:35.0796 4032 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:26:35.0796 4032 TabletInputService - ok
20:26:35.0796 4032 tap0901 (4f0c42022bb83b275fdb724ae476b686) C:\Windows\system32\DRIVERS\tap0901.sys
20:26:35.0796 4032 tap0901 - ok
20:26:35.0806 4032 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:26:35.0806 4032 TapiSrv - ok
20:26:35.0816 4032 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:26:35.0816 4032 TBS - ok
20:26:35.0856 4032 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:26:35.0866 4032 Tcpip - ok
20:26:35.0926 4032 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:26:35.0926 4032 TCPIP6 - ok
20:26:35.0946 4032 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:26:35.0956 4032 tcpipreg - ok
20:26:35.0956 4032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:26:35.0956 4032 TDPIPE - ok
20:26:35.0956 4032 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:26:35.0956 4032 TDTCP - ok
20:26:35.0956 4032 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:26:35.0956 4032 tdx - ok
20:26:35.0966 4032 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:26:35.0966 4032 TermDD - ok
20:26:35.0986 4032 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:26:35.0986 4032 TermService - ok
20:26:35.0986 4032 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:26:35.0986 4032 Themes - ok
20:26:35.0986 4032 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:26:35.0996 4032 THREADORDER - ok
20:26:35.0996 4032 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:26:35.0996 4032 TrkWks - ok
20:26:36.0006 4032 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:26:36.0006 4032 TrustedInstaller - ok
20:26:36.0006 4032 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:26:36.0006 4032 tssecsrv - ok
20:26:36.0006 4032 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:26:36.0006 4032 TsUsbFlt - ok
20:26:36.0016 4032 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:26:36.0016 4032 TsUsbGD - ok
20:26:36.0016 4032 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:26:36.0016 4032 tunnel - ok
20:26:36.0016 4032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:26:36.0016 4032 uagp35 - ok
20:26:36.0026 4032 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:26:36.0036 4032 udfs - ok
20:26:36.0036 4032 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:26:36.0036 4032 UI0Detect - ok
20:26:36.0036 4032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:26:36.0036 4032 uliagpkx - ok
20:26:36.0046 4032 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:26:36.0046 4032 umbus - ok
20:26:36.0046 4032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:26:36.0046 4032 UmPass - ok
20:26:36.0056 4032 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:26:36.0056 4032 UmRdpService - ok
20:26:36.0066 4032 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:26:36.0066 4032 upnphost - ok
20:26:36.0066 4032 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
20:26:36.0066 4032 usbccgp - ok
20:26:36.0076 4032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:26:36.0076 4032 usbcir - ok
20:26:36.0076 4032 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:26:36.0076 4032 usbehci - ok
20:26:36.0086 4032 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:26:36.0086 4032 usbhub - ok
20:26:36.0086 4032 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:26:36.0086 4032 usbohci - ok
20:26:36.0096 4032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:26:36.0096 4032 usbprint - ok
20:26:36.0096 4032 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:26:36.0096 4032 USBSTOR - ok
20:26:36.0096 4032 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:26:36.0096 4032 usbuhci - ok
20:26:36.0106 4032 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:26:36.0106 4032 UxSms - ok
20:26:36.0106 4032 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:26:36.0106 4032 VaultSvc - ok
20:26:36.0106 4032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:26:36.0106 4032 vdrvroot - ok
20:26:36.0126 4032 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:26:36.0126 4032 vds - ok
20:26:36.0126 4032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:26:36.0126 4032 vga - ok
20:26:36.0126 4032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:26:36.0126 4032 VgaSave - ok
20:26:36.0136 4032 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:26:36.0136 4032 vhdmp - ok
20:26:36.0136 4032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:26:36.0136 4032 viaide - ok
20:26:36.0146 4032 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:26:36.0146 4032 vmbus - ok
20:26:36.0146 4032 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:26:36.0146 4032 VMBusHID - ok
20:26:36.0156 4032 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:26:36.0156 4032 volmgr - ok
20:26:36.0166 4032 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:26:36.0166 4032 volmgrx - ok
20:26:36.0176 4032 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
20:26:36.0176 4032 volsnap - ok
20:26:36.0176 4032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:26:36.0176 4032 vsmraid - ok
20:26:36.0216 4032 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:26:36.0226 4032 VSS - ok
20:26:36.0246 4032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:26:36.0246 4032 vwifibus - ok
20:26:36.0256 4032 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:26:36.0256 4032 W32Time - ok
20:26:36.0256 4032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:26:36.0256 4032 WacomPen - ok
20:26:36.0266 4032 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:36.0266 4032 WANARP - ok
20:26:36.0266 4032 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:36.0266 4032 Wanarpv6 - ok
20:26:36.0296 4032 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:26:36.0296 4032 WatAdminSvc - ok
20:26:36.0336 4032 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:26:36.0336 4032 wbengine - ok
20:26:36.0356 4032 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:26:36.0356 4032 WbioSrvc - ok
20:26:36.0366 4032 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:26:36.0376 4032 wcncsvc - ok
20:26:36.0376 4032 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:26:36.0376 4032 WcsPlugInService - ok
20:26:36.0376 4032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:26:36.0376 4032 Wd - ok
20:26:36.0396 4032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:26:36.0396 4032 Wdf01000 - ok
20:26:36.0406 4032 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:26:36.0406 4032 WdiServiceHost - ok
20:26:36.0406 4032 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:26:36.0406 4032 WdiSystemHost - ok
20:26:36.0416 4032 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:26:36.0416 4032 WebClient - ok
20:26:36.0426 4032 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:26:36.0426 4032 Wecsvc - ok
20:26:36.0426 4032 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:26:36.0426 4032 wercplsupport - ok
20:26:36.0436 4032 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:26:36.0436 4032 WerSvc - ok
20:26:36.0436 4032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:26:36.0436 4032 WfpLwf - ok
20:26:36.0436 4032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:26:36.0436 4032 WIMMount - ok
20:26:36.0446 4032 WinDefend - ok
20:26:36.0446 4032 WinHttpAutoProxySvc - ok
20:26:36.0456 4032 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:26:36.0456 4032 Winmgmt - ok
20:26:36.0456 4032 WinRing0_1_2_0 - ok
20:26:36.0506 4032 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:26:36.0516 4032 WinRM - ok
20:26:36.0556 4032 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:26:36.0556 4032 Wlansvc - ok
20:26:36.0616 4032 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:26:36.0626 4032 wlidsvc - ok
20:26:36.0646 4032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:26:36.0646 4032 WmiAcpi - ok
20:26:36.0646 4032 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:26:36.0646 4032 wmiApSrv - ok
20:26:36.0656 4032 WMPNetworkSvc - ok
20:26:36.0656 4032 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:26:36.0656 4032 WPCSvc - ok
20:26:36.0656 4032 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:26:36.0666 4032 WPDBusEnum - ok
20:26:36.0666 4032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:26:36.0666 4032 ws2ifsl - ok
20:26:36.0666 4032 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:26:36.0666 4032 wscsvc - ok
20:26:36.0666 4032 WSearch - ok
20:26:36.0726 4032 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:26:36.0736 4032 wuauserv - ok
20:26:36.0756 4032 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:26:36.0756 4032 WudfPf - ok
20:26:36.0766 4032 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:26:36.0766 4032 WUDFRd - ok
20:26:36.0766 4032 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:26:36.0766 4032 wudfsvc - ok
20:26:36.0776 4032 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:26:36.0776 4032 WwanSvc - ok
20:26:36.0786 4032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:26:36.0806 4032 \Device\Harddisk0\DR0 - ok
20:26:36.0836 4032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:26:36.0906 4032 \Device\Harddisk1\DR1 - ok
20:26:36.0906 4032 Boot (0x1200) (f43806b6b936b6e5d1196842d6fbd8c7) \Device\Harddisk0\DR0\Partition0
20:26:36.0906 4032 \Device\Harddisk0\DR0\Partition0 - ok
20:26:36.0916 4032 Boot (0x1200) (f82898fd0a80f1c7ef576e2614fa2917) \Device\Harddisk0\DR0\Partition1
20:26:36.0916 4032 \Device\Harddisk0\DR0\Partition1 - ok
20:26:36.0916 4032 Boot (0x1200) (ab02f1d66ca0092506182a7c26d6eb0c) \Device\Harddisk1\DR1\Partition0
20:26:36.0916 4032 \Device\Harddisk1\DR1\Partition0 - ok
20:26:36.0916 4032 ============================================================
20:26:36.0916 4032 Scan finished
20:26:36.0916 4032 ============================================================
20:26:36.0926 5936 Detected object count: 0
20:26:36.0926 5936 Actual detected object count: 0
20:27:02.0596 4108 Deinitialize success




Here is the ListParts log you also requested:

ListParts by Farbar Version: 12-03-2012 03
Ran by Genya (administrator) on 12-05-2012 at 20:27:35
Windows 7 (X64)
Running From: C:\Users\Genya\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 8098.07 MB
Available physical RAM: 6165.97 MB
Total Pagefile: 16194.32 MB
Available Pagefile: 14090.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:476.83 GB) (Free:134.52 GB) NTFS
2 Drive d: () (Fixed) (Total:1863.01 GB) (Free:1841.36 GB) NTFS
3 Drive e: (T2GdeveloperS1PB) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 476 GB 8 MB
Disk 1 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 476 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 476 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 1863 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {f117f94a-b7c0-11e0-ad29-e4147778a68b}
resumeobject {f117f949-b7c0-11e0-ad29-e4147778a68b}
displayorder {f117f94a-b7c0-11e0-ad29-e4147778a68b}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {f117f94a-b7c0-11e0-ad29-e4147778a68b}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {f117f94b-b7c0-11e0-ad29-e4147778a68b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f117f949-b7c0-11e0-ad29-e4147778a68b}
nx OptIn

Windows Boot Loader
-------------------
identifier {f117f94b-b7c0-11e0-ad29-e4147778a68b}
device ramdisk=[C:]\Recovery\f117f94b-b7c0-11e0-ad29-e4147778a68b\Winre.wim,{f117f94c-b7c0-11e0-ad29-e4147778a68b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\f117f94b-b7c0-11e0-ad29-e4147778a68b\Winre.wim,{f117f94c-b7c0-11e0-ad29-e4147778a68b}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {f117f949-b7c0-11e0-ad29-e4147778a68b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {f117f94c-b7c0-11e0-ad29-e4147778a68b}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\f117f94b-b7c0-11e0-ad29-e4147778a68b\boot.sdi


****** End Of Log ******

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 02:31 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 02:42 PM

Hey Cat thank you for the fast reply,

Here is the Combolog:


ComboFix 12-05-12.01 - Genya 12/05/2012 20:33:48.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8098.6312 [GMT 1:00]
Running from: c:\users\Genya\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mkodaaa.tmp
c:\programdata\ykdjbaa.tmp
c:\programdata\ymsraaa.tmp
c:\programdata\zkdjbaa.tmp
c:\programdata\zmsraaa.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 19:36 . 2012-05-12 19:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-11 00:38 . 2012-05-11 00:38 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\programdata\media center programs
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\program files (x86)\Funcom
2012-05-09 10:24 . 2012-05-09 10:24 -------- d-----w- c:\users\Genya\AppData\Roaming\Firefly Studios
2012-05-09 10:20 . 2012-04-18 02:03 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A13AA59-F292-4982-A556-F780494C6E05}\mpengine.dll
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-09 10:18 . 2012-05-09 10:18 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Java
2012-05-09 10:17 . 2012-05-09 10:17 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-09 10:07 . 2012-05-09 10:07 -------- d-----w- c:\program files (x86)\Firefly Studios
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\users\Genya\AppData\Roaming\runic games
2012-05-05 11:33 . 2012-05-05 11:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 10:45 . 2011-09-22 16:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
2012-04-29 10:45 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-20 09:13 . 2012-04-20 09:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:44 . 2012-04-20 09:13 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 07:43 . 2012-04-20 07:43 -------- d-----w- c:\programdata\Battle.net
2012-04-20 07:19 . 2012-05-04 23:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:40 . 2012-05-04 23:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:22 . 2012-04-16 09:22 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 10:18 . 2011-07-29 08:13 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 23:19 . 2011-07-28 12:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-19 22:44 . 2012-03-19 22:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 22:44 . 2012-03-19 22:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 22:44 . 2012-03-19 22:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 22:44 . 2012-03-19 22:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 22:44 . 2012-03-19 22:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 22:44 . 2012-03-19 22:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-19 22:42 . 2012-03-19 22:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 22:32 . 2012-03-19 22:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 22:31 . 2012-03-19 22:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 22:31 . 2012-03-19 22:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-19 22:31 . 2012-03-19 22:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-19 22:31 . 2012-03-19 22:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 22:26 . 2012-03-19 22:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 22:25 . 2012-03-19 22:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 22:22 . 2012-03-19 22:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 22:11 . 2012-03-19 22:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 21:31 . 2012-03-19 21:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 21:21 . 2012-03-19 21:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 21:18 . 2012-03-19 21:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 21:18 . 2012-03-19 21:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 21:18 . 2012-03-19 21:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 21:18 . 2012-03-19 21:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-19 21:18 . 2012-03-19 21:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-19 21:18 . 2012-03-19 21:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-19 21:17 . 2012-03-19 21:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-19 21:17 . 2011-07-26 12:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-19 21:17 . 2011-07-26 12:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-19 21:17 . 2012-03-19 21:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-19 21:17 . 2012-03-19 21:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-19 21:17 . 2012-03-19 21:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-19 21:16 . 2012-03-19 21:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-19 21:16 . 2012-03-19 21:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-19 21:16 . 2012-03-19 21:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-19 21:12 . 2012-03-19 21:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-19 21:11 . 2012-03-19 21:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-19 21:09 . 2012-03-19 21:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-19 21:09 . 2012-03-19 21:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-19 21:09 . 2012-03-19 21:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-19 21:09 . 2012-03-19 21:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-19 21:09 . 2012-03-19 21:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-19 21:09 . 2012-03-19 21:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 01:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 01:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 01:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 01:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 01:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 01:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-01 00:02 . 2012-03-13 16:45 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-03-13 16:45 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-03-13 16:45 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-03-13 16:45 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-13 16:45 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-13 16:45 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-03-13 16:45 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-03-13 16:45 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-13 16:45 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2010-11-21 . 232DA8CA74D73220FA723C2F20258C8F . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-25 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-24 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\Desktop\2NVIDIA\REALTEMP\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:19]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003Core.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003UA.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,57,86,3e,c5,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
.
[HKEY_USERS\S-1-5-21-3433945081-1426626829-1563182973-1003\Software\SecuROM\License information*]
"datasecu"=hex:0b,ee,8f,3b,81,5b,c3,f0,56,8d,70,e0,c4,62,ba,ab,87,6c,e6,b3,4d,
14,3b,3a,17,80,a6,64,a9,4f,dd,17,ec,96,51,10,78,d4,17,74,84,2d,a7,80,d7,52,\
"rkeysecu"=hex:b7,b6,25,85,91,58,ef,5a,b9,2b,d9,ae,c1,44,36,dd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2012-05-12 20:39:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 19:39
ComboFix2.txt 2012-05-09 10:00
.
Pre-Run: 144,299,585,536 bytes free
Post-Run: 144,225,345,536 bytes free
.
- - End Of File - - A03859A993E0A976498C9ACEABBEB35F

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 02:57 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\ERDNT\cache86\user32.dll | c:\windows\SysWOW64\user32.dll

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 04:06 PM

Here is the Combofix log:


ComboFix 12-05-12.01 - Genya 12/05/2012 21:01:39.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8098.6289 [GMT 1:00]
Running from: c:\users\Genya\Desktop\ComboFix.exe
Command switches used :: c:\users\Genya\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache86\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 20:04 . 2012-05-12 20:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-12 20:04 . 2012-05-12 20:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-12 20:04 . 2012-05-12 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 20:04 . 2012-05-12 20:04 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-05-11 00:38 . 2012-05-11 00:38 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\programdata\media center programs
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\program files (x86)\Funcom
2012-05-09 10:24 . 2012-05-09 10:24 -------- d-----w- c:\users\Genya\AppData\Roaming\Firefly Studios
2012-05-09 10:20 . 2012-04-18 02:03 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A13AA59-F292-4982-A556-F780494C6E05}\mpengine.dll
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-09 10:18 . 2012-05-09 10:18 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Java
2012-05-09 10:17 . 2012-05-09 10:17 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-09 10:07 . 2012-05-09 10:07 -------- d-----w- c:\program files (x86)\Firefly Studios
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\users\Genya\AppData\Roaming\runic games
2012-05-05 11:33 . 2012-05-05 11:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 10:45 . 2011-09-22 16:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
2012-04-29 10:45 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-20 09:13 . 2012-04-20 09:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:44 . 2012-04-20 09:13 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 07:43 . 2012-04-20 07:43 -------- d-----w- c:\programdata\Battle.net
2012-04-20 07:19 . 2012-05-04 23:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:40 . 2012-05-04 23:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:22 . 2012-04-16 09:22 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 10:18 . 2011-07-29 08:13 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 23:19 . 2011-07-28 12:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-19 22:44 . 2012-03-19 22:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 22:44 . 2012-03-19 22:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 22:44 . 2012-03-19 22:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 22:44 . 2012-03-19 22:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 22:44 . 2012-03-19 22:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 22:44 . 2012-03-19 22:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-19 22:42 . 2012-03-19 22:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 22:32 . 2012-03-19 22:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 22:31 . 2012-03-19 22:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 22:31 . 2012-03-19 22:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-19 22:31 . 2012-03-19 22:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-19 22:31 . 2012-03-19 22:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 22:26 . 2012-03-19 22:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 22:25 . 2012-03-19 22:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 22:22 . 2012-03-19 22:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 22:11 . 2012-03-19 22:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 21:31 . 2012-03-19 21:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 21:21 . 2012-03-19 21:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 21:18 . 2012-03-19 21:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 21:18 . 2012-03-19 21:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 21:18 . 2012-03-19 21:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 21:18 . 2012-03-19 21:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-19 21:18 . 2012-03-19 21:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-19 21:18 . 2012-03-19 21:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-19 21:17 . 2012-03-19 21:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-19 21:17 . 2011-07-26 12:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-19 21:17 . 2011-07-26 12:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-19 21:17 . 2012-03-19 21:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-19 21:17 . 2012-03-19 21:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-19 21:17 . 2012-03-19 21:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-19 21:16 . 2012-03-19 21:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-19 21:16 . 2012-03-19 21:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-19 21:16 . 2012-03-19 21:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-19 21:12 . 2012-03-19 21:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-19 21:11 . 2012-03-19 21:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-19 21:09 . 2012-03-19 21:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-19 21:09 . 2012-03-19 21:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-19 21:09 . 2012-03-19 21:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-19 21:09 . 2012-03-19 21:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-19 21:09 . 2012-03-19 21:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-19 21:09 . 2012-03-19 21:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 01:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 01:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 01:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 01:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 01:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 01:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-01 00:02 . 2012-03-13 16:45 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-03-13 16:45 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-03-13 16:45 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-03-13 16:45 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-13 16:45 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-13 16:45 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-03-13 16:45 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-03-13 16:45 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-13 16:45 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2010-11-21 . 232DA8CA74D73220FA723C2F20258C8F . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-12_19.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-05-12 19:39 38890 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-12 19:11 29384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-12 19:39 29384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-28 12:00 . 2012-05-12 19:39 4034 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3433945081-1426626829-1563182973-1003_UserData.bin
+ 2012-05-12 20:05 . 2012-05-12 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-12 19:38 . 2012-05-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-12 20:05 . 2012-05-12 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:46 . 2012-05-12 19:45 108816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-05-12 19:37 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-12 20:04 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-28 11:50 . 2012-05-12 19:37 61016608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3433945081-1426626829-1563182973-1003-12288.dat
+ 2011-07-28 11:50 . 2012-05-12 20:04 61016608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3433945081-1426626829-1563182973-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-25 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-24 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\Desktop\2NVIDIA\REALTEMP\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:19]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003Core.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003UA.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,57,86,3e,c5,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
.
[HKEY_USERS\S-1-5-21-3433945081-1426626829-1563182973-1003\Software\SecuROM\License information*]
"datasecu"=hex:0b,ee,8f,3b,81,5b,c3,f0,56,8d,70,e0,c4,62,ba,ab,87,6c,e6,b3,4d,
14,3b,3a,17,80,a6,64,a9,4f,dd,17,ec,96,51,10,78,d4,17,74,84,2d,a7,80,d7,52,\
"rkeysecu"=hex:b7,b6,25,85,91,58,ef,5a,b9,2b,d9,ae,c1,44,36,dd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2012-05-12 21:07:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 20:07
ComboFix2.txt 2012-05-12 19:39
ComboFix3.txt 2012-05-09 10:00
.
Pre-Run: 144,266,665,984 bytes free
Post-Run: 144,229,699,584 bytes free
.
- - End Of File - - E0DC6118B0BE5467B2F129CAD067CEA2




And here is the MB log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Genya :: GENYAMAIN [administrator]

12/05/2012 21:12:35
mbam-log-2012-05-12 (21-12-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238561
Time elapsed: 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET detected no threats and was not able to produce a log as a result.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 04:42 PM

how is the computer running now?

are there any outstanding issues?

please run the following:


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 05:03 PM

Hey again,

Problems still persist, the ads are still playing, here is the MBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 22:49:51
-----------------------------
22:49:51.260 OS Version: Windows x64 6.1.7601 Service Pack 1
22:49:51.260 Number of processors: 8 586 0x2A07
22:49:51.260 ComputerName: GENYAMAIN UserName: Genya
22:49:51.610 Initialize success
22:51:16.818 AVAST engine defs: 12051201
22:58:30.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:58:30.987 Disk 0 Vendor: M4-CT512M4SSD2 0001 Size: 488386MB BusType: 11
22:58:30.989 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
22:58:30.991 Disk 1 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 11
22:58:30.995 Disk 0 MBR read successfully
22:58:30.997 Disk 0 MBR scan
22:58:31.002 Disk 0 Windows 7 default MBR code
22:58:31.005 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:58:31.010 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 488275 MB offset 206848
22:58:31.018 Disk 0 scanning C:\Windows\system32\drivers
22:58:32.832 Service scanning
22:58:39.009 Modules scanning
22:58:39.017 Disk 0 trace - called modules:
22:58:39.024 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:58:39.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800758d790]
22:58:39.035 3 CLASSPNP.SYS[fffff88001b9643f] -> nt!IofCallDriver -> [0xfffffa80073520c0]
22:58:39.041 5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800735d060]
22:58:39.420 AVAST engine scan C:\Windows
22:58:40.176 AVAST engine scan C:\Windows\system32
22:59:21.011 AVAST engine scan C:\Windows\system32\drivers
22:59:23.217 AVAST engine scan C:\Users\Genya
22:59:49.272 AVAST engine scan C:\ProgramData
22:59:55.506 Scan finished successfully
23:02:21.960 Disk 0 MBR has been saved successfully to "C:\Users\Genya\Desktop\MBR.dat"
23:02:21.962 The log file has been saved successfully to "C:\Users\Genya\Desktop\aswMBR.txt"




Attached is the Zip you requested.

Attached Files

  • Attached File  MBR.zip   561bytes   1 downloads


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 05:31 PM

Hi

Please do the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 06:38 PM

Took a bit of fiddling with my awkward bios but here is the log:

Scan result of Farbar Recovery Scan Tool Version: 12-05-2012
Ran by SYSTEM at 13-05-2012 00:34:50
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11842152 2011-05-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Genya\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-09-25] (Valve Corporation)
HKU\Genya\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKU\Genya\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll

==================== Services (Whitelisted) ======

3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
3 Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [131912 2012-02-23] (Desura Pty Ltd)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43028328 2011-09-22] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2008-07-10] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [370024 2011-09-22] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [255336 2011-09-22] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [154984 2011-09-22] (Microsoft Corporation)
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [88480 2011-08-06] ()
3 e1qexpress; C:\Windows\System32\DRIVERS\e1q62x64.sys [303280 2010-07-08] (Intel Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14745600 2012-03-19] (Intel Corporation)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120920 2010-08-10] (JMicron Technology Corp.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [46400 2011-08-06] ()
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [303408 2010-11-21] (Marvell Semiconductor, Inc.)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation)
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [33328 2011-10-24] (The OpenVPN Project)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 WinRing0_1_2_0; \??\C:\Users\admin\Desktop\2NVIDIA\REALTEMP\WinRing0x64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-12 14:03 - 2012-05-12 14:03 - 0000561 ____A C:\Users\Genya\Desktop\MBR.zip
2012-05-12 14:02 - 2012-05-12 14:02 - 0002099 ____A C:\Users\Genya\Desktop\aswMBR.txt
2012-05-12 14:02 - 2012-05-12 14:02 - 0000512 ____A C:\Users\Genya\Desktop\MBR.dat
2012-05-12 13:47 - 2012-05-12 13:49 - 4731392 ____A (AVAST Software) C:\Users\Genya\Desktop\aswMBR.exe
2012-05-12 13:46 - 2012-05-12 13:46 - 1512336 ____A C:\Users\Genya\Desktop\rawr3.png
2012-05-12 12:07 - 2012-05-12 12:07 - 0026841 ____A C:\ComboFix.txt
2012-05-12 12:06 - 2012-05-12 12:06 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-12 11:33 - 2012-05-12 12:07 - 0000000 ___AD C:\Qoobox
2012-05-12 11:33 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-12 11:33 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-12 11:33 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-12 11:33 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-12 11:33 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-12 11:33 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-12 11:33 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-12 11:33 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-12 11:32 - 2012-05-12 11:32 - 4490121 ____R (Swearware) C:\Users\Genya\Desktop\ComboFix.exe
2012-05-12 11:27 - 2012-05-12 11:27 - 0801997 ____A C:\Users\Genya\Desktop\ListParts64.exe
2012-05-12 11:27 - 2012-05-12 11:27 - 0007234 ____A C:\Users\Genya\Desktop\Result.txt
2012-05-12 11:25 - 2012-05-12 11:27 - 0252670 ____A C:\TDSSKiller.2.7.34.0_12.05.2012_20.25.42_log.txt
2012-05-12 11:25 - 2012-05-12 11:25 - 0000000 ____D C:\Users\Genya\Desktop\tdsskiller
2012-05-12 11:24 - 2012-05-12 11:24 - 2055783 ____A C:\Users\Genya\Desktop\tdsskiller.zip
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730}
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A}
2012-05-11 22:12 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 22:12 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 22:12 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 22:12 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 22:12 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 22:12 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 22:12 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 22:12 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 11:52 - 2012-05-11 11:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA}
2012-05-11 11:52 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5}
2012-05-11 10:51 - 2012-05-11 10:51 - 0777732 ____A C:\Users\Genya\Desktop\camstiveshunnov11web.pdf
2012-05-10 23:52 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620}
2012-05-10 23:51 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C}
2012-05-10 16:38 - 2012-05-10 16:38 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F}
2012-05-09 06:56 - 2012-05-09 06:56 - 0001207 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\Users\All Users\media center programs
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\ProgramData\media center programs
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\Program Files (x86)\Funcom
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934}
2012-05-09 02:24 - 2012-05-09 02:24 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Firefly Studios
2012-05-09 02:18 - 2012-05-09 02:18 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-09 02:18 - 2012-05-09 02:18 - 0227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-09 02:17 - 2012-05-09 02:17 - 0955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-09 02:17 - 2012-05-09 02:17 - 0268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-09 02:17 - 2012-05-09 02:17 - 0189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-09 02:17 - 2012-05-09 02:17 - 0188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-09 02:07 - 2012-05-09 02:07 - 0001318 ____A C:\Users\Public\Desktop\Stronghold Kingdoms.lnk
2012-05-09 02:07 - 2012-05-09 02:07 - 0000000 ____D C:\Program Files (x86)\Firefly Studios
2012-05-08 16:42 - 2012-05-08 16:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9}
2012-05-08 16:42 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA}
2012-05-08 16:29 - 2012-05-08 16:29 - 1759032 ____A (Fateful Productions) C:\Users\Genya\Downloads\CraftBukkit Installer.exe
2012-05-08 15:24 - 2012-05-08 15:24 - 0000000 ____D C:\Users\Genya\Downloads\BetterDungeonsv0.932_1
2012-05-08 15:22 - 2012-05-08 15:22 - 0000000 ____D C:\Users\Genya\Downloads\ModLoader
2012-05-08 15:21 - 2012-05-08 15:21 - 0278561 ____A C:\Users\Genya\Desktop\Minecraft.exe
2012-05-08 15:20 - 2012-05-08 16:30 - 0000000 ____D C:\Users\Genya\Desktop\mc
2012-05-08 15:18 - 2012-05-08 15:18 - 0799194 ____A C:\Users\Genya\Downloads\BetterDungeonsv0.932_1.zip
2012-05-08 15:15 - 2012-05-08 15:15 - 0103347 ____A C:\Users\Genya\Downloads\ModLoader.zip
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720}
2012-05-07 10:30 - 2012-05-07 10:30 - 0000000 ____D C:\Users\Genya\AppData\Roaming\runic games
2012-05-07 04:41 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA}
2012-05-07 04:40 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6}
2012-05-06 03:53 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262}
2012-05-06 03:52 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1}
2012-05-05 03:52 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B}
2012-05-05 03:51 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F}
2012-05-04 15:51 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C}
2012-05-04 15:50 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F}
2012-05-03 02:40 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF}
2012-05-03 02:39 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61}
2012-05-02 02:38 - 2012-05-02 02:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656}
2012-05-02 02:38 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB}
2012-05-01 14:38 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354}
2012-05-01 14:37 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB}
2012-04-30 07:39 - 2012-04-30 07:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 07:39 - 2012-04-04 06:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-30 02:35 - 2012-04-30 02:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241}
2012-04-30 02:35 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23}
2012-04-29 14:35 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530}
2012-04-29 14:34 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381}
2012-04-29 10:52 - 2012-04-29 10:52 - 0757154 ____A C:\Users\Genya\rawr2.jpg
2012-04-29 10:15 - 2012-04-29 10:15 - 0626603 ____A C:\Users\Genya\untitled (2).png
2012-04-29 02:45 - 2011-09-22 08:18 - 0089960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SQSRVRES.DLL
2012-04-29 02:45 - 2011-09-22 08:18 - 0073064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6}
2012-04-28 14:33 - 2012-04-28 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED}
2012-04-28 14:33 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D}
2012-04-26 23:49 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF}
2012-04-26 23:48 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6}
2012-04-26 11:43 - 2012-04-26 11:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6}
2012-04-26 11:43 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A}
2012-04-24 23:42 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC}
2012-04-24 23:41 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C}
2012-04-24 11:37 - 2012-04-24 11:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405}
2012-04-24 11:37 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8}
2012-04-23 23:37 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB}
2012-04-23 23:36 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154}
2012-04-22 23:35 - 2012-04-22 23:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE}
2012-04-22 23:35 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1}
2012-04-22 11:35 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E}
2012-04-21 23:34 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065}
2012-04-21 23:34 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40}
2012-04-21 11:33 - 2012-04-21 11:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4}
2012-04-21 11:33 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C}
2012-04-20 23:33 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1}
2012-04-20 23:32 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE}
2012-04-20 16:28 - 2012-05-10 12:46 - 0000593 ____A C:\Users\Genya\Desktop\banq.txt
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833}
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\Users\Genya\Documents\Diablo III
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-19 23:44 - 2012-04-20 01:13 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-19 23:44 - 2012-04-19 23:45 - 0001263 ____A C:\Users\Public\Desktop\Diablo III Beta.lnk
2012-04-19 23:43 - 2012-04-19 23:43 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-19 23:43 - 2012-04-19 23:43 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-19 23:39 - 2012-04-19 23:43 - 46267680 ____A (Blizzard Entertainment) C:\Users\Genya\Downloads\Diablo III Beta enGB Setup.exe
2012-04-19 23:31 - 2012-04-19 23:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A}
2012-04-19 23:31 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294}
2012-04-19 23:19 - 2012-05-04 15:19 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-19 22:40 - 2012-05-12 15:19 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-19 22:40 - 2012-05-04 15:19 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-19 11:31 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427}
2012-04-19 11:30 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E}
2012-04-18 11:29 - 2012-04-18 11:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694}
2012-04-18 11:29 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2}
2012-04-17 09:14 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910}
2012-04-17 09:13 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907}
2012-04-16 21:35 - 2012-04-16 22:22 - 0000139 ____A C:\Users\Genya\Desktop\food.txt
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F}
2012-04-15 04:27 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7}
2012-04-15 04:26 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118}
2012-04-14 04:25 - 2012-04-14 04:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502}
2012-04-14 04:25 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2}
2012-04-13 16:25 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F}
2012-04-13 16:24 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A}


============ 3 Months Modified Files and Folders =============

2012-05-12 15:29 - 2011-07-28 04:13 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Skype
2012-05-12 15:28 - 2011-09-09 10:00 - 0000000 ____D C:\Users\Genya\AppData\Local\LogMeIn Hamachi
2012-05-12 15:28 - 2011-07-28 03:31 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-12 15:28 - 2011-07-26 04:22 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-12 15:28 - 2011-07-26 04:22 - 0000000 ____D C:\ProgramData\NVIDIA
2012-05-12 15:28 - 2011-07-26 02:54 - 2073563136 __ASH C:\hiberfil.sys
2012-05-12 15:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-12 15:28 - 2009-07-13 20:51 - 0060276 ____A C:\Windows\setupact.log
2012-05-12 15:24 - 2011-07-26 04:06 - 1331999 ____A C:\Windows\WindowsUpdate.log
2012-05-12 15:19 - 2012-04-19 22:40 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-12 15:16 - 2011-07-28 23:26 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003UA.job
2012-05-12 15:09 - 2009-07-13 21:13 - 0890654 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-12 14:03 - 2012-05-12 14:03 - 0000561 ____A C:\Users\Genya\Desktop\MBR.zip
2012-05-12 14:02 - 2012-05-12 14:02 - 0002099 ____A C:\Users\Genya\Desktop\aswMBR.txt
2012-05-12 14:02 - 2012-05-12 14:02 - 0000512 ____A C:\Users\Genya\Desktop\MBR.dat
2012-05-12 13:49 - 2012-05-12 13:47 - 4731392 ____A (AVAST Software) C:\Users\Genya\Desktop\aswMBR.exe
2012-05-12 13:46 - 2012-05-12 13:46 - 1512336 ____A C:\Users\Genya\Desktop\rawr3.png
2012-05-12 13:46 - 2011-07-28 03:24 - 0000000 ____D C:\users\Genya
2012-05-12 13:15 - 2009-07-13 20:45 - 0021904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-12 13:15 - 2009-07-13 20:45 - 0021904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-12 12:22 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-12 12:07 - 2012-05-12 12:07 - 0026841 ____A C:\ComboFix.txt
2012-05-12 12:07 - 2012-05-12 11:33 - 0000000 ___AD C:\Qoobox
2012-05-12 12:06 - 2012-05-12 12:06 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-12 12:06 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-12 12:06 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-12 12:05 - 2010-11-20 19:47 - 0036822 ____A C:\Windows\PFRO.log
2012-05-12 11:37 - 2012-03-29 16:27 - 0000000 ____D C:\Windows\ERDNT
2012-05-12 11:32 - 2012-05-12 11:32 - 4490121 ____R (Swearware) C:\Users\Genya\Desktop\ComboFix.exe
2012-05-12 11:27 - 2012-05-12 11:27 - 0801997 ____A C:\Users\Genya\Desktop\ListParts64.exe
2012-05-12 11:27 - 2012-05-12 11:27 - 0007234 ____A C:\Users\Genya\Desktop\Result.txt
2012-05-12 11:27 - 2012-05-12 11:25 - 0252670 ____A C:\TDSSKiller.2.7.34.0_12.05.2012_20.25.42_log.txt
2012-05-12 11:25 - 2012-05-12 11:25 - 0000000 ____D C:\Users\Genya\Desktop\tdsskiller
2012-05-12 11:24 - 2012-05-12 11:24 - 2055783 ____A C:\Users\Genya\Desktop\tdsskiller.zip
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730}
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A}
2012-05-12 11:10 - 2011-07-28 04:02 - 0000000 ____D C:\Users\Genya\AppData\Local\Windows Live
2012-05-12 11:10 - 2009-07-13 20:45 - 0276216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 22:52 - 2011-07-28 06:17 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 22:50 - 2011-04-12 00:28 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-11 11:53 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA}
2012-05-11 11:52 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5}
2012-05-11 10:51 - 2012-05-11 10:51 - 0777732 ____A C:\Users\Genya\Desktop\camstiveshunnov11web.pdf
2012-05-11 10:16 - 2011-07-28 23:26 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003Core.job
2012-05-10 23:52 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620}
2012-05-10 23:52 - 2012-05-10 23:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C}
2012-05-10 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-10 16:38 - 2012-05-10 16:38 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-05-10 12:46 - 2012-04-20 16:28 - 0000593 ____A C:\Users\Genya\Desktop\banq.txt
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F}
2012-05-09 06:56 - 2012-05-09 06:56 - 0001207 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\Users\All Users\media center programs
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\ProgramData\media center programs
2012-05-09 06:56 - 2012-05-09 06:56 - 0000000 ____D C:\Program Files (x86)\Funcom
2012-05-09 06:56 - 2012-04-09 14:31 - 0000000 ____D C:\Users\Genya\AppData\Local\Funcom
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934}
2012-05-09 02:24 - 2012-05-09 02:24 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Firefly Studios
2012-05-09 02:20 - 2012-01-10 10:12 - 0000000 ____D C:\Users\All Users\Firefly Studios
2012-05-09 02:20 - 2012-01-10 10:12 - 0000000 ____D C:\ProgramData\Firefly Studios
2012-05-09 02:18 - 2012-05-09 02:18 - 0772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-09 02:18 - 2012-05-09 02:18 - 0227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-09 02:18 - 2012-05-09 02:18 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-09 02:18 - 2011-07-29 00:13 - 0687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 02:17 - 2012-05-09 02:17 - 0955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-09 02:17 - 2012-05-09 02:17 - 0268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-09 02:17 - 2012-05-09 02:17 - 0189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-09 02:17 - 2012-05-09 02:17 - 0188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-09 02:17 - 2011-08-08 16:37 - 0000000 ____D C:\Program Files\Java
2012-05-09 02:14 - 2011-07-28 05:38 - 0555774 ____A C:\Windows\DirectX.log
2012-05-09 02:10 - 2012-03-30 03:01 - 0000000 ____D C:\Windows\System32\appmgmt
2012-05-09 02:07 - 2012-05-09 02:07 - 0001318 ____A C:\Users\Public\Desktop\Stronghold Kingdoms.lnk
2012-05-09 02:07 - 2012-05-09 02:07 - 0000000 ____D C:\Program Files (x86)\Firefly Studios
2012-05-08 16:43 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9}
2012-05-08 16:42 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA}
2012-05-08 16:30 - 2012-05-08 15:20 - 0000000 ____D C:\Users\Genya\Desktop\mc
2012-05-08 16:29 - 2012-05-08 16:29 - 1759032 ____A (Fateful Productions) C:\Users\Genya\Downloads\CraftBukkit Installer.exe
2012-05-08 15:39 - 2011-09-22 13:37 - 0000000 ____D C:\Users\Genya\AppData\Roaming\.minecraft
2012-05-08 15:24 - 2012-05-08 15:24 - 0000000 ____D C:\Users\Genya\Downloads\BetterDungeonsv0.932_1
2012-05-08 15:22 - 2012-05-08 15:22 - 0000000 ____D C:\Users\Genya\Downloads\ModLoader
2012-05-08 15:21 - 2012-05-08 15:21 - 0278561 ____A C:\Users\Genya\Desktop\Minecraft.exe
2012-05-08 15:18 - 2012-05-08 15:18 - 0799194 ____A C:\Users\Genya\Downloads\BetterDungeonsv0.932_1.zip
2012-05-08 15:15 - 2012-05-08 15:15 - 0103347 ____A C:\Users\Genya\Downloads\ModLoader.zip
2012-05-08 08:31 - 2011-07-28 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\Turbine
2012-05-08 08:21 - 2011-07-28 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\ApplicationHistory
2012-05-08 08:18 - 2011-08-07 18:21 - 0472576 __ASH C:\Users\Genya\Thumbs.db
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720}
2012-05-07 10:30 - 2012-05-07 10:30 - 0000000 ____D C:\Users\Genya\AppData\Roaming\runic games
2012-05-07 04:41 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA}
2012-05-07 04:41 - 2012-05-07 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6}
2012-05-06 03:53 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262}
2012-05-06 03:53 - 2012-05-06 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1}
2012-05-05 03:52 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B}
2012-05-05 03:52 - 2012-05-05 03:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F}
2012-05-05 03:33 - 2011-07-28 04:13 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-05 03:33 - 2011-07-28 04:13 - 0000000 ____D C:\Users\All Users\Skype
2012-05-05 03:33 - 2011-07-28 04:13 - 0000000 ____D C:\ProgramData\Skype
2012-05-04 15:51 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C}
2012-05-04 15:51 - 2012-05-04 15:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888}
2012-05-04 15:19 - 2012-04-19 23:19 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 15:19 - 2012-04-19 22:40 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 15:19 - 2011-07-28 04:21 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F}
2012-05-03 02:40 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF}
2012-05-03 02:40 - 2012-05-03 02:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61}
2012-05-02 02:39 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656}
2012-05-02 02:38 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB}
2012-05-01 14:38 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354}
2012-05-01 14:38 - 2012-05-01 14:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB}
2012-04-30 07:39 - 2012-04-30 07:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 02:36 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241}
2012-04-30 02:35 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23}
2012-04-29 14:35 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530}
2012-04-29 14:35 - 2012-04-29 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381}
2012-04-29 10:52 - 2012-04-29 10:52 - 0757154 ____A C:\Users\Genya\rawr2.jpg
2012-04-29 10:15 - 2012-04-29 10:15 - 0626603 ____A C:\Users\Genya\untitled (2).png
2012-04-29 02:52 - 2012-03-13 08:45 - 0000000 ____D C:\Windows\SysWOW64\NV
2012-04-29 02:52 - 2012-03-13 08:45 - 0000000 ____D C:\Windows\System32\NV
2012-04-29 02:45 - 2011-07-28 06:13 - 0808830 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-29 02:44 - 2012-03-02 03:55 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6}
2012-04-29 02:04 - 2011-07-28 04:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-28 14:34 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED}
2012-04-28 14:33 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D}
2012-04-26 23:49 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF}
2012-04-26 23:49 - 2012-04-26 23:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6}
2012-04-26 11:44 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6}
2012-04-26 11:43 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A}
2012-04-25 02:31 - 2011-08-14 23:05 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Train2Game
2012-04-24 23:42 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC}
2012-04-24 23:42 - 2012-04-24 23:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C}
2012-04-24 11:38 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405}
2012-04-24 11:37 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8}
2012-04-23 23:37 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB}
2012-04-23 23:37 - 2012-04-23 23:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154}
2012-04-22 23:36 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE}
2012-04-22 23:35 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1}
2012-04-22 11:35 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E}
2012-04-22 11:35 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065}
2012-04-21 23:34 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40}
2012-04-21 11:34 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4}
2012-04-21 11:33 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C}
2012-04-20 23:33 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1}
2012-04-20 23:33 - 2012-04-20 23:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833}
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\Users\Genya\Documents\Diablo III
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 01:13 - 2012-04-20 01:13 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-20 01:13 - 2012-04-19 23:44 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-19 23:45 - 2012-04-19 23:44 - 0001263 ____A C:\Users\Public\Desktop\Diablo III Beta.lnk
2012-04-19 23:43 - 2012-04-19 23:43 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-19 23:43 - 2012-04-19 23:43 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-19 23:43 - 2012-04-19 23:39 - 46267680 ____A (Blizzard Entertainment) C:\Users\Genya\Downloads\Diablo III Beta enGB Setup.exe
2012-04-19 23:32 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A}
2012-04-19 23:31 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294}
2012-04-19 11:31 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427}
2012-04-19 11:31 - 2012-04-19 11:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E}
2012-04-18 11:30 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694}
2012-04-18 11:29 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2}
2012-04-17 09:14 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910}
2012-04-17 09:14 - 2012-04-17 09:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907}
2012-04-16 22:22 - 2012-04-16 21:35 - 0000139 ____A C:\Users\Genya\Desktop\food.txt
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6}
2012-04-16 15:49 - 2012-03-02 03:55 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-16 15:49 - 2012-03-02 03:55 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4}
2012-04-16 01:22 - 2012-03-02 03:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F}
2012-04-15 04:27 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7}
2012-04-15 04:27 - 2012-04-15 04:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118}
2012-04-14 04:26 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502}
2012-04-14 04:25 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2}
2012-04-14 00:29 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-13 16:25 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F}
2012-04-13 16:25 - 2012-04-13 16:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A}
2012-04-12 16:24 - 2012-04-12 16:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{097946F5-4918-4849-9D83-1CDBB7FAB436}
2012-04-12 16:24 - 2012-04-12 16:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{7173F98A-63F5-47F7-A0DC-C43936CC3CF7}
2012-04-12 04:23 - 2012-04-12 04:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{2EB9D751-E2CE-48E8-AF29-0B2FC387FE98}
2012-04-12 04:23 - 2012-04-12 04:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DCE144-5249-421F-AD55-C0A844765D85}
2012-04-11 16:22 - 2012-04-11 16:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{76CCAD8A-CEFE-44F5-8A02-36F8E403F722}
2012-04-11 16:22 - 2012-04-11 16:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{532BC7DD-52F9-4FBC-AEDB-AAE86B1ADC42}
2012-04-11 10:57 - 2012-04-11 10:57 - 0000000 ____D C:\Users\Genya\Documents\Almost Human
2012-04-11 04:22 - 2012-04-11 04:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{60F2856B-7A87-4AB8-9ECA-E2928B5BE425}
2012-04-11 04:22 - 2012-04-11 04:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{CDBA2195-A11F-4CDE-9D3D-5D5EAE6EADCF}
2012-04-10 16:21 - 2012-04-10 16:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D99B1E32-E702-4940-960C-EB96F87E68A7}
2012-04-10 16:21 - 2012-04-10 16:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D36E9538-33EF-455A-80EF-582336213EFE}
2012-04-10 04:20 - 2012-04-10 04:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A816350-4FCB-40FD-9053-415C3792C4CA}
2012-04-10 04:20 - 2012-04-10 04:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{0520D872-8DD8-4530-81B5-E5678B48F68D}
2012-04-09 23:14 - 2012-04-09 23:14 - 0000000 ____D C:\Users\Genya\AppData\Local\Chromium
2012-04-09 16:20 - 2012-04-09 16:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{EC0CF88F-6D1F-4E19-9E65-AC42DE626B53}
2012-04-09 16:20 - 2012-04-09 16:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{4ACC296F-B631-4F7C-AE01-A4EF104197BB}
2012-04-09 14:31 - 2012-04-09 14:31 - 20855157 ____A (Funcom ) C:\Users\Genya\Downloads\ageofconan-en.exe
2012-04-09 09:30 - 2011-07-28 14:42 - 0000000 ____D C:\Users\Genya\AppData\Local\PMB Files
2012-04-09 08:13 - 2012-04-09 08:13 - 0000000 ____D C:\Users\Public\Games
2012-04-09 08:13 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-09 06:49 - 2012-04-09 06:49 - 0000000 ____D C:\STO
2012-04-09 06:49 - 2011-07-28 14:42 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-09 06:49 - 2011-07-28 14:42 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-09 06:48 - 2012-04-09 06:48 - 2121608 ____A C:\Users\Genya\Downloads\STO_EN_ST.17.20120104b.18.exe
2012-04-09 04:19 - 2012-04-09 04:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{F70297E2-B39C-4C10-A7FC-026F1644A052}
2012-04-09 04:19 - 2012-04-09 04:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{BE01E507-9021-42EC-9735-FBF49AB3509F}
2012-04-08 14:35 - 2012-04-08 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{76C96972-EEEB-45F3-8BB3-9258418E00AE}
2012-04-08 14:35 - 2012-04-08 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23F7B50-C404-45FF-A5E1-E7147C4E5CB4}
2012-04-08 02:34 - 2012-04-08 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{81250AD4-5105-46A9-877A-A69795F545C4}
2012-04-08 02:34 - 2012-04-08 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0865CCA2-B533-4564-B215-0EB225B0FCD1}
2012-04-07 14:26 - 2012-04-07 14:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{F2481FDA-A368-4723-9D98-39C925767461}
2012-04-07 14:26 - 2012-04-07 14:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{3B8A1F92-A9FD-41B3-A65C-8203B1FD5723}
2012-04-07 09:53 - 2012-04-07 09:53 - 0000000 ____D C:\Users\Genya\AppData\Roaming\HackSlashLoot
2012-04-07 02:26 - 2012-04-07 02:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB985B92-E9FB-4475-B457-9EDC8C61B5D1}
2012-04-07 02:25 - 2012-04-07 02:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{36A189F3-9D08-4F4D-A1FD-E498E1C1CC6C}
2012-04-06 17:15 - 2012-04-06 17:15 - 0000000 ____D C:\Windows\en
2012-04-06 17:15 - 2011-07-28 04:03 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-06 11:38 - 2012-04-06 11:38 - 0000000 ____D C:\Users\Genya\AppData\Roaming\com.tametick.CardinalQuest
2012-04-06 11:27 - 2012-04-06 11:27 - 2596325 ____A C:\Users\Genya\Downloads\WanderlustRebirth.zip
2012-04-06 09:12 - 2012-02-18 11:10 - 0000000 ____D C:\Program Files (x86)\Origin
2012-04-06 08:55 - 2012-04-06 08:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{75D99C73-8064-404C-8B6D-A9DEE5B188D0}
2012-04-06 08:55 - 2012-04-06 08:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{304782D6-0167-4ED3-BC6C-872522287FD0}
2012-04-06 03:46 - 2012-04-06 03:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{D860C6A2-A9B5-4C79-AF98-F83FF7316E3F}
2012-04-05 12:01 - 2012-04-05 12:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{B7633B95-A4B7-4149-A49D-411A1C0BB3FF}
2012-04-05 12:01 - 2012-04-05 12:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{81720DD6-7CF1-42E3-8A52-0BC41AFA18EA}
2012-04-05 00:01 - 2012-04-05 00:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{968CFBD1-7093-4C7D-ACF8-2CFF04438682}
2012-04-05 00:01 - 2012-04-05 00:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{8B20FD3D-50CE-440C-BFD6-31A742A63624}
2012-04-04 06:56 - 2012-04-30 07:39 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 05:56 - 2012-04-04 05:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{745EB086-DD2F-4F06-9AEE-7C1ADFADCA15}
2012-04-04 05:56 - 2012-04-04 05:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{6B4B9BC3-8850-4E03-8158-462BA6067932}
2012-04-03 23:55 - 2012-04-03 23:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{F97FAF0C-E833-40D5-9315-94F46E615A4F}
2012-04-03 23:55 - 2012-04-03 23:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{098E3202-A7E6-4562-8190-0629DC4DCCDF}
2012-04-03 12:04 - 2012-04-03 12:04 - 0002314 ____A C:\Users\Public\Desktop\One Unit Whole Blood.lnk
2012-04-03 12:04 - 2012-04-03 12:04 - 0000000 ____D C:\Program Files (x86)\GOG.com
2012-04-03 12:00 - 2012-04-03 12:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{38D6D6C0-2441-4E40-ABA8-095CDE638A70}
2012-04-03 12:00 - 2012-04-03 11:59 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBF7514D-40A5-400C-836D-FAA940900082}
2012-04-03 00:00 - 2012-04-03 00:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{6D6743CE-78D2-4046-97DF-6651EAB8A6FD}
2012-04-03 00:00 - 2012-04-02 23:59 - 0000000 ____D C:\Users\Genya\AppData\Local\{DBA45979-C815-43EF-90AF-D56C29E91C46}
2012-04-02 12:44 - 2012-04-02 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{A930C5D8-D475-46C9-AC0B-CD3037FCCE22}
2012-04-02 12:43 - 2012-04-02 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{3F12EC11-8EA2-47AE-8A74-343ED08FCE93}
2012-04-02 00:43 - 2012-04-02 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{B4311B52-08C3-4260-B8BA-855B153FD365}
2012-04-02 00:43 - 2012-04-02 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{793F3E73-D00B-480C-BBAB-663D9389FA51}
2012-04-01 13:21 - 2012-04-01 13:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{56E12F23-C266-41B4-A1A8-A109BB6E0AEF}
2012-04-01 13:21 - 2012-04-01 13:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{242BE82B-AFDA-4792-B37B-C077006C4170}
2012-04-01 01:21 - 2012-04-01 01:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{329F9982-07A0-495B-9554-0BD0F6144389}
2012-04-01 01:21 - 2012-04-01 01:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{117EC77A-9A71-4959-9B39-E2B78E08D061}
2012-03-31 13:50 - 2012-03-31 13:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{4809F94E-2DB0-432D-918E-FF10DE27379B}
2012-03-31 13:49 - 2012-03-31 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{110A0B0C-31CA-4EC2-A610-3DF3E5A00414}
2012-03-31 01:50 - 2012-03-31 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{B3FE016E-53C7-4CE8-96F6-E8C37F2C7B22}
2012-03-30 22:05 - 2012-05-11 22:12 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 22:12 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 22:12 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 22:12 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 14:45 - 2011-07-28 06:14 - 0000000 ____D C:\Users\Genya\Documents\My Games
2012-03-30 14:44 - 2012-03-30 14:44 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-30 14:44 - 2012-03-30 14:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-30 14:44 - 2012-03-30 14:44 - 0000000 ____D C:\Program Files (x86)\Grinding Gear Games
2012-03-30 11:17 - 2012-03-30 11:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{D509CAF2-8282-438C-8E9F-5B456A133670}
2012-03-30 03:35 - 2012-05-11 22:12 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 03:11 - 2012-03-13 08:46 - 0000000 ____D C:\users\UpdatusUser
2012-03-30 03:11 - 2011-07-29 00:24 - 0001945 ____A C:\Windows\epplauncher.mif
2012-03-30 03:10 - 2012-03-30 03:10 - 494420435 ____A C:\Windows\MEMORY.DMP
2012-03-30 03:10 - 2012-03-30 03:10 - 0262144 ____A C:\Windows\Minidump\033012-10576-01.dmp
2012-03-30 03:10 - 2012-03-30 03:10 - 0000000 ____D C:\Windows\Minidump
2012-03-29 23:16 - 2012-03-29 23:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{18606420-0B60-46C5-9F8D-BB5FA74E3ABB}
2012-03-29 14:56 - 2012-03-29 14:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{FA4DC6D7-F8C4-409F-B795-E35AC01D17E8}
2012-03-22 08:46 - 2012-03-22 08:46 - 0224304 ____A C:\Users\Genya\Downloads\photo.JPG
2012-03-22 03:50 - 2012-03-22 03:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{13244952-091F-46B9-8CEF-E964EEEE2454}
2012-03-22 03:49 - 2012-03-22 03:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{AEA625C7-E488-4840-9893-8F4135DD48D0}
2012-03-22 03:17 - 2012-03-22 03:17 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-03-22 02:54 - 2012-03-22 02:54 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Genya\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-22 02:54 - 2012-03-22 02:54 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Malwarebytes
2012-03-22 02:54 - 2012-03-22 02:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-22 02:54 - 2012-03-22 02:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-22 02:35 - 2012-03-22 02:16 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-22 02:35 - 2012-03-22 02:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-22 02:35 - 2012-03-22 02:16 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 15:49 - 2012-03-21 15:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{60B9E13A-F70D-417E-BCCA-63B1D02A439B}
2012-03-21 15:49 - 2012-03-21 03:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFA25176-24FF-43E0-A523-2206421CEC6B}
2012-03-21 12:37 - 2012-03-13 08:36 - 0000000 ____D C:\Program Files (x86)\Diablo II
2012-03-21 04:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-21 03:48 - 2012-03-21 03:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{C09CA107-615D-4135-9545-776ACFB4637C}
2012-03-21 03:46 - 2012-03-16 08:00 - 0000000 ____D C:\Users\Genya\Documents\Stronghold Crusader
2012-03-21 03:46 - 2012-03-13 07:35 - 0000000 ____D C:\Users\Genya\D2-1.12A-enGB
2012-03-21 03:46 - 2012-03-13 07:34 - 0000000 ____D C:\Users\Genya\D2LOD-1.12A-enGB
2012-03-21 03:46 - 2012-03-05 11:58 - 0000000 ____D C:\Users\Genya\AppData\Roaming\OverPlay.net, LP
2012-03-21 03:46 - 2012-03-05 11:57 - 0000000 ____D C:\Program Files (x86)\Tap0901
2012-03-21 03:46 - 2012-03-02 03:56 - 0000000 ____D C:\Windows\SysWOW64\1033
2012-03-21 03:46 - 2012-03-02 03:56 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-03-21 03:46 - 2012-02-29 22:55 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-03-21 03:46 - 2012-02-23 16:42 - 0000000 ____D C:\Program Files (x86)\Desura
2012-03-21 03:46 - 2012-02-18 06:30 - 0000000 ____D C:\Users\All Users\Origin
2012-03-21 03:46 - 2012-02-18 06:30 - 0000000 ____D C:\ProgramData\Origin
2012-03-21 03:46 - 2012-02-02 08:59 - 0000000 ____D C:\Users\Genya\AppData\Roaming\RIFT
2012-03-21 03:46 - 2012-02-02 08:59 - 0000000 ____D C:\Program Files (x86)\RIFT Game
2012-03-21 03:46 - 2012-01-14 11:19 - 0000000 ____D C:\Program Files\DivX
2012-03-21 03:46 - 2012-01-14 11:17 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-21 03:46 - 2012-01-14 11:16 - 0000000 ____D C:\Users\All Users\DivX
2012-03-21 03:46 - 2012-01-14 11:16 - 0000000 ____D C:\ProgramData\DivX
2012-03-21 03:46 - 2012-01-13 16:06 - 0000000 ____D C:\Users\Genya\MC
2012-03-21 03:46 - 2011-12-20 00:52 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-03-21 03:46 - 2011-11-25 08:01 - 0000000 ____D C:\Users\Genya\AppData\Local\SWTOR
2012-03-21 03:46 - 2011-11-24 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\Downloaded Installations
2012-03-21 03:46 - 2011-11-04 06:51 - 0000000 ____D C:\Users\Genya\Documents\Stronghold
2012-03-21 03:46 - 2011-11-04 06:50 - 0000000 ____D C:\Program Files (x86)\GameSpy Arcade
2012-03-21 03:46 - 2011-10-14 11:57 - 0000000 ____D C:\Users\Genya\AppData\Local\4A Games
2012-03-21 03:46 - 2011-09-15 07:41 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-03-21 03:46 - 2011-09-09 07:09 - 0000000 ____D C:\Users\Genya\AppData\Local\THQ
2012-03-21 03:46 - 2011-09-06 13:19 - 0000000 ____D C:\Users\Genya\OB
2012-03-21 03:46 - 2011-09-06 07:16 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-03-21 03:46 - 2011-08-31 13:04 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Ventrilo
2012-03-21 03:46 - 2011-08-31 13:03 - 0000000 ____D C:\Program Files\Ventrilo
2012-03-21 03:46 - 2011-08-20 00:44 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-03-21 03:46 - 2011-08-10 19:33 - 0000000 ____D C:\Program Files\WinRAR
2012-03-21 03:46 - 2011-08-06 15:44 - 0000000 ____D C:\Users\Genya\AppData\Local\HandBrake
2012-03-21 03:46 - 2011-08-06 15:21 - 0000000 ____D C:\Users\Genya\VirtualDub-1.9.11-AMD64
2012-03-21 03:46 - 2011-08-06 15:20 - 0000000 ____D C:\Program Files (x86)\Handbrake
2012-03-21 03:46 - 2011-07-29 06:09 - 0000000 ____D C:\Fraps
2012-03-21 03:46 - 2011-07-29 03:42 - 0000000 ____D C:\Users\Genya\Documents\Witcher 2
2012-03-21 03:46 - 2011-07-28 23:35 - 0000000 ____D C:\Users\Genya\Documents\The Lord of the Rings Online
2012-03-21 03:46 - 2011-07-28 23:30 - 0000000 ____D C:\Windows\SysWOW64\URTTEMP
2012-03-21 03:46 - 2011-07-28 23:26 - 0000000 ____D C:\Users\Genya\AppData\Local\Apps\2.0
2012-03-21 03:46 - 2011-07-28 11:49 - 0000000 ____D C:\Users\Genya\Unigine Heaven
2012-03-21 03:46 - 2011-07-28 06:42 - 0000000 ____D C:\Users\All Users\eSellerate
2012-03-21 03:46 - 2011-07-28 06:42 - 0000000 ____D C:\ProgramData\eSellerate
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\Users\All Users\Apple
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\ProgramData\Apple Computer
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\ProgramData\Apple
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-21 03:46 - 2011-07-28 06:41 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-21 03:46 - 2011-07-28 04:29 - 0000000 ____D C:\Users\Genya\AppData\Local\Procaster
2012-03-21 03:46 - 2011-07-28 04:29 - 0000000 ____D C:\Program Files (x86)\Livestream Procaster
2012-03-21 03:46 - 2011-07-26 04:28 - 0000000 ____D C:\Users\All Users\Intel
2012-03-21 03:46 - 2011-07-26 04:28 - 0000000 ____D C:\ProgramData\Intel
2012-03-21 03:46 - 2011-07-26 04:24 - 0000000 ____D C:\e9121471a011f91283d5
2012-03-21 03:46 - 2011-07-26 04:22 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-21 03:46 - 2011-07-26 04:21 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-21 03:46 - 2011-07-26 04:19 - 0000000 ____D C:\Windows\RaidTool
2012-03-21 03:46 - 2011-07-26 04:19 - 0000000 ____D C:\Program Files\Intel
2012-03-21 03:46 - 2011-07-26 04:19 - 0000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-03-21 03:46 - 2011-07-26 04:19 - 0000000 ____D C:\Program Files (x86)\Marvell
2012-03-21 03:46 - 2011-07-26 04:16 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-03-21 03:46 - 2011-07-26 04:16 - 0000000 ____D C:\Program Files\Realtek
2012-03-21 03:46 - 2011-07-26 04:16 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-21 03:46 - 2011-07-26 04:16 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-21 03:46 - 2011-07-26 04:14 - 0000000 ____D C:\Windows\AsusInstAll
2012-03-21 03:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-21 03:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-21 03:46 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-21 03:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-21 03:45 - 2011-07-28 04:21 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-21 03:45 - 2011-04-12 00:17 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-21 03:45 - 2011-04-12 00:17 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-21 03:45 - 2011-04-12 00:17 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-21 03:45 - 2011-04-12 00:17 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-21 03:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-21 03:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-03-21 03:45 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-03-21 03:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-03-21 03:44 - 2012-03-13 08:46 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-03-21 03:44 - 2012-02-19 08:33 - 0000000 ____D C:\Users\Public\Documents\Unity Projects
2012-03-21 03:44 - 2011-08-06 15:28 - 0000000 ____D C:\Users\Public\Documents\STALKER-STCS
2012-03-21 03:44 - 2011-08-03 12:08 - 0000000 ____D C:\Users\Public\Documents\stalker-shoc
2012-03-21 03:43 - 2012-03-16 02:43 - 0000000 ____D C:\Users\Genya\AppData\Local\Geckofx
2012-03-21 03:43 - 2012-03-02 03:56 - 0000000 ____D C:\Users\Genya\Documents\New Unity Project
2012-03-21 03:43 - 2012-03-02 03:55 - 0000000 ____D C:\Program Files\Microsoft SDKs
2012-03-21 03:43 - 2012-03-02 03:54 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2012-03-21 03:43 - 2012-02-23 16:42 - 0000000 ____D C:\Users\All Users\Desura
2012-03-21 03:43 - 2012-02-23 16:42 - 0000000 ____D C:\ProgramData\Desura
2012-03-21 03:43 - 2012-02-19 10:27 - 0000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-03-21 03:43 - 2012-02-19 10:27 - 0000000 ____D C:\ProgramData\PACE Anti-Piracy
2012-03-21 03:43 - 2012-02-19 08:33 - 0000000 ____D C:\Program Files (x86)\Unity
2012-03-21 03:43 - 2012-02-18 10:54 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-03-21 03:43 - 2012-02-18 10:54 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-03-21 03:43 - 2012-02-18 08:00 - 0000000 ____D C:\Users\Genya\Documents\BioWare
2012-03-21 03:43 - 2011-12-20 01:41 - 0000000 ____D C:\Users\Genya\AppData\Local\Two Tribes
2012-03-21 03:43 - 2011-11-24 23:31 - 0000000 ____D C:\Users\Genya\Documents\WB Games
2012-03-21 03:43 - 2011-09-08 14:28 - 0000000 ____D C:\Users\Genya\Documents\DeadIsland
2012-03-21 03:43 - 2011-08-31 13:21 - 0000000 ____D C:\Users\Genya\Documents\Eidos
2012-03-21 03:43 - 2011-08-17 13:24 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-03-21 03:43 - 2011-08-14 23:05 - 0000000 ____D C:\Users\Genya\Documents\Train2Game
2012-03-21 03:43 - 2011-08-13 14:02 - 0000000 ____D C:\T3Fun
2012-03-21 03:43 - 2011-07-30 13:09 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Digiarty
2012-03-21 03:43 - 2011-07-29 02:34 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-03-21 03:43 - 2011-07-29 02:34 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-03-21 03:43 - 2011-07-29 02:34 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-21 03:43 - 2011-07-29 02:34 - 0000000 ____D C:\ProgramData\Adobe
2012-03-21 03:43 - 2011-07-28 23:26 - 0000000 ____D C:\Users\Genya\AppData\Local\Google
2012-03-21 03:43 - 2011-07-28 23:14 - 0000000 ____D C:\Program Files (x86)\Turbine
2012-03-21 03:43 - 2011-07-28 04:22 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Adobe
2012-03-21 03:43 - 2011-07-28 03:24 - 0000000 ____D C:\Users\Genya\AppData\LocalLow
2012-03-21 03:43 - 2011-07-26 04:28 - 0000000 ____D C:\Program Files (x86)\Unigine
2012-03-21 03:43 - 2011-07-26 04:17 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-21 03:43 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-21 03:43 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-03-21 03:43 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-03-21 03:43 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-21 03:43 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-03-21 03:43 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-21 03:41 - 2012-03-02 03:55 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-21 03:41 - 2012-03-02 03:55 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-03-21 03:41 - 2012-02-18 06:30 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-03-21 03:41 - 2011-11-24 23:31 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-21 03:41 - 2011-11-22 01:13 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-03-21 03:41 - 2011-08-20 00:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-21 03:41 - 2011-08-16 01:01 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-03-21 03:41 - 2011-08-13 11:40 - 0000000 ____D C:\Program Files (x86)\BlastShark
2012-03-21 03:41 - 2011-08-06 12:45 - 0000000 ____D C:\Program Files (x86)\Deep Silver
2012-03-21 03:41 - 2011-07-29 06:41 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-21 03:41 - 2011-07-29 02:34 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-21 03:41 - 2011-07-28 14:41 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-03-21 03:41 - 2011-07-28 06:13 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-03-21 03:41 - 2011-07-26 04:21 - 0000000 ____D C:\NVIDIA
2012-03-21 03:41 - 2011-07-26 04:14 - 0000000 ____D C:\Program Files (x86)\Intel
2012-03-21 03:41 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-21 03:41 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-21 03:09 - 2012-03-21 03:09 - 0000000 ____D C:\Users\Genya\AppData\Local\{ACD5FC81-91C5-4472-8011-AE9EF05FB5EE}
2012-03-21 03:09 - 2012-03-21 03:09 - 0000000 ____D C:\Users\Genya\AppData\Local\{A441145C-3DA3-47DF-9742-EF52EEDE1DD4}
2012-03-20 15:08 - 2012-03-20 15:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{3163A077-11FE-422F-BBA3-FFC1B1343789}
2012-03-20 15:08 - 2012-03-20 15:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{2642B4E7-E7CD-41DC-9C56-CE029B89ACA3}
2012-03-20 03:08 - 2012-03-20 03:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{4743C8A8-56D8-4529-8FE2-0D683D413F0C}
2012-03-20 03:08 - 2012-03-20 03:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{10E5D914-725F-4C27-AF62-00A70138B01A}
2012-03-19 15:07 - 2012-03-19 15:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{7A2C85B7-F2FC-48A8-B5DC-9BFD56FA4713}
2012-03-19 15:07 - 2012-03-19 15:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{63322CBD-1016-4DC5-8688-35E6ADE763AB}
2012-03-19 14:58 - 2012-03-19 14:58 - 0018660 ____A C:\Windows\System32\iglhxs64.vp
2012-03-19 14:44 - 2012-03-19 14:44 - 5888792 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0509720 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0439064 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0398616 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0276248 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0250136 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
2012-03-19 14:44 - 2012-03-19 14:44 - 0170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-03-19 14:42 - 2012-03-19 14:42 - 0090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2696.dll
2012-03-19 14:32 - 2012-03-19 14:32 - 14745600 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-03-19 14:31 - 2012-03-19 14:31 - 8087040 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-03-19 14:31 - 2012-03-19 14:31 - 0963912 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-03-19 14:31 - 2012-03-19 14:31 - 0963912 ____A C:\Windows\System32\igkrng600.bin
2012-03-19 14:31 - 2012-03-19 14:31 - 0261208 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-03-19 14:31 - 2012-03-19 14:31 - 0261208 ____A C:\Windows\System32\igfcg600m.bin
2012-03-19 14:31 - 2012-03-19 14:31 - 0079360 ____A C:\Windows\System32\igdde64.dll
2012-03-19 14:26 - 2012-03-19 14:26 - 6120960 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-03-19 14:25 - 2012-03-19 14:25 - 0058880 ____A C:\Windows\SysWOW64\igdde32.dll
2012-03-19 14:22 - 2012-03-19 14:22 - 9605632 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-03-19 14:11 - 2012-03-19 14:11 - 7795200 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-03-19 13:31 - 2012-03-19 13:31 - 18137088 ____A C:\Windows\System32\ig4icd64.dll
2012-03-19 13:21 - 2012-03-19 13:21 - 13212672 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-03-19 13:19 - 2012-03-19 13:19 - 0221877 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0144790 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0143564 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0141854 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0140548 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0139901 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0136850 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0125306 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-03-19 13:19 - 2012-03-19 13:19 - 0123778 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-03-19 13:18 - 2012-03-19 13:18 - 0410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-03-19 13:18 - 2012-03-19 13:18 - 0386560 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-03-19 13:18 - 2012-03-19 13:18 - 0208522 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0192378 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0164821 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0162150 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0157713 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0148461 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0147116 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0146125 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0146008 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0144267 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0143112 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0142797 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0142606 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0142079 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0141421 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0141297 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0140949 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0136778 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0136261 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0131674 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-03-19 13:18 - 2012-03-19 13:18 - 0126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-03-19 13:17 - 2012-03-19 13:17 - 0434688 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-03-19 13:17 - 2012-03-19 13:17 - 0172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-03-19 13:17 - 2012-03-19 13:17 - 0028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-03-19 13:17 - 2012-03-19 13:17 - 0009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-03-19 13:17 - 2011-07-26 04:17 - 0110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-03-19 13:17 - 2011-07-26 04:17 - 0063488 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-03-19 13:16 - 2012-03-19 13:16 - 9007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-03-19 13:16 - 2012-03-19 13:16 - 0286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-03-19 13:16 - 2012-03-19 13:16 - 0142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-03-19 13:12 - 2012-03-19 13:12 - 0025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-03-19 13:11 - 2012-03-19 13:11 - 0325120 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 2967040 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 2321408 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0237056 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0213504 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0193024 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0177152 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2012-03-19 13:09 - 2012-03-19 13:09 - 0059425 ____A C:\Windows\System32\iglhxo64.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0059398 ____A C:\Windows\System32\iglhxg64.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0059230 ____A C:\Windows\System32\iglhxc64.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0059104 ____A C:\Windows\System32\iglhxc64_dev.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0058796 ____A C:\Windows\System32\iglhxg64_dev.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0058109 ____A C:\Windows\System32\iglhxo64_dev.vp
2012-03-19 13:09 - 2012-03-19 13:09 - 0000264 ____A C:\Windows\System32\GfxUI.exe.config
2012-03-19 03:06 - 2012-03-19 03:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{ED1D8E3B-8D5D-4BF0-9C60-321E69A7C686}
2012-03-19 03:06 - 2012-03-19 03:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{681937F5-1E28-4A1D-A247-852A79E60F66}
2012-03-19 01:20 - 2011-08-31 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\ElevatedDiagnostics
2012-03-18 15:06 - 2012-03-18 15:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{58632B96-374E-4D72-B43D-FE049715E30C}
2012-03-18 15:06 - 2012-03-18 15:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{304F36E5-B1E7-4CB6-98CF-60201F231EC0}
2012-03-18 03:05 - 2012-03-18 03:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{EA5377F4-F168-4C0C-874F-6B63DB160AA2}
2012-03-18 03:05 - 2012-03-18 03:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{A144D7F9-453B-4D7D-8E7F-1C9DA844897D}
2012-03-17 16:06 - 2012-03-17 16:06 - 6829159 ____A C:\Users\Genya\Downloads\How_to_make_an_Efficient_Village_Completed.docx
2012-03-17 14:33 - 2012-03-17 14:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{77D566DC-0739-4EEE-81EE-B14B6FCE8AC9}
2012-03-17 14:32 - 2012-03-17 14:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{A03DACD5-B221-415F-9C72-7137DA18F0CA}
2012-03-17 02:32 - 2012-03-17 02:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{F330D0E3-A960-4EAD-9239-9D26E1F7F332}
2012-03-17 02:32 - 2012-03-17 02:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{930ABFE6-999F-403D-BBD1-5CF5D9A32508}
2012-03-16 23:58 - 2012-05-11 22:12 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 14:17 - 2012-03-16 14:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{ACF877D0-872C-4E84-9D42-634F4D6AF6BF}
2012-03-16 14:17 - 2012-03-16 14:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{9641F72F-AA10-4A45-8BEB-824B0841EB14}
2012-03-16 02:38 - 2012-03-16 02:38 - 0000000 ____D C:\Users\Genya\Documents\Stronghold Kingdoms
2012-03-16 02:17 - 2012-03-16 02:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{706D2FDC-29D5-4C34-9180-21EF7CF39D90}
2012-03-16 02:17 - 2012-03-16 02:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{A31C6CE2-6DB4-4C0D-B918-8F3FB9F06810}
2012-03-15 18:05 - 2012-03-15 18:05 - 0000000 ____D C:\Users\Genya\Downloads\Milky 3
2012-03-15 18:05 - 2012-03-15 18:04 - 11742673 ____A C:\Users\Genya\Downloads\Milky 3.zip
2012-03-15 14:16 - 2012-03-15 14:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{AB511285-72FF-4DDB-B0F8-9F859376AC79}
2012-03-15 14:16 - 2012-03-15 14:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{24708E28-ADB0-4149-A568-D564D24127C2}
2012-03-15 02:16 - 2012-03-15 02:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{357D51B4-5326-4776-9524-FD13EFED7526}
2012-03-15 02:16 - 2012-03-15 02:15 - 0000000 ____D C:\Users\Genya\AppData\Local\{0F7C5FFE-3361-4687-9C14-66F891A1C5FD}
2012-03-14 14:15 - 2012-03-14 14:15 - 0000000 ____D C:\Users\Genya\AppData\Local\{152F186B-FEEA-4792-A212-25732F29BA89}
2012-03-14 14:15 - 2012-03-14 14:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{626EF7F6-C088-4B4C-B284-134221AEF9AC}
2012-03-14 02:14 - 2012-03-14 02:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{E5EB5CAB-90C3-40A7-9AF6-E7C1C7F44789}
2012-03-14 02:14 - 2012-03-14 02:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{90AF4437-EF6F-46EB-91A6-96D2BFE54DCC}
2012-03-13 16:52 - 2012-03-13 16:52 - 1952411 ____A C:\Users\Genya\Downloads\Not a chance.rar
2012-03-13 16:52 - 2012-03-13 16:52 - 0000000 ____D C:\Users\Genya\Downloads\Not a chance
2012-03-13 14:04 - 2012-03-13 14:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{B4989306-E997-4D08-BEC9-FFF637F2F3AA}
2012-03-13 14:03 - 2012-03-13 14:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{5A7D84D6-EF22-451E-99F2-9DFE2A3A012B}
2012-03-13 08:46 - 2012-03-13 08:46 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-03-13 08:46 - 2012-03-13 08:46 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-03-13 08:37 - 2012-03-13 08:37 - 0001135 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2012-03-13 07:42 - 2012-03-01 02:12 - 59226524 ____A C:\Users\Genya\Downloads\Mysterious+Castle+1.9+Demo+Win.zip
2012-03-13 02:03 - 2012-03-13 02:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{D63E18E9-F946-4417-B27E-4E7AAB590704}
2012-03-13 02:03 - 2012-03-13 02:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{79488088-CF8D-4F8A-AE1D-BF24B1C4ACDD}
2012-03-12 14:02 - 2012-03-12 14:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{B48047FC-76E2-4296-B5BA-E6F799290B9E}
2012-03-12 14:02 - 2012-03-12 14:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{183E2F51-0D31-42BC-A190-7F36EA34CDFB}
2012-03-12 02:02 - 2012-03-12 02:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{34C2D654-8B4E-43C4-8733-9C8A3726A218}
2012-03-12 02:02 - 2012-03-12 02:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{9494B7BD-EB51-426D-B1FD-AAF8824C88B7}
2012-03-11 14:01 - 2012-03-11 14:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{40FD835F-DBC6-4B24-8A3C-1808E5B6C3C7}
2012-03-11 14:01 - 2012-03-11 02:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{2FDC559D-069D-44A0-A4E0-2AD8DAEA0DCA}
2012-03-11 02:00 - 2012-03-11 02:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{950270BD-9E7F-4DEB-AA45-C7BAC6CE65EE}
2012-03-10 13:50 - 2012-03-10 13:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{822D6A75-C475-4040-8BA2-D2FA8B44F5ED}
2012-03-10 13:50 - 2012-03-10 13:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{5CF3E50F-B160-4B95-9BD8-3D69A832D7B2}
2012-03-10 01:49 - 2012-03-10 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{A576FAB4-F174-492D-A350-8039EE3B0212}
2012-03-10 01:49 - 2012-03-10 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{0ACD77B7-7C7E-4008-A127-7A65CFF818B4}
2012-03-09 13:49 - 2012-03-09 13:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F585A08-A329-4F2D-B040-AC53A3FBCDA1}
2012-03-09 13:49 - 2012-03-09 13:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE58BA73-9311-4AB4-8184-A070090F36ED}
2012-03-09 01:48 - 2012-03-09 01:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{ABCF40F3-0C2A-4E8E-B6BB-E937F7C9D74A}
2012-03-09 01:48 - 2012-03-09 01:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{2510CC83-5766-4A54-AFF1-EBCA844BFB33}
2012-03-08 16:57 - 2012-03-08 16:57 - 0049935 ____A C:\Users\Genya\sleeping_with_pets.jpg
2012-03-08 13:46 - 2012-03-08 13:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{D00EDC9A-C061-49D3-B646-BD2A80FA865A}
2012-03-08 13:46 - 2012-03-08 13:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{38D00E04-9FD9-46F6-91E9-25155EE07DE0}
2012-03-08 09:50 - 2012-03-08 09:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 09:37 - 2012-03-08 09:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-08 01:46 - 2012-03-08 01:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{561FC138-1AB5-49E9-BED3-BA482C4EB9CC}
2012-03-08 01:46 - 2012-03-08 01:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{13C48BE3-8537-4DCA-A5B4-AC8507E7F569}
2012-03-07 13:45 - 2012-03-07 13:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2D0663A-FA9E-4A81-BE54-1A14ED08BD6A}
2012-03-07 13:45 - 2012-03-07 13:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{01EB7D35-7CA0-4489-BA94-7339B42EBD0A}
2012-03-07 01:45 - 2012-03-07 01:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{E259BF7D-1B82-4847-9689-FE73B9F94C29}
2012-03-07 01:45 - 2012-03-07 01:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{322CFD47-B0EA-47EE-B0B3-E5E1C593B934}
2012-03-06 12:50 - 2012-03-06 12:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{A925BDA4-523D-40AE-8D83-21852F2502FD}
2012-03-06 12:50 - 2012-03-06 00:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{3539F57B-0BA0-41C9-8B7F-DFD23BE98FAA}
2012-03-06 00:50 - 2012-03-06 00:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E79E9D48-3A4E-49B3-8E4E-3B716D7B7F1F}
2012-03-05 18:16 - 2011-07-28 23:26 - 0000000 ____D C:\Users\Genya\AppData\Local\Deployment
2012-03-05 16:11 - 2012-02-18 10:54 - 0000000 ____D C:\Users\Genya\AppData\Local\Origin
2012-03-05 16:03 - 2012-03-05 16:03 - 1712208 ____A C:\Users\Genya\prettyshepard.png
2012-03-05 12:21 - 2012-03-05 12:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D277B47C-789F-4B16-8E64-2A52826F5700}
2012-03-05 12:21 - 2012-03-05 12:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{C214F34E-4605-4D47-8E73-516A155B8499}
2012-03-05 12:00 - 2012-03-05 12:00 - 0000000 ____D C:\Users\All Users\EA Core
2012-03-05 12:00 - 2012-03-05 12:00 - 0000000 ____D C:\ProgramData\EA Core
2012-03-05 00:21 - 2012-03-05 00:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{4547EE21-23B0-41D1-933A-D983906BD324}
2012-03-05 00:20 - 2012-03-05 00:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{E5C57A74-A71E-40C6-AEEA-057C8BBDB6C7}
2012-03-04 13:33 - 2012-03-04 13:33 - 0119342 ____A C:\Users\Genya\aston martin - my new car =p.jpg
2012-03-04 12:20 - 2012-03-04 12:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{371E7027-980A-422D-BC73-B42233D21DFB}
2012-03-04 12:20 - 2012-03-04 12:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{A505DB31-8EA6-46C1-9960-A5D0218E1164}
2012-03-04 08:17 - 2012-03-04 08:17 - 1161979 ____A C:\Users\Genya\DSC00931.JPG
2012-03-04 08:16 - 2012-03-04 08:16 - 0906743 ____A C:\Users\Genya\DSC00930.JPG
2012-03-04 07:14 - 2012-03-04 07:14 - 0722653 ____A C:\Users\Genya\IMG_20110815_230509.jpg
2012-03-04 06:59 - 2012-03-04 06:58 - 12950597 ____A C:\Users\Genya\VID_20120304_145036.mp4
2012-03-04 06:55 - 2012-03-04 07:00 - 6113792 ____A C:\Users\Genya\P1000148.JPG
2012-03-04 06:55 - 2012-03-04 07:00 - 5871104 ____A C:\Users\Genya\P1000149.JPG
2012-03-04 06:55 - 2012-03-04 07:00 - 5578752 ____A C:\Users\Genya\P1000150.JPG
2012-03-04 00:37 - 2012-02-18 06:30 - 0002080 ____A C:\Windows\KB893803v2.log
2012-03-04 00:19 - 2012-03-04 00:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7B8BC79-0E8B-4771-A832-00703D4B2E05}
2012-03-04 00:19 - 2012-03-04 00:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{2AA54973-CBCD-41F8-B19E-92FEACE1E2EE}
2012-03-03 11:20 - 2012-03-03 11:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{B0926FF1-0C33-4852-9FCD-DB9F009899A3}
2012-03-03 11:20 - 2012-03-03 11:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E73ABDA-C374-4324-8ECC-F11BE9CE1559}
2012-03-03 00:22 - 2012-03-02 23:48 - 0000000 ____D C:\Users\Genya\AppData\Local\Temporary Projects
2012-03-02 23:20 - 2012-03-02 23:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{FB1B3EB2-BB27-400E-8EBA-AB1137028AF1}
2012-03-02 23:20 - 2012-03-02 23:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6FF94D11-9DC1-4BE6-BFFA-8C284AE2A12D}
2012-03-02 22:35 - 2012-05-11 22:12 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-11 22:12 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 17:21 - 2012-03-13 08:46 - 0000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2008
2012-03-02 17:21 - 2012-03-13 08:46 - 0000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2012-03-02 17:21 - 2012-03-02 17:21 - 0000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2012-03-02 17:21 - 2012-03-02 17:21 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-03-02 17:21 - 2012-03-02 17:21 - 0000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2012-03-02 17:21 - 2012-03-02 17:21 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-03-02 12:39 - 2012-03-02 12:39 - 0366515 ____A C:\Users\Genya\20 Minitokyo.Final.Fantasy.X-2.Scans_109611.jpg
2012-03-02 11:10 - 2012-03-02 11:07 - 67043073 ____A C:\Users\Genya\Piktorz.rar
2012-03-02 11:03 - 2012-03-02 11:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{465639F6-53E0-449F-9FC2-8ADE9E2CDBE7}
2012-03-02 11:03 - 2012-03-02 11:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{8F2D78E0-9467-44B2-AFA3-8B83C57FC9A3}
2012-03-02 04:00 - 2012-03-02 03:55 - 0000000 ____D C:\Users\Genya\Documents\Visual Studio 2008
2012-03-02 03:56 - 2012-03-02 03:56 - 0000000 ____D C:\Windows\System32\1033
2012-03-02 03:55 - 2012-03-02 03:55 - 0000000 ____D C:\Users\Genya\AppData\Local\Microsoft Help
2012-03-01 23:02 - 2012-03-01 23:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{B902FE03-AAEA-47B2-A002-7BC079222EF4}
2012-03-01 23:02 - 2012-03-01 23:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5F8622B-6636-4D76-8E20-52045C56AA54}
2012-03-01 11:01 - 2012-03-01 11:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{75622E7F-B51B-41F5-9319-21F7B73C19A9}
2012-03-01 11:01 - 2012-02-29 23:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{C21EB542-CCE5-4405-B962-D51CCF5D8502}
2012-03-01 02:14 - 2012-03-01 02:14 - 0000000 ____D C:\Users\Genya\AppData\Roaming\fltk.org
2012-03-01 02:14 - 2012-03-01 02:14 - 0000000 ____D C:\Users\All Users\fltk.org
2012-03-01 02:14 - 2012-03-01 02:14 - 0000000 ____D C:\ProgramData\fltk.org
2012-02-29 23:01 - 2012-02-29 23:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{CE62EE4C-E485-4667-A651-3BFE7EC75BE0}
2012-02-29 22:46 - 2012-04-11 17:36 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 17:36 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 17:36 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 17:36 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 17:36 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 17:36 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 17:36 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 16:02 - 2012-03-13 08:45 - 0962368 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0812352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0260416 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0215360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 16:02 - 2012-03-13 08:45 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-29 16:02 - 2011-11-02 17:46 - 9717568 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-02-29 16:02 - 2011-11-02 17:46 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-02-29 16:02 - 2011-11-02 17:46 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-02-29 16:02 - 2011-08-29 11:07 - 1737536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-02-29 16:02 - 2011-08-29 11:07 - 1466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-02-29 16:02 - 2011-07-26 04:22 - 2660160 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-02-29 16:02 - 2011-07-26 04:22 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-02-29 16:02 - 2011-07-26 04:22 - 0011770 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 13:00 - 2011-07-26 04:22 - 6074176 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 13:00 - 2011-07-26 04:22 - 3089728 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-02-29 12:59 - 2012-03-13 08:45 - 2515790 ____A C:\Windows\System32\nvcoproc.bin
2012-02-29 12:59 - 2011-07-26 04:22 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:59 - 2011-07-26 04:22 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:59 - 2011-07-26 04:22 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-29 08:45 - 2012-02-29 08:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{2FD251D0-6A71-4F05-8BAB-E1CEB291F346}
2012-02-29 08:45 - 2012-02-28 20:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{A12A8DE3-9FDA-4865-83BC-D3BBEA165CE3}
2012-02-29 05:26 - 2012-02-29 05:26 - 0416064 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-02-28 20:44 - 2012-02-28 20:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{B71E0C7B-C55F-47D2-9323-921CA274CBC5}
2012-02-28 13:54 - 2012-02-28 13:54 - 0038037 ____A C:\Users\Genya\YOUREFATPEGGYWHAT.jpg
2012-02-28 13:52 - 2012-02-28 13:52 - 0055158 ____A C:\Users\Genya\babyjasper.jpg
2012-02-28 13:05 - 2012-02-28 13:05 - 0000000 ____D C:\Users\Genya\Dog Videos
2012-02-28 13:05 - 2012-01-19 12:20 - 0000000 ____D C:\Users\Genya\AppData\Roaming\DivX
2012-02-28 07:08 - 2012-02-28 07:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{EBC1F120-3063-4551-84C9-AD1D73BDFC2F}
2012-02-28 07:08 - 2012-02-27 19:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1327FA7-FF25-4436-99BA-7BA9E6201D8A}
2012-02-27 23:34 - 2012-04-11 17:37 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 17:37 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 17:37 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 17:37 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 17:37 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 17:37 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 17:37 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 17:37 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 17:37 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 17:37 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 17:37 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 17:37 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 17:37 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 19:08 - 2012-02-27 19:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{70693862-A175-48C0-ADD3-C34B15C999A4}
2012-02-27 17:52 - 2012-04-11 17:37 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 17:37 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 17:37 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 17:37 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 17:37 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 17:37 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 17:37 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 17:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 17:37 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 17:37 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 17:37 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 17:37 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 17:37 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 12:07 - 2012-02-27 12:06 - 0552294 ____A C:\Users\Genya\IMG_20120210_175620.jpg
2012-02-27 12:07 - 2012-02-27 12:06 - 0486360 ____A C:\Users\Genya\IMG_20120126_175251.jpg
2012-02-27 12:05 - 2012-02-27 12:04 - 0585931 ____A C:\Users\Genya\IMG_20120224_130356.jpg
2012-02-27 05:22 - 2012-02-27 05:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{A683A595-E8B7-49E7-91F1-86D9364B9679}
2012-02-27 05:22 - 2012-02-27 05:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2A4B092-BD08-4132-B19B-807C4FD024EA}
2012-02-26 17:22 - 2012-02-26 17:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{A404AEBA-1A2F-4C48-A6E3-3FD5F1ED113C}
2012-02-26 17:21 - 2012-02-26 05:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{6644D8B8-A8F9-4A9D-89C9-1BB7506E9B84}
2012-02-26 05:21 - 2012-02-26 05:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{73BDC23B-EDC0-42E2-9C67-C9691D750A51}
2012-02-25 15:21 - 2012-02-25 15:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D97CC564-5FD3-4CB7-A5C2-66369A6DAEFA}
2012-02-25 15:21 - 2012-02-25 15:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{9A4FE8D4-B431-4F45-8D1C-56E97EDDE808}
2012-02-25 03:26 - 2012-02-18 13:31 - 0000000 ____D C:\Users\Genya\AppData\Local\wmiEventIde
2012-02-25 03:21 - 2012-02-25 03:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{0569700C-8A8D-49C0-9DC4-9874DCC20C3C}
2012-02-25 03:21 - 2012-02-25 03:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{98DFC1C5-B72C-43C0-A780-90B06781CC59}
2012-02-24 14:57 - 2012-02-24 08:38 - 0000000 ____D C:\Users\Genya\3079Saves
2012-02-24 13:02 - 2012-02-24 13:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{3887ABEC-A668-4CFF-B0BA-133952BE7A30}
2012-02-24 13:02 - 2012-02-23 01:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{AEA4C3BA-F3BF-49FB-9B21-437CE2F06FB6}
2012-02-24 01:01 - 2012-02-24 01:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{E61315FE-0BF5-4646-87A1-F97943403ADF}
2012-02-23 19:09 - 2012-02-23 19:09 - 0000000 ____D C:\Users\Genya\Documents\Paradox Interactive
2012-02-23 17:52 - 2012-02-23 17:44 - 406718651 ____A (Paradox Interactive ) C:\Users\Genya\Downloads\CrusaderKingsII_Demo_Setup.exe
2012-02-23 16:46 - 2012-02-23 16:46 - 0000000 ____D C:\Users\Genya\AppData\Local\Desura
2012-02-23 13:01 - 2012-02-23 13:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{FA8E05DA-3130-4E16-B2F1-250E0052D31B}
2012-02-23 05:12 - 2012-02-23 05:12 - 0055487 ____A C:\Users\Genya\Downloads\saveedit_rev25.zip
2012-02-23 01:18 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-23 01:00 - 2012-02-23 01:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{D1753A6D-643D-4A84-9987-1E3E0EFFE4FE}
2012-02-22 07:01 - 2012-02-18 08:00 - 0000000 ____D C:\Users\All Users\EA Logs
2012-02-22 07:01 - 2012-02-18 08:00 - 0000000 ____D C:\ProgramData\EA Logs
2012-02-22 04:40 - 2012-02-22 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{B924A113-C576-4E37-A594-8BA34F7E1D74}
2012-02-22 04:40 - 2012-02-22 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3B24BD43-9AE9-49FA-B55F-01A197E4E3BF}
2012-02-21 16:40 - 2012-02-21 16:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{865D0B4A-3126-4FA0-99DC-73551BB8257A}
2012-02-21 16:39 - 2012-02-21 16:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F25254E-5A44-4FF1-8736-BE658870FE69}
2012-02-21 07:00 - 2012-02-21 07:00 - 0000000 ____D C:\Users\Genya\AppData\Roaming\RotMG.Production
2012-02-21 04:39 - 2012-02-21 04:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{62ACA383-2B13-4825-986A-D6949E761275}
2012-02-21 04:39 - 2012-02-21 04:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{0661C1F7-0694-4C69-810E-36E4DF653154}
2012-02-20 23:38 - 2011-09-30 10:18 - 0000000 ____D C:\Users\Genya\AppData\Local\Unity
2012-02-20 16:38 - 2012-02-20 16:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{9EAB2DA2-C47F-4558-B088-D34C6720786A}
2012-02-20 16:38 - 2012-02-19 04:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C178028-8FCA-4CE3-8350-6B4670CD04D0}
2012-02-20 06:16 - 2012-02-20 06:13 - 0001797 ____A C:\Users\Genya\Documents\Mass Effect 2 - DLC_EXP_Part01.log
2012-02-20 06:10 - 2012-02-20 06:09 - 0001797 ____A C:\Users\Genya\Documents\Mass Effect 2 - DLC_EXP_Part02.log
2012-02-20 04:38 - 2012-02-20 04:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{7956D7D6-875C-4433-AF0D-D0188B63C3F3}
2012-02-20 01:05 - 2012-02-19 23:59 - 1630579236 ____A (BioWare) C:\Users\Genya\Downloads\ME2_ShadowBroker.exe
2012-02-20 00:38 - 2012-02-19 23:59 - 922454032 ____A (BioWare) C:\Users\Genya\Downloads\ME2_Arrival.exe
2012-02-19 20:43 - 2012-02-19 20:33 - 0000000 ____D C:\Users\Genya\AppData\Roaming\DarksporeData
2012-02-19 20:33 - 2012-02-19 20:33 - 0000000 ____D C:\Users\Genya\Documents\Darkspore
2012-02-19 16:37 - 2012-02-19 16:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{19010566-629F-4F39-94A2-6EE21E89C995}
2012-02-19 10:29 - 2012-02-19 10:29 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Unity
2012-02-19 10:29 - 2012-02-19 10:27 - 0000000 ____D C:\Users\Genya\AppData\Roaming\PACE Anti-Piracy
2012-02-19 10:29 - 2011-10-26 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\YqOuMIXVUptb
2012-02-19 10:27 - 2012-02-19 10:27 - 0000000 ____D C:\Users\Genya\AppData\Local\PACE Anti-Piracy
2012-02-19 08:33 - 2012-02-19 08:33 - 0001124 ____A C:\Users\Public\Desktop\Unity.lnk
2012-02-19 08:32 - 2012-02-19 07:24 - 528179960 ____A (Unity Technologies ApS) C:\Users\Genya\Downloads\UnitySetup-3.5.0.exe
2012-02-19 04:36 - 2012-02-19 04:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{A3127E14-3A68-4BA6-939A-AD4F624AB52F}
2012-02-18 16:36 - 2012-02-18 16:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{1E1607F8-776E-4218-B95E-4026A7AA4E39}
2012-02-18 16:36 - 2012-02-18 16:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A6ADAAD5-07E8-4213-9B29-2314C52ECB8C}
2012-02-18 10:54 - 2012-02-18 06:29 - 47796216 ____A (Electronic Arts, Inc.) C:\Users\Genya\Downloads\OriginSetup.exe
2012-02-18 06:31 - 2012-02-18 06:30 - 0000000 ____D C:\Users\Genya\AppData\Roaming\Origin
2012-02-18 04:35 - 2012-02-18 04:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{7EF9C97B-4F97-4CCB-9D65-C1DEDA0ABA4F}
2012-02-18 04:35 - 2012-02-18 04:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{09D1955B-EC41-4FFF-9F5C-604471ABCA8C}
2012-02-17 16:34 - 2012-02-17 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{ECCC5E79-468D-4713-8CB6-18D9B97468BA}
2012-02-17 16:34 - 2012-02-17 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A64AD5F-24DE-4247-A222-8A044CEFB48B}
2012-02-17 04:34 - 2012-02-17 04:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{83E0B104-9978-4A85-AAF6-5A1E83BAE7D0}
2012-02-17 04:33 - 2012-02-17 04:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BCF814A-41A4-4210-86B1-150A689ADE62}
2012-02-16 22:38 - 2012-03-14 02:15 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 02:15 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 02:15 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 02:15 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:33 - 2012-02-16 16:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7DF2A0B-B5B2-4279-9F67-915859FA63E8}
2012-02-16 16:33 - 2012-02-16 16:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{E49B34D2-93A6-4813-BB20-07AC5447AC0D}
2012-02-16 04:32 - 2012-02-16 04:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{DBBC3270-E1C3-411B-8D1F-49F5860B8EE5}
2012-02-16 04:32 - 2012-02-16 04:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{18AB16C6-F4D8-4CA1-B70F-C4FAA12E9F41}
2012-02-16 04:32 - 2011-07-28 03:24 - 0000174 ___SH C:\Users\Genya\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:32 - 2011-07-28 03:24 - 0000174 ___SH C:\Users\Genya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 12:43 - 2012-02-15 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031F01D-6A31-4295-B5B7-D902E6A87B74}
2012-02-15 12:43 - 2012-02-15 00:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B08344C3-6260-4D50-8370-078529FA650F}
2012-02-15 00:43 - 2012-02-15 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{04477F5D-9CA1-4DC1-9062-28A014AC7932}
2012-02-14 07:07 - 2012-02-14 07:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{CCEE54A5-2AA4-4B3E-B7CE-87FD8EEAD118}
2012-02-14 07:07 - 2012-02-13 07:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{8D869122-1876-4BB1-A6FF-CCEA5E7FBAC8}


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0858112 ____A (Microsoft Corporation) 232DA8CA74D73220FA723C2F20258C8F

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-07-26 04:14] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8098.04 MB
Available physical RAM: 7271.59 MB
Total Pagefile: 8096.24 MB
Available Pagefile: 7264.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:476.83 GB) (Free:136.85 GB) NTFS
2 Drive d: () (Fixed) (Total:1863.01 GB) (Free:1841.36 GB) NTFS
3 Drive f: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (OCUK) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 476 GB 8 MB
Disk 1 Online 1863 GB 0 B
Disk 2 Online 3814 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 476 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 476 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 1863 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3810 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G OCUK FAT32 Removable 3810 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-09 05:37

======================= End Of Log ==========================

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 07:19 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730}
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A}
2012-05-11 11:52 - 2012-05-11 11:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA}
2012-05-11 11:52 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5}
2012-05-10 23:52 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620}
2012-05-10 23:51 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934}
2012-05-08 16:42 - 2012-05-08 16:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9}
2012-05-08 16:42 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720}
2012-05-07 04:41 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA}
2012-05-07 04:40 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6}
2012-05-06 03:53 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262}
2012-05-06 03:52 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1}
2012-05-05 03:52 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B}
2012-05-05 03:51 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F}
2012-05-04 15:51 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C}
2012-05-04 15:50 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F}
2012-05-03 02:40 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF}
2012-05-03 02:39 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61}
2012-05-02 02:38 - 2012-05-02 02:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656}
2012-05-02 02:38 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB}
2012-05-01 14:38 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354}
2012-05-01 14:37 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB}
2012-04-30 02:35 - 2012-04-30 02:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241}
2012-04-30 02:35 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23}
2012-04-29 14:35 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530}
2012-04-29 14:34 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6}
2012-04-28 14:33 - 2012-04-28 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED}
2012-04-28 14:33 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D}
2012-04-26 23:49 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF}
2012-04-26 23:48 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6}
2012-04-26 11:43 - 2012-04-26 11:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6}
2012-04-26 11:43 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A}
2012-04-24 23:42 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC}
2012-04-24 23:41 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C}
2012-04-24 11:37 - 2012-04-24 11:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405}
2012-04-24 11:37 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8}
2012-04-23 23:37 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB}
2012-04-23 23:36 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154}
2012-04-22 23:35 - 2012-04-22 23:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE}
2012-04-22 23:35 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1}
2012-04-22 11:35 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E}
2012-04-21 23:34 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065}
2012-04-21 23:34 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40}
2012-04-21 11:33 - 2012-04-21 11:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4}
2012-04-21 11:33 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C}
2012-04-20 23:33 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1}
2012-04-20 23:32 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833}
2012-04-19 23:31 - 2012-04-19 23:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A}
2012-04-19 23:31 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294}
2012-04-19 11:31 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427}
2012-04-19 11:30 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E}
2012-04-18 11:29 - 2012-04-18 11:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694}
2012-04-18 11:29 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2}
2012-04-17 09:14 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910}
2012-04-17 09:13 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F}
2012-04-15 04:27 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7}
2012-04-15 04:26 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118}
2012-04-14 04:25 - 2012-04-14 04:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502}
2012-04-14 04:25 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2}
2012-04-13 16:25 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F}
2012-04-13 16:24 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A}
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730}
2012-05-12 11:10 - 2012-05-12 11:10 - 0000000 ____D C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A}
2012-05-11 11:53 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA}
2012-05-11 11:52 - 2012-05-11 11:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5}
2012-05-10 23:52 - 2012-05-10 23:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620}
2012-05-10 23:52 - 2012-05-10 23:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627}
2012-05-10 11:51 - 2012-05-10 11:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65}
2012-05-09 04:43 - 2012-05-09 04:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934}
2012-05-08 16:43 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9}
2012-05-08 16:42 - 2012-05-08 16:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0}
2012-05-08 04:42 - 2012-05-08 04:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468}
2012-05-07 16:41 - 2012-05-07 16:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720}
2012-05-07 04:41 - 2012-05-07 04:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA}
2012-05-07 04:41 - 2012-05-07 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F}
2012-05-06 15:53 - 2012-05-06 15:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6}
2012-05-06 03:53 - 2012-05-06 03:53 - 0000000 ____D C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262}
2012-05-06 03:53 - 2012-05-06 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184}
2012-05-05 15:52 - 2012-05-05 15:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1}
2012-05-05 03:52 - 2012-05-05 03:52 - 0000000 ____D C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B}
2012-05-05 03:52 - 2012-05-05 03:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F}
2012-05-04 15:51 - 2012-05-04 15:51 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C}
2012-05-04 15:51 - 2012-05-04 15:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151}
2012-05-04 03:50 - 2012-05-04 03:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB}
2012-05-03 14:40 - 2012-05-03 14:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F}
2012-05-03 02:40 - 2012-05-03 02:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF}
2012-05-03 02:40 - 2012-05-03 02:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF}
2012-05-02 14:39 - 2012-05-02 14:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61}
2012-05-02 02:39 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656}
2012-05-02 02:38 - 2012-05-02 02:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB}
2012-05-01 14:38 - 2012-05-01 14:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354}
2012-05-01 14:38 - 2012-05-01 14:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40}
2012-05-01 02:37 - 2012-05-01 02:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF}
2012-04-30 14:36 - 2012-04-30 14:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB}
2012-04-30 02:36 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241}
2012-04-30 02:35 - 2012-04-30 02:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23}
2012-04-29 14:35 - 2012-04-29 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530}
2012-04-29 14:35 - 2012-04-29 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945}
2012-04-29 02:34 - 2012-04-29 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6}
2012-04-28 14:34 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED}
2012-04-28 14:33 - 2012-04-28 14:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35}
2012-04-28 02:33 - 2012-04-28 02:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890}
2012-04-27 11:49 - 2012-04-27 11:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D}
2012-04-26 23:49 - 2012-04-26 23:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF}
2012-04-26 23:49 - 2012-04-26 23:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6}
2012-04-26 11:44 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6}
2012-04-26 11:43 - 2012-04-26 11:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB}
2012-04-25 23:43 - 2012-04-25 23:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4}
2012-04-25 11:42 - 2012-04-25 11:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A}
2012-04-24 23:42 - 2012-04-24 23:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC}
2012-04-24 23:42 - 2012-04-24 23:41 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C}
2012-04-24 11:38 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405}
2012-04-24 11:37 - 2012-04-24 11:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8}
2012-04-23 23:37 - 2012-04-23 23:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB}
2012-04-23 23:37 - 2012-04-23 23:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759}
2012-04-23 11:36 - 2012-04-23 11:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154}
2012-04-22 23:36 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE}
2012-04-22 23:35 - 2012-04-22 23:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1}
2012-04-22 11:35 - 2012-04-22 11:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E}
2012-04-22 11:35 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065}
2012-04-21 23:34 - 2012-04-21 23:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40}
2012-04-21 11:34 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4}
2012-04-21 11:33 - 2012-04-21 11:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C}
2012-04-20 23:33 - 2012-04-20 23:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1}
2012-04-20 23:33 - 2012-04-20 23:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950}
2012-04-20 11:32 - 2012-04-20 11:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833}
2012-04-19 23:32 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A}
2012-04-19 23:31 - 2012-04-19 23:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294}
2012-04-19 11:31 - 2012-04-19 11:31 - 0000000 ____D C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427}
2012-04-19 11:31 - 2012-04-19 11:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D}
2012-04-18 23:30 - 2012-04-18 23:30 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E}
2012-04-18 11:30 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694}
2012-04-18 11:29 - 2012-04-18 11:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7}
2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2}
2012-04-17 09:14 - 2012-04-17 09:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910}
2012-04-17 09:14 - 2012-04-17 09:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE}
2012-04-16 21:13 - 2012-04-16 21:13 - 0000000 ____D C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D}
2012-04-16 04:28 - 2012-04-16 04:28 - 0000000 ____D C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36}
2012-04-15 16:27 - 2012-04-15 16:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F}
2012-04-15 04:27 - 2012-04-15 04:27 - 0000000 ____D C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7}
2012-04-15 04:27 - 2012-04-15 04:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8}
2012-04-14 16:26 - 2012-04-14 16:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118}
2012-04-14 04:26 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502}
2012-04-14 04:25 - 2012-04-14 04:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2}
2012-04-13 16:25 - 2012-04-13 16:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F}
2012-04-13 16:25 - 2012-04-13 16:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51}
2012-04-13 04:24 - 2012-04-13 04:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A}
2012-04-12 16:24 - 2012-04-12 16:24 - 0000000 ____D C:\Users\Genya\AppData\Local\{097946F5-4918-4849-9D83-1CDBB7FAB436}
2012-04-12 16:24 - 2012-04-12 16:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{7173F98A-63F5-47F7-A0DC-C43936CC3CF7}
2012-04-12 04:23 - 2012-04-12 04:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{2EB9D751-E2CE-48E8-AF29-0B2FC387FE98}
2012-04-12 04:23 - 2012-04-12 04:23 - 0000000 ____D C:\Users\Genya\AppData\Local\{15DCE144-5249-421F-AD55-C0A844765D85}
2012-04-11 16:22 - 2012-04-11 16:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{76CCAD8A-CEFE-44F5-8A02-36F8E403F722}
2012-04-11 16:22 - 2012-04-11 16:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{532BC7DD-52F9-4FBC-AEDB-AAE86B1ADC42}
2012-04-11 04:22 - 2012-04-11 04:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{60F2856B-7A87-4AB8-9ECA-E2928B5BE425}
2012-04-11 04:22 - 2012-04-11 04:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{CDBA2195-A11F-4CDE-9D3D-5D5EAE6EADCF}
2012-04-10 16:21 - 2012-04-10 16:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D99B1E32-E702-4940-960C-EB96F87E68A7}
2012-04-10 16:21 - 2012-04-10 16:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D36E9538-33EF-455A-80EF-582336213EFE}
2012-04-10 04:20 - 2012-04-10 04:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A816350-4FCB-40FD-9053-415C3792C4CA}
2012-04-10 04:20 - 2012-04-10 04:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{0520D872-8DD8-4530-81B5-E5678B48F68D}
2012-04-09 16:20 - 2012-04-09 16:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{EC0CF88F-6D1F-4E19-9E65-AC42DE626B53}
2012-04-09 16:20 - 2012-04-09 16:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{4ACC296F-B631-4F7C-AE01-A4EF104197BB}
2012-04-09 04:19 - 2012-04-09 04:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{F70297E2-B39C-4C10-A7FC-026F1644A052}
2012-04-09 04:19 - 2012-04-09 04:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{BE01E507-9021-42EC-9735-FBF49AB3509F}
2012-04-08 14:35 - 2012-04-08 14:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{76C96972-EEEB-45F3-8BB3-9258418E00AE}
2012-04-08 14:35 - 2012-04-08 14:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{A23F7B50-C404-45FF-A5E1-E7147C4E5CB4}
2012-04-08 02:34 - 2012-04-08 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{81250AD4-5105-46A9-877A-A69795F545C4}
2012-04-08 02:34 - 2012-04-08 02:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{0865CCA2-B533-4564-B215-0EB225B0FCD1}
2012-04-07 14:26 - 2012-04-07 14:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{F2481FDA-A368-4723-9D98-39C925767461}
2012-04-07 14:26 - 2012-04-07 14:26 - 0000000 ____D C:\Users\Genya\AppData\Local\{3B8A1F92-A9FD-41B3-A65C-8203B1FD5723}
2012-04-07 02:26 - 2012-04-07 02:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{DB985B92-E9FB-4475-B457-9EDC8C61B5D1}
2012-04-07 02:25 - 2012-04-07 02:25 - 0000000 ____D C:\Users\Genya\AppData\Local\{36A189F3-9D08-4F4D-A1FD-E498E1C1CC6C}
2012-04-06 08:55 - 2012-04-06 08:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{75D99C73-8064-404C-8B6D-A9DEE5B188D0}
2012-04-06 08:55 - 2012-04-06 08:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{304782D6-0167-4ED3-BC6C-872522287FD0}
2012-04-06 03:46 - 2012-04-06 03:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{D860C6A2-A9B5-4C79-AF98-F83FF7316E3F}
2012-04-05 12:01 - 2012-04-05 12:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{B7633B95-A4B7-4149-A49D-411A1C0BB3FF}
2012-04-05 12:01 - 2012-04-05 12:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{81720DD6-7CF1-42E3-8A52-0BC41AFA18EA}
2012-04-05 00:01 - 2012-04-05 00:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{968CFBD1-7093-4C7D-ACF8-2CFF04438682}
2012-04-05 00:01 - 2012-04-05 00:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{8B20FD3D-50CE-440C-BFD6-31A742A63624}
2012-04-04 05:56 - 2012-04-04 05:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{745EB086-DD2F-4F06-9AEE-7C1ADFADCA15}
2012-04-04 05:56 - 2012-04-04 05:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{6B4B9BC3-8850-4E03-8158-462BA6067932}
2012-04-03 23:55 - 2012-04-03 23:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{F97FAF0C-E833-40D5-9315-94F46E615A4F}
2012-04-03 23:55 - 2012-04-03 23:55 - 0000000 ____D C:\Users\Genya\AppData\Local\{098E3202-A7E6-4562-8190-0629DC4DCCDF}
2012-04-03 12:00 - 2012-04-03 12:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{38D6D6C0-2441-4E40-ABA8-095CDE638A70}
2012-04-03 12:00 - 2012-04-03 11:59 - 0000000 ____D C:\Users\Genya\AppData\Local\{BBF7514D-40A5-400C-836D-FAA940900082}
2012-04-03 00:00 - 2012-04-03 00:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{6D6743CE-78D2-4046-97DF-6651EAB8A6FD}
2012-04-03 00:00 - 2012-04-02 23:59 - 0000000 ____D C:\Users\Genya\AppData\Local\{DBA45979-C815-43EF-90AF-D56C29E91C46}
2012-04-02 12:44 - 2012-04-02 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{A930C5D8-D475-46C9-AC0B-CD3037FCCE22}
2012-04-02 12:43 - 2012-04-02 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{3F12EC11-8EA2-47AE-8A74-343ED08FCE93}
2012-04-02 00:43 - 2012-04-02 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{B4311B52-08C3-4260-B8BA-855B153FD365}
2012-04-02 00:43 - 2012-04-02 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{793F3E73-D00B-480C-BBAB-663D9389FA51}
2012-04-01 13:21 - 2012-04-01 13:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{56E12F23-C266-41B4-A1A8-A109BB6E0AEF}
2012-04-01 13:21 - 2012-04-01 13:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{242BE82B-AFDA-4792-B37B-C077006C4170}
2012-04-01 01:21 - 2012-04-01 01:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{329F9982-07A0-495B-9554-0BD0F6144389}
2012-04-01 01:21 - 2012-04-01 01:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{117EC77A-9A71-4959-9B39-E2B78E08D061}
2012-03-31 13:50 - 2012-03-31 13:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{4809F94E-2DB0-432D-918E-FF10DE27379B}
2012-03-31 13:49 - 2012-03-31 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{110A0B0C-31CA-4EC2-A610-3DF3E5A00414}
2012-03-31 01:50 - 2012-03-31 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{B3FE016E-53C7-4CE8-96F6-E8C37F2C7B22}
2012-03-30 11:17 - 2012-03-30 11:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{D509CAF2-8282-438C-8E9F-5B456A133670}
2012-03-29 23:16 - 2012-03-29 23:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{18606420-0B60-46C5-9F8D-BB5FA74E3ABB}
2012-03-29 14:56 - 2012-03-29 14:56 - 0000000 ____D C:\Users\Genya\AppData\Local\{FA4DC6D7-F8C4-409F-B795-E35AC01D17E8}
2012-03-22 03:50 - 2012-03-22 03:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{13244952-091F-46B9-8CEF-E964EEEE2454}
2012-03-22 03:49 - 2012-03-22 03:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{AEA625C7-E488-4840-9893-8F4135DD48D0}
2012-03-21 15:49 - 2012-03-21 15:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{60B9E13A-F70D-417E-BCCA-63B1D02A439B}
2012-03-21 15:49 - 2012-03-21 03:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{BFA25176-24FF-43E0-A523-2206421CEC6B}
2012-03-21 03:48 - 2012-03-21 03:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{C09CA107-615D-4135-9545-776ACFB4637C}
2012-03-21 03:09 - 2012-03-21 03:09 - 0000000 ____D C:\Users\Genya\AppData\Local\{ACD5FC81-91C5-4472-8011-AE9EF05FB5EE}
2012-03-21 03:09 - 2012-03-21 03:09 - 0000000 ____D C:\Users\Genya\AppData\Local\{A441145C-3DA3-47DF-9742-EF52EEDE1DD4}
2012-03-20 15:08 - 2012-03-20 15:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{3163A077-11FE-422F-BBA3-FFC1B1343789}
2012-03-20 15:08 - 2012-03-20 15:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{2642B4E7-E7CD-41DC-9C56-CE029B89ACA3}
2012-03-20 03:08 - 2012-03-20 03:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{4743C8A8-56D8-4529-8FE2-0D683D413F0C}
2012-03-20 03:08 - 2012-03-20 03:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{10E5D914-725F-4C27-AF62-00A70138B01A}
2012-03-19 15:07 - 2012-03-19 15:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{7A2C85B7-F2FC-48A8-B5DC-9BFD56FA4713}
2012-03-19 15:07 - 2012-03-19 15:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{63322CBD-1016-4DC5-8688-35E6ADE763AB}
2012-03-19 03:06 - 2012-03-19 03:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{ED1D8E3B-8D5D-4BF0-9C60-321E69A7C686}
2012-03-19 03:06 - 2012-03-19 03:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{681937F5-1E28-4A1D-A247-852A79E60F66}
2012-03-18 15:06 - 2012-03-18 15:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{58632B96-374E-4D72-B43D-FE049715E30C}
2012-03-18 15:06 - 2012-03-18 15:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{304F36E5-B1E7-4CB6-98CF-60201F231EC0}
2012-03-18 03:05 - 2012-03-18 03:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{EA5377F4-F168-4C0C-874F-6B63DB160AA2}
2012-03-18 03:05 - 2012-03-18 03:05 - 0000000 ____D C:\Users\Genya\AppData\Local\{A144D7F9-453B-4D7D-8E7F-1C9DA844897D}
2012-03-17 14:33 - 2012-03-17 14:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{77D566DC-0739-4EEE-81EE-B14B6FCE8AC9}
2012-03-17 14:32 - 2012-03-17 14:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{A03DACD5-B221-415F-9C72-7137DA18F0CA}
2012-03-17 02:32 - 2012-03-17 02:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{F330D0E3-A960-4EAD-9239-9D26E1F7F332}
2012-03-17 02:32 - 2012-03-17 02:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{930ABFE6-999F-403D-BBD1-5CF5D9A32508}
2012-03-16 14:17 - 2012-03-16 14:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{ACF877D0-872C-4E84-9D42-634F4D6AF6BF}
2012-03-16 14:17 - 2012-03-16 14:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{9641F72F-AA10-4A45-8BEB-824B0841EB14}
2012-03-16 02:17 - 2012-03-16 02:17 - 0000000 ____D C:\Users\Genya\AppData\Local\{706D2FDC-29D5-4C34-9180-21EF7CF39D90}
2012-03-16 02:17 - 2012-03-16 02:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{A31C6CE2-6DB4-4C0D-B918-8F3FB9F06810}
2012-03-15 14:16 - 2012-03-15 14:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{AB511285-72FF-4DDB-B0F8-9F859376AC79}
2012-03-15 14:16 - 2012-03-15 14:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{24708E28-ADB0-4149-A568-D564D24127C2}
2012-03-15 02:16 - 2012-03-15 02:16 - 0000000 ____D C:\Users\Genya\AppData\Local\{357D51B4-5326-4776-9524-FD13EFED7526}
2012-03-15 02:16 - 2012-03-15 02:15 - 0000000 ____D C:\Users\Genya\AppData\Local\{0F7C5FFE-3361-4687-9C14-66F891A1C5FD}
2012-03-14 14:15 - 2012-03-14 14:15 - 0000000 ____D C:\Users\Genya\AppData\Local\{152F186B-FEEA-4792-A212-25732F29BA89}
2012-03-14 14:15 - 2012-03-14 14:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{626EF7F6-C088-4B4C-B284-134221AEF9AC}
2012-03-14 02:14 - 2012-03-14 02:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{E5EB5CAB-90C3-40A7-9AF6-E7C1C7F44789}
2012-03-14 02:14 - 2012-03-14 02:14 - 0000000 ____D C:\Users\Genya\AppData\Local\{90AF4437-EF6F-46EB-91A6-96D2BFE54DCC}
2012-03-13 14:04 - 2012-03-13 14:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{B4989306-E997-4D08-BEC9-FFF637F2F3AA}
2012-03-13 14:03 - 2012-03-13 14:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{5A7D84D6-EF22-451E-99F2-9DFE2A3A012B}
2012-03-13 02:03 - 2012-03-13 02:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{D63E18E9-F946-4417-B27E-4E7AAB590704}
2012-03-13 02:03 - 2012-03-13 02:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{79488088-CF8D-4F8A-AE1D-BF24B1C4ACDD}
2012-03-12 14:02 - 2012-03-12 14:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{B48047FC-76E2-4296-B5BA-E6F799290B9E}
2012-03-12 14:02 - 2012-03-12 14:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{183E2F51-0D31-42BC-A190-7F36EA34CDFB}
2012-03-12 02:02 - 2012-03-12 02:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{34C2D654-8B4E-43C4-8733-9C8A3726A218}
2012-03-12 02:02 - 2012-03-12 02:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{9494B7BD-EB51-426D-B1FD-AAF8824C88B7}
2012-03-11 14:01 - 2012-03-11 14:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{40FD835F-DBC6-4B24-8A3C-1808E5B6C3C7}
2012-03-11 14:01 - 2012-03-11 02:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{2FDC559D-069D-44A0-A4E0-2AD8DAEA0DCA}
2012-03-11 02:00 - 2012-03-11 02:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{950270BD-9E7F-4DEB-AA45-C7BAC6CE65EE}
2012-03-10 13:50 - 2012-03-10 13:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{822D6A75-C475-4040-8BA2-D2FA8B44F5ED}
2012-03-10 13:50 - 2012-03-10 13:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{5CF3E50F-B160-4B95-9BD8-3D69A832D7B2}
2012-03-10 01:49 - 2012-03-10 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{A576FAB4-F174-492D-A350-8039EE3B0212}
2012-03-10 01:49 - 2012-03-10 01:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{0ACD77B7-7C7E-4008-A127-7A65CFF818B4}
2012-03-09 13:49 - 2012-03-09 13:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{7F585A08-A329-4F2D-B040-AC53A3FBCDA1}
2012-03-09 13:49 - 2012-03-09 13:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{FE58BA73-9311-4AB4-8184-A070090F36ED}
2012-03-09 01:48 - 2012-03-09 01:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{ABCF40F3-0C2A-4E8E-B6BB-E937F7C9D74A}
2012-03-09 01:48 - 2012-03-09 01:48 - 0000000 ____D C:\Users\Genya\AppData\Local\{2510CC83-5766-4A54-AFF1-EBCA844BFB33}
2012-03-08 13:46 - 2012-03-08 13:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{D00EDC9A-C061-49D3-B646-BD2A80FA865A}
2012-03-08 13:46 - 2012-03-08 13:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{38D00E04-9FD9-46F6-91E9-25155EE07DE0}
2012-03-08 01:46 - 2012-03-08 01:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{561FC138-1AB5-49E9-BED3-BA482C4EB9CC}
2012-03-08 01:46 - 2012-03-08 01:46 - 0000000 ____D C:\Users\Genya\AppData\Local\{13C48BE3-8537-4DCA-A5B4-AC8507E7F569}
2012-03-07 13:45 - 2012-03-07 13:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{E2D0663A-FA9E-4A81-BE54-1A14ED08BD6A}
2012-03-07 13:45 - 2012-03-07 13:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{01EB7D35-7CA0-4489-BA94-7339B42EBD0A}
2012-03-07 01:45 - 2012-03-07 01:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{E259BF7D-1B82-4847-9689-FE73B9F94C29}
2012-03-07 01:45 - 2012-03-07 01:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{322CFD47-B0EA-47EE-B0B3-E5E1C593B934}
2012-03-06 12:50 - 2012-03-06 12:50 - 0000000 ____D C:\Users\Genya\AppData\Local\{A925BDA4-523D-40AE-8D83-21852F2502FD}
2012-03-06 12:50 - 2012-03-06 00:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{3539F57B-0BA0-41C9-8B7F-DFD23BE98FAA}
2012-03-06 00:50 - 2012-03-06 00:49 - 0000000 ____D C:\Users\Genya\AppData\Local\{E79E9D48-3A4E-49B3-8E4E-3B716D7B7F1F}
2012-03-05 12:21 - 2012-03-05 12:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D277B47C-789F-4B16-8E64-2A52826F5700}
2012-03-05 12:21 - 2012-03-05 12:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{C214F34E-4605-4D47-8E73-516A155B8499}
2012-03-05 00:21 - 2012-03-05 00:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{4547EE21-23B0-41D1-933A-D983906BD324}
2012-03-05 00:20 - 2012-03-05 00:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{E5C57A74-A71E-40C6-AEEA-057C8BBDB6C7}
2012-03-04 12:20 - 2012-03-04 12:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{371E7027-980A-422D-BC73-B42233D21DFB}
2012-03-04 12:20 - 2012-03-04 12:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{A505DB31-8EA6-46C1-9960-A5D0218E1164}
2012-03-04 00:19 - 2012-03-04 00:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7B8BC79-0E8B-4771-A832-00703D4B2E05}
2012-03-04 00:19 - 2012-03-04 00:19 - 0000000 ____D C:\Users\Genya\AppData\Local\{2AA54973-CBCD-41F8-B19E-92FEACE1E2EE}
2012-03-03 11:20 - 2012-03-03 11:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{B0926FF1-0C33-4852-9FCD-DB9F009899A3}
2012-03-03 11:20 - 2012-03-03 11:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6E73ABDA-C374-4324-8ECC-F11BE9CE1559}
2012-03-02 23:20 - 2012-03-02 23:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{FB1B3EB2-BB27-400E-8EBA-AB1137028AF1}
2012-03-02 23:20 - 2012-03-02 23:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{6FF94D11-9DC1-4BE6-BFFA-8C284AE2A12D}
2012-03-02 11:03 - 2012-03-02 11:03 - 0000000 ____D C:\Users\Genya\AppData\Local\{465639F6-53E0-449F-9FC2-8ADE9E2CDBE7}
2012-03-02 11:03 - 2012-03-02 11:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{8F2D78E0-9467-44B2-AFA3-8B83C57FC9A3}
2012-03-01 23:02 - 2012-03-01 23:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{B902FE03-AAEA-47B2-A002-7BC079222EF4}
2012-03-01 23:02 - 2012-03-01 23:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{A5F8622B-6636-4D76-8E20-52045C56AA54}
2012-03-01 11:01 - 2012-03-01 11:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{75622E7F-B51B-41F5-9319-21F7B73C19A9}
2012-03-01 11:01 - 2012-02-29 23:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{C21EB542-CCE5-4405-B962-D51CCF5D8502}
2012-02-29 23:01 - 2012-02-29 23:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{CE62EE4C-E485-4667-A651-3BFE7EC75BE0}
2012-02-29 08:45 - 2012-02-29 08:45 - 0000000 ____D C:\Users\Genya\AppData\Local\{2FD251D0-6A71-4F05-8BAB-E1CEB291F346}
2012-02-29 08:45 - 2012-02-28 20:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{A12A8DE3-9FDA-4865-83BC-D3BBEA165CE3}
2012-02-28 20:44 - 2012-02-28 20:44 - 0000000 ____D C:\Users\Genya\AppData\Local\{B71E0C7B-C55F-47D2-9323-921CA274CBC5}
2012-02-28 07:08 - 2012-02-28 07:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{EBC1F120-3063-4551-84C9-AD1D73BDFC2F}
2012-02-28 07:08 - 2012-02-27 19:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{E1327FA7-FF25-4436-99BA-7BA9E6201D8A}
2012-02-27 19:08 - 2012-02-27 19:08 - 0000000 ____D C:\Users\Genya\AppData\Local\{70693862-A175-48C0-ADD3-C34B15C999A4}
2012-02-27 05:22 - 2012-02-27 05:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{A683A595-E8B7-49E7-91F1-86D9364B9679}
2012-02-27 05:22 - 2012-02-27 05:22 - 0000000 ____D C:\Users\Genya\AppData\Local\{A2A4B092-BD08-4132-B19B-807C4FD024EA}
2012-02-26 17:22 - 2012-02-26 17:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{A404AEBA-1A2F-4C48-A6E3-3FD5F1ED113C}
2012-02-26 17:21 - 2012-02-26 05:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{6644D8B8-A8F9-4A9D-89C9-1BB7506E9B84}
2012-02-26 05:21 - 2012-02-26 05:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{73BDC23B-EDC0-42E2-9C67-C9691D750A51}
2012-02-25 15:21 - 2012-02-25 15:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{D97CC564-5FD3-4CB7-A5C2-66369A6DAEFA}
2012-02-25 15:21 - 2012-02-25 15:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{9A4FE8D4-B431-4F45-8D1C-56E97EDDE808}
2012-02-25 03:21 - 2012-02-25 03:21 - 0000000 ____D C:\Users\Genya\AppData\Local\{0569700C-8A8D-49C0-9DC4-9874DCC20C3C}
2012-02-25 03:21 - 2012-02-25 03:20 - 0000000 ____D C:\Users\Genya\AppData\Local\{98DFC1C5-B72C-43C0-A780-90B06781CC59}
2012-02-24 13:02 - 2012-02-24 13:02 - 0000000 ____D C:\Users\Genya\AppData\Local\{3887ABEC-A668-4CFF-B0BA-133952BE7A30}
2012-02-24 13:02 - 2012-02-23 01:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{AEA4C3BA-F3BF-49FB-9B21-437CE2F06FB6}
2012-02-24 01:01 - 2012-02-24 01:01 - 0000000 ____D C:\Users\Genya\AppData\Local\{E61315FE-0BF5-4646-87A1-F97943403ADF}
2012-02-23 13:01 - 2012-02-23 13:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{FA8E05DA-3130-4E16-B2F1-250E0052D31B}
2012-02-23 01:00 - 2012-02-23 01:00 - 0000000 ____D C:\Users\Genya\AppData\Local\{D1753A6D-643D-4A84-9987-1E3E0EFFE4FE}
2012-02-22 04:40 - 2012-02-22 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{B924A113-C576-4E37-A594-8BA34F7E1D74}
2012-02-22 04:40 - 2012-02-22 04:40 - 0000000 ____D C:\Users\Genya\AppData\Local\{3B24BD43-9AE9-49FA-B55F-01A197E4E3BF}
2012-02-21 16:40 - 2012-02-21 16:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{865D0B4A-3126-4FA0-99DC-73551BB8257A}
2012-02-21 16:39 - 2012-02-21 16:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{6F25254E-5A44-4FF1-8736-BE658870FE69}
2012-02-21 04:39 - 2012-02-21 04:39 - 0000000 ____D C:\Users\Genya\AppData\Local\{62ACA383-2B13-4825-986A-D6949E761275}
2012-02-21 04:39 - 2012-02-21 04:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{0661C1F7-0694-4C69-810E-36E4DF653154}
2012-02-20 16:38 - 2012-02-20 16:38 - 0000000 ____D C:\Users\Genya\AppData\Local\{9EAB2DA2-C47F-4558-B088-D34C6720786A}
2012-02-20 16:38 - 2012-02-19 04:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{3C178028-8FCA-4CE3-8350-6B4670CD04D0}
2012-02-20 04:38 - 2012-02-20 04:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{7956D7D6-875C-4433-AF0D-D0188B63C3F3}
2012-02-19 16:37 - 2012-02-19 16:37 - 0000000 ____D C:\Users\Genya\AppData\Local\{19010566-629F-4F39-94A2-6EE21E89C995}
2012-02-19 10:29 - 2011-10-26 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\YqOuMIXVUptb
2012-02-19 04:36 - 2012-02-19 04:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{A3127E14-3A68-4BA6-939A-AD4F624AB52F}
2012-02-18 16:36 - 2012-02-18 16:36 - 0000000 ____D C:\Users\Genya\AppData\Local\{1E1607F8-776E-4218-B95E-4026A7AA4E39}
2012-02-18 16:36 - 2012-02-18 16:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{A6ADAAD5-07E8-4213-9B29-2314C52ECB8C}
2012-02-18 04:35 - 2012-02-18 04:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{7EF9C97B-4F97-4CCB-9D65-C1DEDA0ABA4F}
2012-02-18 04:35 - 2012-02-18 04:35 - 0000000 ____D C:\Users\Genya\AppData\Local\{09D1955B-EC41-4FFF-9F5C-604471ABCA8C}
2012-02-17 16:34 - 2012-02-17 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{ECCC5E79-468D-4713-8CB6-18D9B97468BA}
2012-02-17 16:34 - 2012-02-17 16:34 - 0000000 ____D C:\Users\Genya\AppData\Local\{6A64AD5F-24DE-4247-A222-8A044CEFB48B}
2012-02-17 04:34 - 2012-02-17 04:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{83E0B104-9978-4A85-AAF6-5A1E83BAE7D0}
2012-02-17 04:33 - 2012-02-17 04:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{0BCF814A-41A4-4210-86B1-150A689ADE62}
2012-02-16 16:33 - 2012-02-16 16:33 - 0000000 ____D C:\Users\Genya\AppData\Local\{E7DF2A0B-B5B2-4279-9F67-915859FA63E8}
2012-02-16 16:33 - 2012-02-16 16:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{E49B34D2-93A6-4813-BB20-07AC5447AC0D}
2012-02-16 04:32 - 2012-02-16 04:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{DBBC3270-E1C3-411B-8D1F-49F5860B8EE5}
2012-02-16 04:32 - 2012-02-16 04:32 - 0000000 ____D C:\Users\Genya\AppData\Local\{18AB16C6-F4D8-4CA1-B70F-C4FAA12E9F41}
2012-02-15 12:43 - 2012-02-15 12:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{7031F01D-6A31-4295-B5B7-D902E6A87B74}
2012-02-15 12:43 - 2012-02-15 00:42 - 0000000 ____D C:\Users\Genya\AppData\Local\{B08344C3-6260-4D50-8370-078529FA650F}
2012-02-15 00:43 - 2012-02-15 00:43 - 0000000 ____D C:\Users\Genya\AppData\Local\{04477F5D-9CA1-4DC1-9062-28A014AC7932}
2012-02-14 07:07 - 2012-02-14 07:07 - 0000000 ____D C:\Users\Genya\AppData\Local\{CCEE54A5-2AA4-4B3E-B7CE-87FD8EEAD118}
2012-02-14 07:07 - 2012-02-13 07:06 - 0000000 ____D C:\Users\Genya\AppData\Local\{8D869122-1876-4BB1-A6FF-CCEA5E7FBAC8}
Replace: c:\windows\ERDNT\cache86\user32.dll c:\windows\SysWOW64\user32.dll
cmd: dir /a C:\Users\Genya\AppData\Roaming\Skype
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 07:31 PM

Here is the log as requested, I will let you know if the audio ads surface in the next hour or so:


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 12-05-2012
Ran by SYSTEM at 2012-05-13 01:27:15 Run:1
Running from G:\

==============================================

C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730} moved successfully.
C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A} moved successfully.
C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA} moved successfully.
C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5} moved successfully.
C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620} moved successfully.
C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C} moved successfully.
C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627} moved successfully.
C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F} moved successfully.
C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65} moved successfully.
C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934} moved successfully.
C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9} moved successfully.
C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA} moved successfully.
C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0} moved successfully.
C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A} moved successfully.
C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468} moved successfully.
C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720} moved successfully.
C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA} moved successfully.
C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8} moved successfully.
C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F} moved successfully.
C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6} moved successfully.
C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262} moved successfully.
C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D} moved successfully.
C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184} moved successfully.
C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1} moved successfully.
C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B} moved successfully.
C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F} moved successfully.
C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C} moved successfully.
C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888} moved successfully.
C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151} moved successfully.
C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421} moved successfully.
C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB} moved successfully.
C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F} moved successfully.
C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF} moved successfully.
C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486} moved successfully.
C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF} moved successfully.
C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61} moved successfully.
C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656} moved successfully.
C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB} moved successfully.
C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354} moved successfully.
C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED} moved successfully.
C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40} moved successfully.
C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2} moved successfully.
C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF} moved successfully.
C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB} moved successfully.
C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241} moved successfully.
C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23} moved successfully.
C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530} moved successfully.
C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381} moved successfully.
C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945} moved successfully.
C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6} moved successfully.
C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED} moved successfully.
C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3} moved successfully.
C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35} moved successfully.
C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A} moved successfully.
C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890} moved successfully.
C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D} moved successfully.
C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF} moved successfully.
C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6} moved successfully.
C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6} moved successfully.
C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E} moved successfully.
C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB} moved successfully.
C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915} moved successfully.
C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4} moved successfully.
C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A} moved successfully.
C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC} moved successfully.
C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C} moved successfully.
C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405} moved successfully.
C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8} moved successfully.
C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB} moved successfully.
C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1} moved successfully.
C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759} moved successfully.
C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154} moved successfully.
C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE} moved successfully.
C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1} moved successfully.
C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E} moved successfully.
C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065} moved successfully.
C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40} moved successfully.
C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4} moved successfully.
C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C} moved successfully.
C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1} moved successfully.
C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE} moved successfully.
C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950} moved successfully.
C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833} moved successfully.
C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A} moved successfully.
C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294} moved successfully.
C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427} moved successfully.
C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097} moved successfully.
C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D} moved successfully.
C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E} moved successfully.
C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694} moved successfully.
C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986} moved successfully.
C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7} moved successfully.
C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2} moved successfully.
C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910} moved successfully.
C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907} moved successfully.
C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE} moved successfully.
C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6} moved successfully.
C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D} moved successfully.
C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4} moved successfully.
C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36} moved successfully.
C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F} moved successfully.
C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7} moved successfully.
C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90} moved successfully.
C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8} moved successfully.
C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118} moved successfully.
C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502} moved successfully.
C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2} moved successfully.
C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F} moved successfully.
C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A} moved successfully.
C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51} moved successfully.
C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A} moved successfully.
C:\Users\Genya\AppData\Local\{E4195287-171B-4E8A-BDC3-6FBE86D01730} not found.
C:\Users\Genya\AppData\Local\{C508AD22-DDF5-4E3F-A8C2-8D211C63A04A} not found.
C:\Users\Genya\AppData\Local\{5B61D9E8-3F5F-4C17-AF55-91F18043FBCA} not found.
C:\Users\Genya\AppData\Local\{D255535D-8FE4-4B4C-BAAF-B405619E72D5} not found.
C:\Users\Genya\AppData\Local\{9D41C66D-279C-40D6-91AE-61E408DAC620} not found.
C:\Users\Genya\AppData\Local\{7BCB6AB5-7E92-4289-9C82-9DA339EF563C} not found.
C:\Users\Genya\AppData\Local\{FFD8E5CE-DD65-4394-ABBF-E8E52FE87627} not found.
C:\Users\Genya\AppData\Local\{8C285832-402F-4451-8B8C-8D672497241F} not found.
C:\Users\Genya\AppData\Local\{E271720A-C099-471C-B131-77707560BC65} not found.
C:\Users\Genya\AppData\Local\{60747BCE-C106-4B05-BE3C-B522F20C6934} not found.
C:\Users\Genya\AppData\Local\{253CBAF0-D29A-4899-8545-06D794D756F9} not found.
C:\Users\Genya\AppData\Local\{D2EAB24F-78F7-4554-B0C0-6F349A0035AA} not found.
C:\Users\Genya\AppData\Local\{2079442A-5E3B-4260-8CCE-B43624709AE0} not found.
C:\Users\Genya\AppData\Local\{1250EA95-09EF-426E-B853-59633B64D44A} not found.
C:\Users\Genya\AppData\Local\{9B2DF4E1-49AE-43F4-9DF6-6125DC32E468} not found.
C:\Users\Genya\AppData\Local\{30C3FE3F-E6B5-48C0-9CFF-0A663AAF8720} not found.
C:\Users\Genya\AppData\Local\{DB070E76-42E3-48E5-A516-4876BCA3D7BA} not found.
C:\Users\Genya\AppData\Local\{73F66C36-E888-4BE2-85E9-1B8FD57599E8} not found.
C:\Users\Genya\AppData\Local\{937F2699-CC33-4890-9292-6DB50271831F} not found.
C:\Users\Genya\AppData\Local\{752B12E9-8979-42AC-8E7D-A8540F89F1B6} not found.
C:\Users\Genya\AppData\Local\{FDC99881-21CF-4634-97C3-E73313628262} not found.
C:\Users\Genya\AppData\Local\{688F4FA4-7653-4925-AFCE-B9A87C1C970D} not found.
C:\Users\Genya\AppData\Local\{AF76AB73-C0C4-43FF-ABFA-FB7F12D26184} not found.
C:\Users\Genya\AppData\Local\{5BA9C127-2768-48FB-B784-BCD0EAFC1CF1} not found.
C:\Users\Genya\AppData\Local\{D77C3270-C407-4E99-93BC-76A5AF58192B} not found.
C:\Users\Genya\AppData\Local\{6627DB57-D351-4ADC-9467-B96FFB85895F} not found.
C:\Users\Genya\AppData\Local\{A23A6660-83A9-4EC7-B18F-90235B366D7C} not found.
C:\Users\Genya\AppData\Local\{23F37D89-BA29-4DC2-86BC-3BAF07366888} not found.
C:\Users\Genya\AppData\Local\{F4D55495-17B1-4081-B47A-162EC470C151} not found.
C:\Users\Genya\AppData\Local\{B1CB5EA1-8B72-4F03-ACCD-E39BEA671421} not found.
C:\Users\Genya\AppData\Local\{7D5155DD-E473-4C35-89F2-034E6BB042FB} not found.
C:\Users\Genya\AppData\Local\{3D5C219A-F910-442C-AEA0-38DCCE31BA6F} not found.
C:\Users\Genya\AppData\Local\{3AC0AC96-DE80-4EEF-830F-B4AAFCD1DDDF} not found.
C:\Users\Genya\AppData\Local\{40EA95C5-EC12-4392-8D89-B0BD9838F486} not found.
C:\Users\Genya\AppData\Local\{981F9F7B-D6F1-4E5E-8C5D-DEC198FF7EBF} not found.
C:\Users\Genya\AppData\Local\{5861C7FF-E89F-4283-BEA2-5A1F546ACE61} not found.
C:\Users\Genya\AppData\Local\{87AC15B9-55F5-4F33-96A1-C7D15A4CC656} not found.
C:\Users\Genya\AppData\Local\{F25B1C31-5C1B-4E01-93CD-55A2101781AB} not found.
C:\Users\Genya\AppData\Local\{4D460E9E-E7DB-45EB-A022-C332AB1D5354} not found.
C:\Users\Genya\AppData\Local\{9970474D-31D5-43CF-BEED-49ECE5324FED} not found.
C:\Users\Genya\AppData\Local\{81539511-FE14-45F2-8B33-5E193CCB6B40} not found.
C:\Users\Genya\AppData\Local\{706B946D-730F-4835-A2ED-F8F41579CEB2} not found.
C:\Users\Genya\AppData\Local\{E1DBA6C8-8AD8-4BE8-91BB-906017015DDF} not found.
C:\Users\Genya\AppData\Local\{DFC1A275-6E71-49B8-9881-C5C3DC699DAB} not found.
C:\Users\Genya\AppData\Local\{4A4CF32E-2DEE-45AC-B9FE-792F1BBC2241} not found.
C:\Users\Genya\AppData\Local\{A8CC4796-3DDB-4C71-BE99-C068CB658B23} not found.
C:\Users\Genya\AppData\Local\{6A4A6BD4-6999-4018-B89B-D89BE8011530} not found.
C:\Users\Genya\AppData\Local\{D4886A13-5C0C-4C4F-9878-A39F3921C381} not found.
C:\Users\Genya\AppData\Local\{34F17081-7FAB-4C17-9CAE-5CA15D5A6945} not found.
C:\Users\Genya\AppData\Local\{0BAD8093-88E8-45DE-95BF-B5100BB18AD6} not found.
C:\Users\Genya\AppData\Local\{A5684F94-038D-4236-A75F-F9F61F2AEBED} not found.
C:\Users\Genya\AppData\Local\{6713147B-39B8-4515-8834-C32B9DD835E3} not found.
C:\Users\Genya\AppData\Local\{DC4C6430-3CFE-4204-A024-5233325C6D35} not found.
C:\Users\Genya\AppData\Local\{250F952E-50D4-40CE-8ECF-5347368FA74A} not found.
C:\Users\Genya\AppData\Local\{E1CBCB00-6278-4520-97A2-5098F3E49890} not found.
C:\Users\Genya\AppData\Local\{15DF996E-0A93-40AB-8E0A-15CD4199239D} not found.
C:\Users\Genya\AppData\Local\{7ED0DC32-CF6A-4748-A810-7D2CB6B6FCDF} not found.
C:\Users\Genya\AppData\Local\{4B8D0EEB-1009-4C97-BA9B-9577B03112A6} not found.
C:\Users\Genya\AppData\Local\{BFF72D52-8780-408C-A172-3B5CE62801F6} not found.
C:\Users\Genya\AppData\Local\{1A4A49D8-D729-47CE-B87D-017657D3210E} not found.
C:\Users\Genya\AppData\Local\{E7C99AC3-2348-477A-9388-DE6345C18BDB} not found.
C:\Users\Genya\AppData\Local\{54ABA9A6-E1E5-48B6-806A-7E7DCCF02915} not found.
C:\Users\Genya\AppData\Local\{B8C38492-EF7C-4B38-A6D3-8C539F3DA2E4} not found.
C:\Users\Genya\AppData\Local\{8ACAA0A5-70F3-43BC-BB7F-CBB7F5753F4A} not found.
C:\Users\Genya\AppData\Local\{81098018-3D27-4752-A257-B81F5E5DAADC} not found.
C:\Users\Genya\AppData\Local\{BBBC16B3-1E42-4E68-931B-316A297D225C} not found.
C:\Users\Genya\AppData\Local\{B757352B-1EBE-466E-BEC6-3633B8C28405} not found.
C:\Users\Genya\AppData\Local\{F8BDE14C-08BD-4F52-955D-4DA690BB73A8} not found.
C:\Users\Genya\AppData\Local\{69158B97-C316-462C-9A63-C7D09CA45ADB} not found.
C:\Users\Genya\AppData\Local\{6E53A5C3-19FE-4C21-87AF-D7E796578CB1} not found.
C:\Users\Genya\AppData\Local\{961E758A-AE0F-47DC-8E98-5DC53CB37759} not found.
C:\Users\Genya\AppData\Local\{42E04A41-5973-4301-A2D6-C8172A3A4154} not found.
C:\Users\Genya\AppData\Local\{23898EB2-34D2-4720-9029-D828D3FBC4AE} not found.
C:\Users\Genya\AppData\Local\{FBA169E3-6F80-4F8A-ACAB-A155C52E83C1} not found.
C:\Users\Genya\AppData\Local\{1DEA6FB5-E7C2-4D86-A67E-2CB66749F51E} not found.
C:\Users\Genya\AppData\Local\{4845DA14-7569-401D-9046-80182EC3B065} not found.
C:\Users\Genya\AppData\Local\{80C7C211-18DC-4E2E-A159-563807DB0C40} not found.
C:\Users\Genya\AppData\Local\{E85DF054-EEAE-49B9-A6CA-3142321BDAD4} not found.
C:\Users\Genya\AppData\Local\{79EB15F6-C94A-4765-9D72-877EDFB6FF1C} not found.
C:\Users\Genya\AppData\Local\{E2E8A5C5-6200-46F8-8E42-0D68C3B5CCE1} not found.
C:\Users\Genya\AppData\Local\{FE2AA1DE-7A7C-426E-A104-C29A804567EE} not found.
C:\Users\Genya\AppData\Local\{CBEBB245-6FF0-4117-A33F-3BA4D8453950} not found.
C:\Users\Genya\AppData\Local\{C1369491-7615-45CC-9941-0240BB2DD833} not found.
C:\Users\Genya\AppData\Local\{9C547962-E024-42A9-A5A0-F177B7F7D86A} not found.
C:\Users\Genya\AppData\Local\{C607D51B-CD79-441F-9414-0A01CBD5C294} not found.
C:\Users\Genya\AppData\Local\{6733FE80-3113-4387-B7AC-0DADF7AB3427} not found.
C:\Users\Genya\AppData\Local\{7F7A2AA3-8548-40AD-A262-DE3110E4A097} not found.
C:\Users\Genya\AppData\Local\{6F63B672-5971-49F9-BED6-02D5E3F21C2D} not found.
C:\Users\Genya\AppData\Local\{3C9D045C-896E-4A2F-8097-EDA769ECEE1E} not found.
C:\Users\Genya\AppData\Local\{F35EBED6-BEDE-46E6-8A9E-ADD0741BB694} not found.
C:\Users\Genya\AppData\Local\{B35747FF-D0A7-42E6-AD0D-580B28300986} not found.
C:\Users\Genya\AppData\Local\{BD626759-8045-43A7-A835-153D68C204C7} not found.
C:\Users\Genya\AppData\Local\{7031490F-6DA5-4E7F-A11F-60F3D0B162B2} not found.
C:\Users\Genya\AppData\Local\{95626F22-0EFC-4D52-AB40-316D1ECDC910} not found.
C:\Users\Genya\AppData\Local\{A2D63E65-B843-4B95-96E7-741E28B6A907} not found.
C:\Users\Genya\AppData\Local\{4EED59A8-DB2E-49ED-A89C-8EADA5460CAE} not found.
C:\Users\Genya\AppData\Local\{33C87C4C-0FAB-4730-ABCD-0DEB6F7D9CA6} not found.
C:\Users\Genya\AppData\Local\{77567A90-8B1E-4B1D-A9A3-733C9C2EF37D} not found.
C:\Users\Genya\AppData\Local\{01578FDB-15FF-43A8-AC11-C3A344B744E4} not found.
C:\Users\Genya\AppData\Local\{4119AC00-A66A-48A9-8960-A8C6939EEF36} not found.
C:\Users\Genya\AppData\Local\{3E2897AA-F12E-4BB6-9360-F98743C49F4F} not found.
C:\Users\Genya\AppData\Local\{C83D78D2-A295-4526-945B-E129E08774D7} not found.
C:\Users\Genya\AppData\Local\{A812E180-5589-49E5-837C-95DA95228F90} not found.
C:\Users\Genya\AppData\Local\{EE7FC3D3-8780-4890-B242-B4DB30D23BF8} not found.
C:\Users\Genya\AppData\Local\{C8B4E49C-DDE2-4288-A56B-B916CEAA3118} not found.
C:\Users\Genya\AppData\Local\{081E0F2F-62C3-45E9-B6F2-26FFFC5BB502} not found.
C:\Users\Genya\AppData\Local\{08D07A27-DD57-4898-975C-9C99EE783EC2} not found.
C:\Users\Genya\AppData\Local\{3CF1B1DF-3C7C-4749-AB26-65CEBEA0B17F} not found.
C:\Users\Genya\AppData\Local\{045FCC81-6515-482D-9BE3-BD1E346C149A} not found.
C:\Users\Genya\AppData\Local\{F6A6F330-561F-4723-9C99-5039820D3D51} not found.
C:\Users\Genya\AppData\Local\{213F1748-54FF-48AC-8ED9-2438FCF7AD5A} not found.
C:\Users\Genya\AppData\Local\{097946F5-4918-4849-9D83-1CDBB7FAB436} moved successfully.
C:\Users\Genya\AppData\Local\{7173F98A-63F5-47F7-A0DC-C43936CC3CF7} moved successfully.
C:\Users\Genya\AppData\Local\{2EB9D751-E2CE-48E8-AF29-0B2FC387FE98} moved successfully.
C:\Users\Genya\AppData\Local\{15DCE144-5249-421F-AD55-C0A844765D85} moved successfully.
C:\Users\Genya\AppData\Local\{76CCAD8A-CEFE-44F5-8A02-36F8E403F722} moved successfully.
C:\Users\Genya\AppData\Local\{532BC7DD-52F9-4FBC-AEDB-AAE86B1ADC42} moved successfully.
C:\Users\Genya\AppData\Local\{60F2856B-7A87-4AB8-9ECA-E2928B5BE425} moved successfully.
C:\Users\Genya\AppData\Local\{CDBA2195-A11F-4CDE-9D3D-5D5EAE6EADCF} moved successfully.
C:\Users\Genya\AppData\Local\{D99B1E32-E702-4940-960C-EB96F87E68A7} moved successfully.
C:\Users\Genya\AppData\Local\{D36E9538-33EF-455A-80EF-582336213EFE} moved successfully.
C:\Users\Genya\AppData\Local\{6A816350-4FCB-40FD-9053-415C3792C4CA} moved successfully.
C:\Users\Genya\AppData\Local\{0520D872-8DD8-4530-81B5-E5678B48F68D} moved successfully.
C:\Users\Genya\AppData\Local\{EC0CF88F-6D1F-4E19-9E65-AC42DE626B53} moved successfully.
C:\Users\Genya\AppData\Local\{4ACC296F-B631-4F7C-AE01-A4EF104197BB} moved successfully.
C:\Users\Genya\AppData\Local\{F70297E2-B39C-4C10-A7FC-026F1644A052} moved successfully.
C:\Users\Genya\AppData\Local\{BE01E507-9021-42EC-9735-FBF49AB3509F} moved successfully.
C:\Users\Genya\AppData\Local\{76C96972-EEEB-45F3-8BB3-9258418E00AE} moved successfully.
C:\Users\Genya\AppData\Local\{A23F7B50-C404-45FF-A5E1-E7147C4E5CB4} moved successfully.
C:\Users\Genya\AppData\Local\{81250AD4-5105-46A9-877A-A69795F545C4} moved successfully.
C:\Users\Genya\AppData\Local\{0865CCA2-B533-4564-B215-0EB225B0FCD1} moved successfully.
C:\Users\Genya\AppData\Local\{F2481FDA-A368-4723-9D98-39C925767461} moved successfully.
C:\Users\Genya\AppData\Local\{3B8A1F92-A9FD-41B3-A65C-8203B1FD5723} moved successfully.
C:\Users\Genya\AppData\Local\{DB985B92-E9FB-4475-B457-9EDC8C61B5D1} moved successfully.
C:\Users\Genya\AppData\Local\{36A189F3-9D08-4F4D-A1FD-E498E1C1CC6C} moved successfully.
C:\Users\Genya\AppData\Local\{75D99C73-8064-404C-8B6D-A9DEE5B188D0} moved successfully.
C:\Users\Genya\AppData\Local\{304782D6-0167-4ED3-BC6C-872522287FD0} moved successfully.
C:\Users\Genya\AppData\Local\{D860C6A2-A9B5-4C79-AF98-F83FF7316E3F} moved successfully.
C:\Users\Genya\AppData\Local\{B7633B95-A4B7-4149-A49D-411A1C0BB3FF} moved successfully.
C:\Users\Genya\AppData\Local\{81720DD6-7CF1-42E3-8A52-0BC41AFA18EA} moved successfully.
C:\Users\Genya\AppData\Local\{968CFBD1-7093-4C7D-ACF8-2CFF04438682} moved successfully.
C:\Users\Genya\AppData\Local\{8B20FD3D-50CE-440C-BFD6-31A742A63624} moved successfully.
C:\Users\Genya\AppData\Local\{745EB086-DD2F-4F06-9AEE-7C1ADFADCA15} moved successfully.
C:\Users\Genya\AppData\Local\{6B4B9BC3-8850-4E03-8158-462BA6067932} moved successfully.
C:\Users\Genya\AppData\Local\{F97FAF0C-E833-40D5-9315-94F46E615A4F} moved successfully.
C:\Users\Genya\AppData\Local\{098E3202-A7E6-4562-8190-0629DC4DCCDF} moved successfully.
C:\Users\Genya\AppData\Local\{38D6D6C0-2441-4E40-ABA8-095CDE638A70} moved successfully.
C:\Users\Genya\AppData\Local\{BBF7514D-40A5-400C-836D-FAA940900082} moved successfully.
C:\Users\Genya\AppData\Local\{6D6743CE-78D2-4046-97DF-6651EAB8A6FD} moved successfully.
C:\Users\Genya\AppData\Local\{DBA45979-C815-43EF-90AF-D56C29E91C46} moved successfully.
C:\Users\Genya\AppData\Local\{A930C5D8-D475-46C9-AC0B-CD3037FCCE22} moved successfully.
C:\Users\Genya\AppData\Local\{3F12EC11-8EA2-47AE-8A74-343ED08FCE93} moved successfully.
C:\Users\Genya\AppData\Local\{B4311B52-08C3-4260-B8BA-855B153FD365} moved successfully.
C:\Users\Genya\AppData\Local\{793F3E73-D00B-480C-BBAB-663D9389FA51} moved successfully.
C:\Users\Genya\AppData\Local\{56E12F23-C266-41B4-A1A8-A109BB6E0AEF} moved successfully.
C:\Users\Genya\AppData\Local\{242BE82B-AFDA-4792-B37B-C077006C4170} moved successfully.
C:\Users\Genya\AppData\Local\{329F9982-07A0-495B-9554-0BD0F6144389} moved successfully.
C:\Users\Genya\AppData\Local\{117EC77A-9A71-4959-9B39-E2B78E08D061} moved successfully.
C:\Users\Genya\AppData\Local\{4809F94E-2DB0-432D-918E-FF10DE27379B} moved successfully.
C:\Users\Genya\AppData\Local\{110A0B0C-31CA-4EC2-A610-3DF3E5A00414} moved successfully.
C:\Users\Genya\AppData\Local\{B3FE016E-53C7-4CE8-96F6-E8C37F2C7B22} moved successfully.
C:\Users\Genya\AppData\Local\{D509CAF2-8282-438C-8E9F-5B456A133670} moved successfully.
C:\Users\Genya\AppData\Local\{18606420-0B60-46C5-9F8D-BB5FA74E3ABB} moved successfully.
C:\Users\Genya\AppData\Local\{FA4DC6D7-F8C4-409F-B795-E35AC01D17E8} moved successfully.
C:\Users\Genya\AppData\Local\{13244952-091F-46B9-8CEF-E964EEEE2454} moved successfully.
C:\Users\Genya\AppData\Local\{AEA625C7-E488-4840-9893-8F4135DD48D0} moved successfully.
C:\Users\Genya\AppData\Local\{60B9E13A-F70D-417E-BCCA-63B1D02A439B} moved successfully.
C:\Users\Genya\AppData\Local\{BFA25176-24FF-43E0-A523-2206421CEC6B} moved successfully.
C:\Users\Genya\AppData\Local\{C09CA107-615D-4135-9545-776ACFB4637C} moved successfully.
C:\Users\Genya\AppData\Local\{ACD5FC81-91C5-4472-8011-AE9EF05FB5EE} moved successfully.
C:\Users\Genya\AppData\Local\{A441145C-3DA3-47DF-9742-EF52EEDE1DD4} moved successfully.
C:\Users\Genya\AppData\Local\{3163A077-11FE-422F-BBA3-FFC1B1343789} moved successfully.
C:\Users\Genya\AppData\Local\{2642B4E7-E7CD-41DC-9C56-CE029B89ACA3} moved successfully.
C:\Users\Genya\AppData\Local\{4743C8A8-56D8-4529-8FE2-0D683D413F0C} moved successfully.
C:\Users\Genya\AppData\Local\{10E5D914-725F-4C27-AF62-00A70138B01A} moved successfully.
C:\Users\Genya\AppData\Local\{7A2C85B7-F2FC-48A8-B5DC-9BFD56FA4713} moved successfully.
C:\Users\Genya\AppData\Local\{63322CBD-1016-4DC5-8688-35E6ADE763AB} moved successfully.
C:\Users\Genya\AppData\Local\{ED1D8E3B-8D5D-4BF0-9C60-321E69A7C686} moved successfully.
C:\Users\Genya\AppData\Local\{681937F5-1E28-4A1D-A247-852A79E60F66} moved successfully.
C:\Users\Genya\AppData\Local\{58632B96-374E-4D72-B43D-FE049715E30C} moved successfully.
C:\Users\Genya\AppData\Local\{304F36E5-B1E7-4CB6-98CF-60201F231EC0} moved successfully.
C:\Users\Genya\AppData\Local\{EA5377F4-F168-4C0C-874F-6B63DB160AA2} moved successfully.
C:\Users\Genya\AppData\Local\{A144D7F9-453B-4D7D-8E7F-1C9DA844897D} moved successfully.
C:\Users\Genya\AppData\Local\{77D566DC-0739-4EEE-81EE-B14B6FCE8AC9} moved successfully.
C:\Users\Genya\AppData\Local\{A03DACD5-B221-415F-9C72-7137DA18F0CA} moved successfully.
C:\Users\Genya\AppData\Local\{F330D0E3-A960-4EAD-9239-9D26E1F7F332} moved successfully.
C:\Users\Genya\AppData\Local\{930ABFE6-999F-403D-BBD1-5CF5D9A32508} moved successfully.
C:\Users\Genya\AppData\Local\{ACF877D0-872C-4E84-9D42-634F4D6AF6BF} moved successfully.
C:\Users\Genya\AppData\Local\{9641F72F-AA10-4A45-8BEB-824B0841EB14} moved successfully.
C:\Users\Genya\AppData\Local\{706D2FDC-29D5-4C34-9180-21EF7CF39D90} moved successfully.
C:\Users\Genya\AppData\Local\{A31C6CE2-6DB4-4C0D-B918-8F3FB9F06810} moved successfully.
C:\Users\Genya\AppData\Local\{AB511285-72FF-4DDB-B0F8-9F859376AC79} moved successfully.
C:\Users\Genya\AppData\Local\{24708E28-ADB0-4149-A568-D564D24127C2} moved successfully.
C:\Users\Genya\AppData\Local\{357D51B4-5326-4776-9524-FD13EFED7526} moved successfully.
C:\Users\Genya\AppData\Local\{0F7C5FFE-3361-4687-9C14-66F891A1C5FD} moved successfully.
C:\Users\Genya\AppData\Local\{152F186B-FEEA-4792-A212-25732F29BA89} moved successfully.
C:\Users\Genya\AppData\Local\{626EF7F6-C088-4B4C-B284-134221AEF9AC} moved successfully.
C:\Users\Genya\AppData\Local\{E5EB5CAB-90C3-40A7-9AF6-E7C1C7F44789} moved successfully.
C:\Users\Genya\AppData\Local\{90AF4437-EF6F-46EB-91A6-96D2BFE54DCC} moved successfully.
C:\Users\Genya\AppData\Local\{B4989306-E997-4D08-BEC9-FFF637F2F3AA} moved successfully.
C:\Users\Genya\AppData\Local\{5A7D84D6-EF22-451E-99F2-9DFE2A3A012B} moved successfully.
C:\Users\Genya\AppData\Local\{D63E18E9-F946-4417-B27E-4E7AAB590704} moved successfully.
C:\Users\Genya\AppData\Local\{79488088-CF8D-4F8A-AE1D-BF24B1C4ACDD} moved successfully.
C:\Users\Genya\AppData\Local\{B48047FC-76E2-4296-B5BA-E6F799290B9E} moved successfully.
C:\Users\Genya\AppData\Local\{183E2F51-0D31-42BC-A190-7F36EA34CDFB} moved successfully.
C:\Users\Genya\AppData\Local\{34C2D654-8B4E-43C4-8733-9C8A3726A218} moved successfully.
C:\Users\Genya\AppData\Local\{9494B7BD-EB51-426D-B1FD-AAF8824C88B7} moved successfully.
C:\Users\Genya\AppData\Local\{40FD835F-DBC6-4B24-8A3C-1808E5B6C3C7} moved successfully.
C:\Users\Genya\AppData\Local\{2FDC559D-069D-44A0-A4E0-2AD8DAEA0DCA} moved successfully.
C:\Users\Genya\AppData\Local\{950270BD-9E7F-4DEB-AA45-C7BAC6CE65EE} moved successfully.
C:\Users\Genya\AppData\Local\{822D6A75-C475-4040-8BA2-D2FA8B44F5ED} moved successfully.
C:\Users\Genya\AppData\Local\{5CF3E50F-B160-4B95-9BD8-3D69A832D7B2} moved successfully.
C:\Users\Genya\AppData\Local\{A576FAB4-F174-492D-A350-8039EE3B0212} moved successfully.
C:\Users\Genya\AppData\Local\{0ACD77B7-7C7E-4008-A127-7A65CFF818B4} moved successfully.
C:\Users\Genya\AppData\Local\{7F585A08-A329-4F2D-B040-AC53A3FBCDA1} moved successfully.
C:\Users\Genya\AppData\Local\{FE58BA73-9311-4AB4-8184-A070090F36ED} moved successfully.
C:\Users\Genya\AppData\Local\{ABCF40F3-0C2A-4E8E-B6BB-E937F7C9D74A} moved successfully.
C:\Users\Genya\AppData\Local\{2510CC83-5766-4A54-AFF1-EBCA844BFB33} moved successfully.
C:\Users\Genya\AppData\Local\{D00EDC9A-C061-49D3-B646-BD2A80FA865A} moved successfully.
C:\Users\Genya\AppData\Local\{38D00E04-9FD9-46F6-91E9-25155EE07DE0} moved successfully.
C:\Users\Genya\AppData\Local\{561FC138-1AB5-49E9-BED3-BA482C4EB9CC} moved successfully.
C:\Users\Genya\AppData\Local\{13C48BE3-8537-4DCA-A5B4-AC8507E7F569} moved successfully.
C:\Users\Genya\AppData\Local\{E2D0663A-FA9E-4A81-BE54-1A14ED08BD6A} moved successfully.
C:\Users\Genya\AppData\Local\{01EB7D35-7CA0-4489-BA94-7339B42EBD0A} moved successfully.
C:\Users\Genya\AppData\Local\{E259BF7D-1B82-4847-9689-FE73B9F94C29} moved successfully.
C:\Users\Genya\AppData\Local\{322CFD47-B0EA-47EE-B0B3-E5E1C593B934} moved successfully.
C:\Users\Genya\AppData\Local\{A925BDA4-523D-40AE-8D83-21852F2502FD} moved successfully.
C:\Users\Genya\AppData\Local\{3539F57B-0BA0-41C9-8B7F-DFD23BE98FAA} moved successfully.
C:\Users\Genya\AppData\Local\{E79E9D48-3A4E-49B3-8E4E-3B716D7B7F1F} moved successfully.
C:\Users\Genya\AppData\Local\{D277B47C-789F-4B16-8E64-2A52826F5700} moved successfully.
C:\Users\Genya\AppData\Local\{C214F34E-4605-4D47-8E73-516A155B8499} moved successfully.
C:\Users\Genya\AppData\Local\{4547EE21-23B0-41D1-933A-D983906BD324} moved successfully.
C:\Users\Genya\AppData\Local\{E5C57A74-A71E-40C6-AEEA-057C8BBDB6C7} moved successfully.
C:\Users\Genya\AppData\Local\{371E7027-980A-422D-BC73-B42233D21DFB} moved successfully.
C:\Users\Genya\AppData\Local\{A505DB31-8EA6-46C1-9960-A5D0218E1164} moved successfully.
C:\Users\Genya\AppData\Local\{E7B8BC79-0E8B-4771-A832-00703D4B2E05} moved successfully.
C:\Users\Genya\AppData\Local\{2AA54973-CBCD-41F8-B19E-92FEACE1E2EE} moved successfully.
C:\Users\Genya\AppData\Local\{B0926FF1-0C33-4852-9FCD-DB9F009899A3} moved successfully.
C:\Users\Genya\AppData\Local\{6E73ABDA-C374-4324-8ECC-F11BE9CE1559} moved successfully.
C:\Users\Genya\AppData\Local\{FB1B3EB2-BB27-400E-8EBA-AB1137028AF1} moved successfully.
C:\Users\Genya\AppData\Local\{6FF94D11-9DC1-4BE6-BFFA-8C284AE2A12D} moved successfully.
C:\Users\Genya\AppData\Local\{465639F6-53E0-449F-9FC2-8ADE9E2CDBE7} moved successfully.
C:\Users\Genya\AppData\Local\{8F2D78E0-9467-44B2-AFA3-8B83C57FC9A3} moved successfully.
C:\Users\Genya\AppData\Local\{B902FE03-AAEA-47B2-A002-7BC079222EF4} moved successfully.
C:\Users\Genya\AppData\Local\{A5F8622B-6636-4D76-8E20-52045C56AA54} moved successfully.
C:\Users\Genya\AppData\Local\{75622E7F-B51B-41F5-9319-21F7B73C19A9} moved successfully.
C:\Users\Genya\AppData\Local\{C21EB542-CCE5-4405-B962-D51CCF5D8502} moved successfully.
C:\Users\Genya\AppData\Local\{CE62EE4C-E485-4667-A651-3BFE7EC75BE0} moved successfully.
C:\Users\Genya\AppData\Local\{2FD251D0-6A71-4F05-8BAB-E1CEB291F346} moved successfully.
C:\Users\Genya\AppData\Local\{A12A8DE3-9FDA-4865-83BC-D3BBEA165CE3} moved successfully.
C:\Users\Genya\AppData\Local\{B71E0C7B-C55F-47D2-9323-921CA274CBC5} moved successfully.
C:\Users\Genya\AppData\Local\{EBC1F120-3063-4551-84C9-AD1D73BDFC2F} moved successfully.
C:\Users\Genya\AppData\Local\{E1327FA7-FF25-4436-99BA-7BA9E6201D8A} moved successfully.
C:\Users\Genya\AppData\Local\{70693862-A175-48C0-ADD3-C34B15C999A4} moved successfully.
C:\Users\Genya\AppData\Local\{A683A595-E8B7-49E7-91F1-86D9364B9679} moved successfully.
C:\Users\Genya\AppData\Local\{A2A4B092-BD08-4132-B19B-807C4FD024EA} moved successfully.
C:\Users\Genya\AppData\Local\{A404AEBA-1A2F-4C48-A6E3-3FD5F1ED113C} moved successfully.
C:\Users\Genya\AppData\Local\{6644D8B8-A8F9-4A9D-89C9-1BB7506E9B84} moved successfully.
C:\Users\Genya\AppData\Local\{73BDC23B-EDC0-42E2-9C67-C9691D750A51} moved successfully.
C:\Users\Genya\AppData\Local\{D97CC564-5FD3-4CB7-A5C2-66369A6DAEFA} moved successfully.
C:\Users\Genya\AppData\Local\{9A4FE8D4-B431-4F45-8D1C-56E97EDDE808} moved successfully.
C:\Users\Genya\AppData\Local\{0569700C-8A8D-49C0-9DC4-9874DCC20C3C} moved successfully.
C:\Users\Genya\AppData\Local\{98DFC1C5-B72C-43C0-A780-90B06781CC59} moved successfully.
C:\Users\Genya\AppData\Local\{3887ABEC-A668-4CFF-B0BA-133952BE7A30} moved successfully.
C:\Users\Genya\AppData\Local\{AEA4C3BA-F3BF-49FB-9B21-437CE2F06FB6} moved successfully.
C:\Users\Genya\AppData\Local\{E61315FE-0BF5-4646-87A1-F97943403ADF} moved successfully.
C:\Users\Genya\AppData\Local\{FA8E05DA-3130-4E16-B2F1-250E0052D31B} moved successfully.
C:\Users\Genya\AppData\Local\{D1753A6D-643D-4A84-9987-1E3E0EFFE4FE} moved successfully.
C:\Users\Genya\AppData\Local\{B924A113-C576-4E37-A594-8BA34F7E1D74} moved successfully.
C:\Users\Genya\AppData\Local\{3B24BD43-9AE9-49FA-B55F-01A197E4E3BF} moved successfully.
C:\Users\Genya\AppData\Local\{865D0B4A-3126-4FA0-99DC-73551BB8257A} moved successfully.
C:\Users\Genya\AppData\Local\{6F25254E-5A44-4FF1-8736-BE658870FE69} moved successfully.
C:\Users\Genya\AppData\Local\{62ACA383-2B13-4825-986A-D6949E761275} moved successfully.
C:\Users\Genya\AppData\Local\{0661C1F7-0694-4C69-810E-36E4DF653154} moved successfully.
C:\Users\Genya\AppData\Local\{9EAB2DA2-C47F-4558-B088-D34C6720786A} moved successfully.
C:\Users\Genya\AppData\Local\{3C178028-8FCA-4CE3-8350-6B4670CD04D0} moved successfully.
C:\Users\Genya\AppData\Local\{7956D7D6-875C-4433-AF0D-D0188B63C3F3} moved successfully.
C:\Users\Genya\AppData\Local\{19010566-629F-4F39-94A2-6EE21E89C995} moved successfully.
C:\Users\Genya\AppData\Local\YqOuMIXVUptb moved successfully.
C:\Users\Genya\AppData\Local\{A3127E14-3A68-4BA6-939A-AD4F624AB52F} moved successfully.
C:\Users\Genya\AppData\Local\{1E1607F8-776E-4218-B95E-4026A7AA4E39} moved successfully.
C:\Users\Genya\AppData\Local\{A6ADAAD5-07E8-4213-9B29-2314C52ECB8C} moved successfully.
C:\Users\Genya\AppData\Local\{7EF9C97B-4F97-4CCB-9D65-C1DEDA0ABA4F} moved successfully.
C:\Users\Genya\AppData\Local\{09D1955B-EC41-4FFF-9F5C-604471ABCA8C} moved successfully.
C:\Users\Genya\AppData\Local\{ECCC5E79-468D-4713-8CB6-18D9B97468BA} moved successfully.
C:\Users\Genya\AppData\Local\{6A64AD5F-24DE-4247-A222-8A044CEFB48B} moved successfully.
C:\Users\Genya\AppData\Local\{83E0B104-9978-4A85-AAF6-5A1E83BAE7D0} moved successfully.
C:\Users\Genya\AppData\Local\{0BCF814A-41A4-4210-86B1-150A689ADE62} moved successfully.
C:\Users\Genya\AppData\Local\{E7DF2A0B-B5B2-4279-9F67-915859FA63E8} moved successfully.
C:\Users\Genya\AppData\Local\{E49B34D2-93A6-4813-BB20-07AC5447AC0D} moved successfully.
C:\Users\Genya\AppData\Local\{DBBC3270-E1C3-411B-8D1F-49F5860B8EE5} moved successfully.
C:\Users\Genya\AppData\Local\{18AB16C6-F4D8-4CA1-B70F-C4FAA12E9F41} moved successfully.
C:\Users\Genya\AppData\Local\{7031F01D-6A31-4295-B5B7-D902E6A87B74} moved successfully.
C:\Users\Genya\AppData\Local\{B08344C3-6260-4D50-8370-078529FA650F} moved successfully.
C:\Users\Genya\AppData\Local\{04477F5D-9CA1-4DC1-9062-28A014AC7932} moved successfully.
C:\Users\Genya\AppData\Local\{CCEE54A5-2AA4-4B3E-B7CE-87FD8EEAD118} moved successfully.
C:\Users\Genya\AppData\Local\{8D869122-1876-4BB1-A6FF-CCEA5E7FBAC8} moved successfully.
c:\windows\SysWOW64\user32.dll moved successfully.
c:\windows\ERDNT\cache86\user32.dll copied successfully to c:\windows\SysWOW64\user32.dll

========= dir /a C:\Users\Genya\AppData\Roaming\Skype =========

Volume in drive C has no label.
Volume Serial Number is 3490-2D87

Directory of C:\Users\Genya\AppData\Roaming\Skype

05/12/2012 04:22 PM <DIR> .
05/12/2012 04:22 PM <DIR> ..
07/28/2011 04:14 AM <DIR> Content
05/12/2012 04:22 PM <DIR> genyaalucard
07/28/2011 04:13 AM <DIR> My Skype Received Files
11/14/2011 01:07 AM <DIR> Pictures
07/28/2011 04:13 AM 0 shared.lck
05/12/2012 03:50 PM 63,931 shared.xml
05/05/2012 03:33 AM <DIR> shared_dynco
05/05/2012 03:33 AM <DIR> shared_httpfe
10/04/2011 06:15 AM 1,544 temp-0200Lc2AgCMOTFmnsvjIpi62
03/11/2012 02:00 AM 1,544 temp-0IYEEheRTxhqIcLfZBREJi3S
12/26/2011 01:10 PM 1,544 temp-0l4oKKKgyfi5RwTp7IqvZoFq
02/27/2012 12:25 AM 1,544 temp-0SK6Qu0Gt4pdE1hbUdNwfTfK
11/07/2011 01:51 AM 1,544 temp-15sBvvn5IgiFBtBxUIRNfEz1
12/16/2011 05:23 AM 1,544 temp-1AVw2rEVIO2fXH5VF1Ybx4d6
09/01/2011 03:53 PM 1,544 temp-1E6apkyVuGvlBnrT7sY4hDTF
01/23/2012 02:00 AM 1,544 temp-1en7TdbwJtsSyeaeSY2wJeLt
09/06/2011 03:10 AM 1,544 temp-1HoSc2XbNXPQQdUCMZ9ngjqQ
08/01/2011 05:35 PM 7,168 temp-1intzNfM3Zeq6OtmKbkhlyIP
04/23/2012 11:07 PM 1,544 temp-1JRxoMW2L2eZz7c02Hlfnv8K
02/12/2012 07:05 AM 1,544 temp-2KnqR4CZJ7HsCxonmZ4bi0Za
05/12/2012 01:07 PM 1,544 temp-2kS6EYRirC5d1aI5ObK1tyc2
09/22/2011 09:51 PM 1,544 temp-2SvPH61IebbZYasu7kAVivMD
03/04/2012 11:26 PM 7,168 temp-2zgWeHYxfbbA11YxuWRGHCxH
09/11/2011 10:07 AM 1,544 temp-35ye3UwC1QQldhewR5wfK8td
01/07/2012 04:25 AM 1,544 temp-3DfrZHXuBJV9TvmlFfyoMkwK
10/02/2011 01:23 AM 1,544 temp-3GcMzXx3G5tp0ctHsKJtOFv2
12/03/2011 02:59 AM 1,544 temp-3tXQMmZyb52rzidemLNC76df
03/16/2012 04:01 AM 1,544 temp-3vQkgZumM0Ekl5I7aTQvckSP
08/03/2011 01:07 AM 1,544 temp-4oqs0D9530gjejnZFrf3Joao
09/27/2011 10:26 PM 1,544 temp-59q0uCVCcibelPFIrHRuL54W
12/19/2011 02:01 AM 1,544 temp-5aqmE8xwnv7SIpkeuknXk1in
04/03/2012 11:55 PM 1,544 temp-5GOtAHTMTLGeE0Ze9jMSKRn1
11/09/2011 06:12 AM 1,544 temp-6NIh4nrKIYbbNigVjEq5uehc
03/04/2012 08:49 AM 1,544 temp-6s1hDj8kTlutoluhPXjHYjpD
01/04/2012 01:29 PM 1,544 temp-74woNE2twsSX68nePjD3DDXm
02/26/2012 09:11 AM 1,544 temp-7hpaB1oZBvacrK3alrh82EwH
08/22/2011 05:30 AM 1,544 temp-7L4AAVnTxQSO0N8d3Tfjpqyl
01/04/2012 01:29 PM 7,168 temp-7oj4DPzdgJFb7e7co4w5idR8
03/29/2012 05:20 PM 1,544 temp-7p1Wc15igZ1cCgASa7JmVyna
08/07/2011 01:21 AM 1,544 temp-86EQLVKM8MYXnOxdjTD1YzRl
03/22/2012 08:47 AM 1,544 temp-8am5UpwoDuE5fvHFioK4aCNz
11/03/2011 12:00 AM 1,544 temp-8bqFDJe1IB6EHEWRXVvyBQMS
01/30/2012 12:56 AM 1,544 temp-8hftf1ckgZoP1kQjAsgNTnnX
03/20/2012 12:35 AM 1,544 temp-9DcAe13Wpw0MsZbyPq8fVU6o
10/14/2011 11:54 PM 1,544 temp-9rgBLzP6PMTOk6hhrPBjBERj
03/15/2012 12:51 AM 1,544 temp-9S80tDEqdWZqrwRpHJ1ogmK2
11/28/2011 01:09 AM 1,544 temp-a3RSN61U3RCEZYhK3RUpeQch
08/24/2011 11:48 PM 1,544 temp-aAFJKO2tAgtCvAWyxFMoe6QD
02/18/2012 01:20 AM 1,544 temp-Aipkr2exosZTTYiZmU9AvOXk
01/23/2012 07:32 AM 7,168 temp-aJSYuiqOypdC9d5nGlhvfbgn
02/05/2012 01:57 AM 1,544 temp-aPfiTW0X8CKilEIrjm36qmhc
02/17/2012 02:43 AM 1,544 temp-AqgnHxyXmqKRJCRpSx7wli1e
09/07/2011 12:00 AM 1,544 temp-aSaZWE4ZgVecwgTaa20uwDA0
08/01/2011 02:49 AM 1,544 temp-b31UXBXn6n7AVF0jvbM6ZPSX
09/23/2011 09:22 PM 1,544 temp-b3i00rndqtvDJru8NFuRvI8W
09/03/2011 03:57 AM 1,544 temp-b3UsvGRaGoqo6MgXGDMBpave
11/15/2011 04:26 AM 1,544 temp-bgNDGRwo1wT7uR1eC8x09Pfh
04/18/2012 11:07 PM 1,544 temp-bgUOYTc8bhf65YyM2GyOIkxA
04/09/2012 04:19 AM 1,544 temp-bsqsk8ZwxEQV4K5g61MHUueE
03/18/2012 03:05 AM 1,544 temp-bUswdrUyXs6UQuxDgNhtW0PV
02/19/2012 04:31 AM 1,544 temp-BvhhtEJqYDwkFhAGmAKymBCD
01/04/2012 02:05 AM 1,544 temp-bvjoiDNS72xphbEBCRpkDLo2
05/12/2012 11:38 AM 1,544 temp-c0Auf2zfkR18DdLKevOTfDTX
12/02/2011 12:16 AM 1,544 temp-C0cccm8bqihh8V4BDQ9HTQm7
04/28/2012 02:33 AM 1,544 temp-c40HRCgKZSAl9NDW59qxrvRg
11/12/2011 03:03 AM 1,544 temp-c8ffsM4MJhwlfcJJkYRjoRir
12/10/2011 03:21 AM 1,544 temp-Cc0f72qzuC7cdYQUQKvuKEUl
04/11/2012 11:33 PM 1,544 temp-CernxqhYUMuYWrBaDoqqGx99
05/04/2012 03:50 AM 1,544 temp-cf1GayxDILlSTlknfcTLrQen
08/28/2011 01:48 AM 1,544 temp-cFxzeoVjwwrsGTfvfAlUIbZZ
04/30/2012 11:51 PM 1,544 temp-cHfNl2XGEr5ifXkbHbZKVXO1
09/26/2011 11:03 PM 1,544 temp-cLkiwdaeftmXZQO1r9Pbhxf8
10/14/2011 05:36 AM 1,544 temp-cn9gqsY0ddL9v0sAtORqyYcy
05/12/2012 11:10 AM 1,544 temp-CpHbuQdgFEskdW6fl1ozuHlf
01/22/2012 05:43 PM 1,544 temp-CQfG3u0ZkNGz8B07vMIe1mnx
04/02/2012 12:43 AM 1,544 temp-CRCc26pdgjYYeepTV8KH71MK
03/31/2012 01:49 AM 1,544 temp-cRut6G8tU8qa7vqhI9XWdLLW
02/05/2012 09:31 PM 1,544 temp-CXkCAaI9DxnejF1t3CzEp8fU
01/19/2012 10:30 AM 1,544 temp-D02kf1DRwcN4euqoncmNCrDC
02/04/2012 03:36 AM 1,544 temp-d7XYfLOEcxyLetWgk9YVscap
04/06/2012 08:55 AM 1,544 temp-dd7qhzWhIdEzrLoRbbArazDx
12/13/2011 12:17 AM 1,544 temp-dfxndVRcdqRhfWTtb0bEbXqe
01/13/2012 01:02 AM 1,544 temp-dgXbCBHEDpksqYaagw9Duk77
09/10/2011 03:43 AM 1,544 temp-dobvQdyOpSa97LCgmuESBcAu
05/09/2012 01:19 AM 1,544 temp-dXSAPgbFbMhJNQzlhWjECeuS
11/17/2011 01:09 AM 1,544 temp-e4zW8hLdsMprUaGScmHHqEMp
02/18/2012 10:40 AM 1,544 temp-E7YnUdQOcdLRpjiGCEwDMTAQ
08/05/2011 12:58 PM 1,544 temp-eA2V1OetYeeGdj8VtdW5OHXe
10/08/2011 03:34 AM 1,544 temp-Ebmf7eAEmfjNN10qyn42dj9c
03/07/2012 01:44 AM 1,544 temp-Ecylpcp2e8QXbTbeCcV8XhXR
03/30/2012 03:10 AM 1,544 temp-EE681mwxse8UAUG0Fa0Ppsvb
11/02/2011 02:02 PM 1,544 temp-eEJGf6tzaqEoFlBR4cfOF5nJ
09/25/2011 11:33 PM 1,544 temp-ehFNSqEjL699VykBe4dO4p2T
09/16/2011 01:29 AM 1,544 temp-ekeki0qY6Jv6OaDD2SxO6qDX
10/05/2011 11:56 PM 1,544 temp-EkpiiymqeSYlyhLoQ9dCyKxc
04/21/2012 10:12 PM 1,544 temp-EqGyE9DSkajzekVoG2yKVrnU
01/21/2012 12:50 AM 1,544 temp-eTGphaOl8or3lbRBex1Pnd0V
09/23/2011 07:54 AM 1,544 temp-eV1YJ0ozOWKNtzwlSQ3ZmDSM
10/01/2011 12:28 AM 1,544 temp-eVzLdUsSeIBMFskkx96kvMiN
01/29/2012 04:15 AM 1,544 temp-exg3pbCmcD7yQYMfDmiLWGdq
07/28/2011 04:35 AM 1,544 temp-EZvJfvMdxUJScE4ejIlJ3bJb
01/01/2012 01:00 AM 1,544 temp-ezYLNbJI2qMpZ00UBsi0Mr6U
07/31/2011 05:18 AM 1,544 temp-F0fm4yL4gopR4WEFmJRRdVAE
01/04/2012 01:18 PM 7,168 temp-FbKfrPbLEWdZZ9X0tlidp9w1
10/18/2011 11:10 PM 1,544 temp-Fc9er9wOIFmeUW7wDJ6cwY4H
02/01/2012 12:37 AM 1,544 temp-FdwbE3znUwAVPgnziNtjfYwN
05/12/2012 01:07 PM 7,168 temp-fGrDoumcjdGzSTTocugQldAD
02/25/2012 03:26 AM 1,544 temp-FgxthalSIFxA6ApJy8CJLSuH
11/10/2011 02:57 AM 1,544 temp-FhQtjMMTpa9Zk26xWDxb765E
11/11/2011 02:56 AM 1,544 temp-fip7gjr5jGvcWYrANXVW1Vgg
09/15/2011 10:42 AM 1,544 temp-FixfDK7Cwpims69XicrHUdDP
04/05/2012 12:01 AM 1,544 temp-fktUwO48viPyd43QG7nNm2FS
10/08/2011 11:40 PM 1,544 temp-fMnA7mu8YkQ2NGem6aNj8vqU
10/16/2011 01:35 AM 1,544 temp-FrCHMy4yUyYhyEbCpgqzQMcR
12/22/2011 01:03 AM 1,544 temp-FtpPps4RSi1ub7Axc0d0yldX
01/04/2012 02:10 PM 1,544 temp-fUAbNS5PRGP2gvokFeEXE618
02/20/2012 11:39 PM 1,544 temp-FV8zR6WXj5RKi1pjYFImSxT2
12/01/2011 12:37 AM 1,544 temp-fVzEFYP6heObLw8xrMGv9HWc
11/15/2011 11:21 PM 1,544 temp-FX2yp9QkZdWWJNl2clWmqmeb
12/08/2011 12:56 AM 1,544 temp-fYklzCP3F3IPv4WR8zmdAcRC
12/05/2011 12:25 AM 1,544 temp-G82QK7QooAD7KTGN2AQqzvtS
08/29/2011 02:11 AM 1,544 temp-g9asnYgQdp5FFsBWbgz4BPTd
12/04/2011 02:53 AM 1,544 temp-gjvcKDIamQgh3E0j9CgseHnT
08/08/2011 12:01 AM 1,544 temp-gkd6DJqEyUxXhmBva9JfUTue
04/14/2012 10:02 PM 1,544 temp-gPwmyKNyTPuzJMYbJMUua0Xj
05/05/2012 03:33 AM 1,544 temp-gQxv7xuIFyhqvlda9L1ZD436
03/10/2012 01:31 AM 1,544 temp-gUjMvH6b9XI0B1UooYyjhCkf
04/02/2012 11:59 PM 1,544 temp-gXDXgizJCkCLeG1L5stFyOHo
03/21/2012 03:48 AM 1,544 temp-gYffmPEaaH1eO90Qf1WJhvxF
01/30/2012 06:00 PM 1,544 temp-HbNNRkyFjPWbSmM2jJ9sxfSu
02/17/2012 09:12 AM 1,544 temp-HD2t9qsgQJp1BIHx9ocAGAbY
01/24/2012 04:22 AM 1,544 temp-hjk1UcOBo2wREfdzFbMTNmOC
12/18/2011 01:03 AM 1,544 temp-HLjofssJQVYJGhI2Hk9lpfMf
02/18/2012 10:50 AM 7,168 temp-HPVtbxpvb0ENE8eFmaehfY9y
12/27/2011 12:58 AM 1,544 temp-HqOPhnzeqvHCbFMWsnNZQttM
09/18/2011 11:50 PM 1,544 temp-Hrv3Cggd0qZGjqpfQwrHRUgp
03/05/2012 02:23 AM 1,544 temp-hTrNJPci2Uz3dW3BdyHpt2D1
04/11/2012 12:20 AM 1,544 temp-HVAdsqleZAbqBP881oO7vWVA
01/04/2012 02:05 AM 7,168 temp-HxlDtMwLXlYpF1T9fx4Lybsq
04/14/2012 12:30 AM 1,544 temp-HyoSPmadJRAnBVrZBn3g7eWJ
05/12/2012 12:06 PM 1,544 temp-I9fnQsZwX4cTJMNVSMh5082M
09/09/2011 09:40 AM 1,544 temp-i9LHAHv2Wzy2rZ5yJ98KPzsW
04/07/2012 02:25 AM 1,544 temp-IftkHz1eJxc4RymeTXsh3fyf
03/02/2012 11:19 PM 1,544 temp-IIBxVwqlP8ImDsLwkqp0C8uR
01/18/2012 10:35 AM 1,544 temp-IOjdYM7QvgBRFv5IUuQdfdlz
11/23/2011 11:20 PM 1,544 temp-iokrJXxgh5x7HTyfhu1KJYx1
10/10/2011 12:04 AM 1,544 temp-iqKrbfi66q8ms2YA7Nh5IecK
12/09/2011 02:04 AM 1,544 temp-IrnlEMU6tLODZTkQeqj1ujPo
01/03/2012 01:06 AM 1,544 temp-j0rqAopnYjOtUfg9aCi0BnaN
09/24/2011 08:13 PM 1,544 temp-j4vgfQ8M14Spc9eKSjQE7G6E
03/17/2012 02:32 AM 1,544 temp-j6T0gmuMmJC4a5rtu9SllCH7
04/08/2012 02:34 AM 1,544 temp-jhiRCltZxV8LzfVSUSEVEbZR
08/13/2011 09:56 AM 1,544 temp-jhPu67xnHz1zThUUETfVHd7Z
02/29/2012 11:00 PM 1,544 temp-JXbabJYNARky96dyCDAlfFLo
09/08/2011 06:29 PM 1,544 temp-JxgIDvTsXeJ0e1Iw2erYTqr7
01/16/2012 03:43 AM 1,544 temp-jZuuD2k0qHTbtCz4SV1xbA6C
01/15/2012 05:17 AM 1,544 temp-jZv7eTe8wlNB556RVgzUwrFd
01/20/2012 04:27 AM 1,544 temp-k5a9bmxg0fndP4tQRJocQfPe
11/27/2011 12:07 AM 1,544 temp-kiNW8AaYTDx7OLMzve2fKjx1
09/04/2011 02:38 AM 1,544 temp-KRqOop9XdbHKhfSKw3awmxcz
01/09/2012 12:37 AM 1,544 temp-ku0EpCmT6TDRAYO8NQYtePTc
03/04/2012 11:27 PM 1,544 temp-kwUTVcXxvfWaSfNlmcNiF40q
02/28/2012 09:05 PM 1,544 temp-KXaM6lsdgCvcREmoYIMNxXyg
01/17/2012 01:38 AM 1,544 temp-l9Qxvde7AhWJCM0LbenHhsKm
01/14/2012 04:57 AM 1,544 temp-LcZeh3igebutyxKpKscmnU55
09/28/2011 11:09 PM 1,544 temp-lDo7x7AVdgAnDxcAcwHT2R4B
08/05/2011 12:56 PM 1,544 temp-le4ph6Tmd77wjUIaLvSjjH2B
01/10/2012 12:24 AM 1,544 temp-LFXIvJesRvxCww6uvRxH4Twt
08/02/2011 02:32 AM 1,544 temp-LG6aaFZLmqdpXs2HsKpx9MnF
12/10/2011 06:59 PM 1,544 temp-lGKcJZM6EKomtvDEdMiwez2h
04/01/2012 01:21 AM 1,544 temp-lozIrCVbgAvwD4ruSJ1tGmYI
10/02/2011 05:21 AM 1,544 temp-lpxXncNKby38eWTiyedjmHmJ
01/06/2012 01:09 AM 1,544 temp-Lx306RfAbkZrgPFGFn6uuUDH
08/30/2011 02:14 AM 1,544 temp-m1wPWYjlerUJvilk07IEcJxy
08/26/2011 12:22 AM 1,544 temp-mcAK8j8moLql2cWuGekzxdEX
03/08/2012 10:43 AM 1,544 temp-mdChsBhBQWZBXCjCxDgVL8fr
01/27/2012 01:51 AM 1,544 temp-mgYfqe4rEKPD92v7YgEx01kH
02/07/2012 12:59 AM 1,544 temp-MHxOxXDYC3p1S6QmAZYQD1JL
09/12/2011 12:06 AM 1,544 temp-Mi81XBfAg7qKdoD0P9aDadtO
08/14/2011 10:51 PM 1,544 temp-Mj6opsKD9rX4hnk4HQO0iAhH
10/07/2011 12:48 AM 1,544 temp-mj9Gao957bvTvHaJ8g6y2WMX
03/30/2012 02:57 AM 7,168 temp-Mnf1V3PBHhwTZJeY98i3pZjP
04/15/2012 10:51 PM 1,544 temp-mQTaZg2dqSOR6YdrEhjsoRXO
02/25/2012 03:20 AM 1,544 temp-mR1szqZa3Ye9LFjuwPqEryg1
02/18/2012 10:52 AM 1,544 temp-mZ583JwFoZGikBTTxsboKFxK
11/22/2011 01:09 AM 1,544 temp-n1snLyRfVbnZCn4N3by0eHn6
03/06/2012 12:49 AM 1,544 temp-n2pe1uwn8AzZF1PANKQo7kuI
04/17/2012 11:29 PM 1,544 temp-N8smOU2xbaEXCyvaV895oZ5S
04/20/2012 10:29 PM 1,544 temp-nAaRyNNZqkvW2CfgEnRoZSUp
02/16/2012 04:32 AM 1,544 temp-ND2Ys35CSqudJYIgMLVIJ2o5
12/12/2011 12:47 AM 1,544 temp-ndNMbC9RMlvE1VzemBGZWFyl
02/18/2012 01:12 AM 7,168 temp-nftLIMYb8URon3Gd1gcKbUwC
01/23/2012 07:39 AM 1,544 temp-NizoAyjOWESfIg6UbQIiER0F
09/10/2011 06:00 PM 7,168 temp-nJg4GWjkmTYSUWFo30loqUBR
12/24/2011 10:26 PM 1,544 temp-njQCE9SvEAfuLQlEZ8dutHWt
04/16/2012 09:13 PM 1,544 temp-nnn0iGWyJtdRXpmiSExOCd6V
01/31/2012 06:56 AM 1,544 temp-nPJ3U41a8C5gpdQyF50YPVnP
11/04/2011 01:04 AM 1,544 temp-Nqyg57Mabon9HsC4fASQpT1v
04/26/2012 11:48 PM 1,544 temp-NsXexwABA6BUI6td9d35k92c
10/19/2011 06:44 PM 1,544 temp-NTOMlEJJW4fgARaw6J3u65iC
01/04/2012 02:10 PM 7,168 temp-NuEMoZwq8ZL3klcPV6aZ3Yk1
01/12/2012 03:25 AM 1,544 temp-NVxxei6nGcgLjk6z6qhejkjy
12/17/2011 07:45 AM 1,544 temp-o3nM6tWVmHqWkBpfUQhX5OId
01/26/2012 10:12 AM 1,544 temp-oaA0IEsqAgf4hej7gzfay6gX
04/29/2012 11:21 PM 1,544 temp-OHQ2rR215lwpLsMTiqJpzrQg
01/25/2012 02:09 PM 1,544 temp-okOF139aZf1bwcC65nkOOVDC
02/23/2012 01:00 AM 1,544 temp-oMKyZzm71H2WqLngH10DQ3hC
05/07/2012 04:40 AM 1,544 temp-oWhvwSBSxbmSo7gS4LhU6fP7
02/10/2012 12:57 AM 1,544 temp-OWZh5XrHPT4GEfLcxdBi3Tk1
11/05/2011 03:03 AM 1,544 temp-oZANlzWsTyEY5EIE8TqT6GPX
10/17/2011 12:39 AM 1,544 temp-ozoc2fBn5ZyUAuJHmdebfmyh
10/10/2011 11:19 PM 1,544 temp-p68yJWXhzuIijRgOWfzNDH6F
12/06/2011 03:00 AM 1,544 temp-PAl8r5CueIJS3EfNY4gUxLpG
03/12/2012 12:51 AM 1,544 temp-PBvAR4NOSbIMdG95DukhECWa
11/25/2011 11:48 PM 1,544 temp-pftUMh5n8TEN9nKIhf0OxHwX
12/14/2011 02:00 AM 1,544 temp-pi2n4XO2WGAPPx9t0MuARF3u
01/08/2012 03:43 AM 1,544 temp-PirOaHSCPp6MO1Z1kVcVKHmz
08/05/2011 12:55 PM 7,168 temp-pocqnH3rG44bP0wvnYJOlJI9
01/04/2012 01:37 PM 7,168 temp-ppaj7CeVAdA2sLvirMhsOXFV
03/01/2012 09:05 PM 1,544 temp-pQCIfFthACsT47yNAfZWp1Cy
09/09/2011 09:39 AM 7,168 temp-pqqXn9HijWEph9mtg3hwyaYD
05/12/2012 12:04 PM 7,168 temp-PUgTmsS4aAidxo4VpKCHs4vC
12/30/2011 12:17 AM 1,544 temp-Q4dryRvLXYqr9iYAteK2rsaI
03/09/2012 07:31 AM 1,544 temp-qDSVkuZanAXl4b6uxPEn5wdc
11/06/2011 02:02 AM 1,544 temp-QeVDGdqbTq0zssldUbOsBN4h
02/02/2012 01:17 AM 1,544 temp-Qf9ezD6vLj4FtsN05dLQnsOA
03/13/2012 01:44 AM 1,544 temp-qifN1c7ILAAwJ22JKiV2fuQs
05/12/2012 01:10 PM 1,544 temp-qLMtCiB76YIhTB0QkfHuPrV8
11/18/2011 12:32 AM 1,544 temp-QrcbqF7apXHg2flJrO66XMDb
04/19/2012 10:40 PM 1,544 temp-qrrYhzoXPuVdybNjLjfwz5pl
09/09/2011 11:54 AM 1,544 temp-qWhe8Y3mwo0geetMpSB8xTNU
12/28/2011 12:59 AM 1,544 temp-QzSr4BYaM5ObuxLaXaweBVKK
05/02/2012 12:08 AM 1,544 temp-r8bcQCfAb1195CUTStZf3rqu
03/14/2012 12:44 PM 1,544 temp-rGJPB1PZlfkd5A3UmlmxZHjf
04/30/2012 07:54 AM 1,544 temp-rIGkxaKqoCbkI20D6D8E2k1Z
01/23/2012 07:33 AM 1,544 temp-rKjYz2fJKV7qgneDfFmYMTdb
10/17/2011 11:53 PM 1,544 temp-rm1CUJX8ywzsYthqk1LncZJN
02/08/2012 12:53 AM 1,544 temp-RQWqQP3fYsJtdBVucHSubDJY
09/01/2011 04:21 PM 1,544 temp-RR6Gncd21S0xctAoWUg49EV1
01/04/2012 03:20 PM 1,544 temp-rtxxliZgRgXFPjl1Tok9Izfm
03/29/2012 05:22 PM 1,544 temp-rUbP7tBTrdg5UPIsgDbYYgIP
03/19/2012 12:45 AM 1,544 temp-RVm1HIqfdUnkcZLpbH8HQUOa
03/21/2012 12:53 AM 1,544 temp-s10COLvUgZ3TOpX9mX7mrOPM
09/05/2011 03:40 PM 7,168 temp-sF0fGhmbOf48oHFD0EieSaTL
05/07/2012 11:53 PM 1,544 temp-SLby9hY8LfAYHTDEVt1suqge
08/27/2011 02:15 AM 1,544 temp-SS0GrfWEJvCdZQ24t8rGGhep
01/12/2012 03:08 AM 1,544 temp-stjaZX7HF1m3fCxFF03vkYbw
09/01/2011 11:53 PM 1,544 temp-svWXqmH95rMtttE3tofjbFdD
02/27/2012 07:16 PM 1,544 temp-TFrtmivlADsfhavxBM2dCzFk
01/28/2012 04:20 AM 1,544 temp-TgOQyeQQ4yRERfaFuhp5xZCZ
08/24/2011 07:37 AM 1,544 temp-TKIMhaHtOMHYBdcllNaxMJ18
12/07/2011 03:06 AM 1,544 temp-tMPyX480aMd4sdVg4MR3ragc
08/23/2011 11:09 PM 1,544 temp-TMx9hiiBJAg1rjmpxq1YucMW
11/21/2011 12:29 AM 1,544 temp-TSCbygDUbMaC7Jchv0HXHnyn
12/31/2011 12:03 AM 1,544 temp-TV6KojqkbsW3D7weqmpTimF4
08/22/2011 10:46 PM 1,544 temp-TWh4Jwbw1o3TbBgjWzZnbnCe
01/04/2012 02:15 PM 1,544 temp-U2LTSEjp1VrJeReh2uhcUtDk
12/13/2011 05:54 PM 1,544 temp-U9eh25PN2jwcaf4yvYM3fXSX
08/31/2011 01:54 AM 1,544 temp-UChfyGsiW2cHjkA4iHjxWqgc
05/12/2012 03:37 PM 1,544 temp-UesfWIAcjEFzsFlByoTAD33Q
01/02/2012 12:50 AM 1,544 temp-uHQWTDzkKDiaGih2tNSFOUot
08/16/2011 03:09 AM 1,544 temp-ujpSCLkgYyacemUR9dPQsKWB
01/04/2012 01:37 PM 1,544 temp-Unl9orwVBML7xYVwm51CAWId
01/25/2012 11:07 AM 7,168 temp-UpCrDgQXZDwXXy2DQhdXc5Ym
02/15/2012 12:42 AM 1,544 temp-UVaCwf3QdOT3UVhgBfxtcRAF
05/03/2012 12:15 AM 1,544 temp-uYiD2G84EGK3b89l0C7vcBeV
07/30/2011 12:31 AM 1,544 temp-uYKowXlRhRA0sWFWXFTTBfx2
05/12/2012 03:23 PM 7,168 temp-uzjkd0OMNZo4NNjRFLeu0wAP
01/11/2012 04:49 AM 1,544 temp-v7z3KIAdsQ1tjLO3HFOU3YiR
12/23/2011 01:00 AM 1,544 temp-VESekwXPHzD5HWe8RTmTa8MF
01/04/2012 01:18 PM 1,544 temp-vfY7ox2ZvgEIMnTcGyHMdka8
05/11/2012 10:09 PM 1,544 temp-vhRk0OFC1jsF8N9sVCaYS5kJ
09/29/2011 11:24 PM 1,544 temp-vIvQRZ8bbwSPS32nH5GPrv0K
04/22/2012 11:08 PM 1,544 temp-VJKr4xNiAzoPSLRIDbYJdqaB
04/29/2012 02:54 AM 1,544 temp-VNIyOYwET73tNaon04qlbekC
11/14/2011 12:28 AM 1,544 temp-vQKN1wbijFr0lUN740N7I7SO
09/20/2011 12:04 AM 1,544 temp-VvHdnpgZ1Iy4IY724xImNISw
04/06/2012 03:45 AM 1,544 temp-W4d1hedv6dqMv8rsmWApAkM1
09/08/2011 05:43 AM 1,544 temp-W4OL8YUs4kg3lewSuxRHZJOz
02/13/2012 06:24 AM 1,544 temp-w863guRl27sBff6BS5urQRev
02/09/2012 02:09 AM 1,544 temp-WMDIGaxdvvyfDfsraYs6rVmW
02/22/2012 12:53 AM 1,544 temp-WOYktodnnXvxvWgVpueRpPhX
04/26/2012 01:49 PM 1,544 temp-wsIKoW3181Hfx3djSZ4cRpNo
03/09/2012 01:48 AM 1,544 temp-WuGCa8rRiJbbEMDbcb0xoZz6
04/24/2012 11:41 PM 1,544 temp-wWFcEHbqf8nNLqexMheZf5ud
11/30/2011 01:15 AM 1,544 temp-wyhqPTKWiTQr0i0XWQ6leDKB
07/30/2011 04:40 PM 7,168 temp-x7qCuNa0YT1xuquwt3Xjdda7
05/09/2012 01:47 AM 1,544 temp-xcEfRY8TrOGEuOGrvdOceT5t
10/12/2011 11:17 PM 1,544 temp-XE53rYWKaXMJcuasSRxJi2LP
11/13/2011 04:40 AM 1,544 temp-xJHo8jh8lFMN7mqVyUSkSkG2
05/09/2012 02:20 AM 1,544 temp-xKOgQjKAYq21pWVpZ2QUjpad
09/20/2011 07:04 PM 1,544 temp-xMNUg5khBChalx1ymNYsxf9Z
10/11/2011 11:30 PM 1,544 temp-XRvTPNFxBlHl5dSBn2BY2a5W
12/24/2011 02:57 AM 1,544 temp-XTHi4O0427rGVgsSp2S52sE4
01/25/2012 12:33 AM 1,544 temp-XWl07ohpl894XnSnk4V3zPMz
12/21/2011 01:03 AM 1,544 temp-Xxu9IL5q2335jvvgeJQryIUp
05/10/2012 11:51 AM 1,544 temp-y6X5wqMoTfliwPQQ7yjW8gQ7
11/08/2011 12:46 AM 1,544 temp-ybUroe1VMmNhP7sPWsMJJ4pa
12/29/2011 04:06 PM 1,544 temp-Ydpcg3JFFHARFWkGihWj6XA2
07/29/2011 04:42 PM 1,544 temp-YFf4Xh4f096YamtIialhzplw
08/03/2011 06:38 PM 1,544 temp-YiKpafVfX6reWCGXs8yFza6U
05/09/2012 01:59 AM 1,544 temp-yJ6pTIW1inRKRnYe1wfIExGB
03/30/2012 02:57 AM 1,544 temp-ykvh8qnkMlZDSeV3cns7NYh4
08/05/2011 08:23 AM 1,544 temp-yq1KCkqLIskp7xsH3qrUPqby
03/21/2012 03:37 AM 1,544 temp-YqluXbXUQJFzApBADSXlsdCe
04/30/2012 07:34 AM 1,544 temp-YRtHsN0GBJ1OKewCArE8RhdZ
09/04/2011 11:29 PM 1,544 temp-ysem16Wpe74a3EUHPhHRtB8o
09/18/2011 11:29 AM 1,544 temp-ySFRJm1bgg3NOYeL49qFnhBB
10/04/2011 11:53 PM 1,544 temp-yTnRyvOYZGZFaVa6CclFlljj
12/15/2011 06:30 AM 1,544 temp-YYHAXDEjI9A4ZQGegnIKuaR9
09/13/2011 03:04 AM 1,544 temp-Z7IgL1oUDJy57F63uQ4cEBiE
01/05/2012 01:09 AM 1,544 temp-Z8SJwckl9TCBBQXaSXrXX4kL
09/13/2011 11:59 PM 1,544 temp-Z9ybhmHM1prY845WGjDaDLhS
05/12/2012 03:28 PM 1,544 temp-Zc4JUUrelWp5Ngvq7rJyjTAW
05/09/2012 10:02 AM 7,168 temp-ZC6TyeYxEPrbeKKW3coYzCbx
05/10/2012 11:40 PM 1,544 temp-ZOOyI0zTErjgAAhORirktSaB
11/19/2011 06:43 AM 1,544 temp-zPEEDorJgD9xut4mR2izhI0s
01/13/2012 01:09 PM 1,544 temp-ZPQbhzeEo56PWPjMlnYXUNF6
10/12/2011 12:41 AM 1,544 temp-zYyUibPO4NbiiBUtSbn56gfN
313 File(s) 662,219 bytes
8 Dir(s) 146,930,745,344 bytes free

========= End of CMD: =========


==== End of Fixlog ====

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:33 AM

Posted 12 May 2012 - 07:35 PM

OK

Please do the following:

Press the WinKey +R to open a run box and copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /q/s "C:\Users\Genya\AppData\Roaming\Skype"


Please re-run comboFix, allow it to update if it asks to do so

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 vegetalordofall

vegetalordofall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 12 May 2012 - 07:42 PM

Here is the latest ComboFix log:


ComboFix 12-05-12.01 - Genya 13/05/2012 1:36.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8098.6287 [GMT 1:00]
Running from: c:\users\Genya\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nkmucaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 08:34 . 2012-05-13 08:35 -------- d-----w- C:\FRST
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-05-12 21:08 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2517DF3-8E0F-4637-B7FE-2D8237B7CA50}\mpengine.dll
2012-05-11 00:38 . 2012-05-11 00:38 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\programdata\media center programs
2012-05-09 14:56 . 2012-05-09 14:56 -------- d-----w- c:\program files (x86)\Funcom
2012-05-09 10:24 . 2012-05-09 10:24 -------- d-----w- c:\users\Genya\AppData\Roaming\Firefly Studios
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-09 10:18 . 2012-05-09 10:18 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-09 10:18 . 2012-05-09 10:18 -------- d-----w- c:\program files (x86)\Java
2012-05-09 10:17 . 2012-05-09 10:17 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-09 10:07 . 2012-05-09 10:07 -------- d-----w- c:\program files (x86)\Firefly Studios
2012-05-07 18:30 . 2012-05-07 18:30 -------- d-----w- c:\users\Genya\AppData\Roaming\runic games
2012-05-05 11:33 . 2012-05-05 11:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-30 15:39 . 2012-04-30 15:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:39 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 10:45 . 2011-09-22 16:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
2012-04-29 10:45 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-20 09:13 . 2012-04-20 09:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:44 . 2012-04-20 09:13 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 07:43 . 2012-04-20 07:43 -------- d-----w- c:\programdata\Battle.net
2012-04-20 07:19 . 2012-05-04 23:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:40 . 2012-05-04 23:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:22 . 2012-04-16 09:22 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 10:18 . 2011-07-29 08:13 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 23:19 . 2011-07-28 12:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-19 22:44 . 2012-03-19 22:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 22:44 . 2012-03-19 22:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 22:44 . 2012-03-19 22:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 22:44 . 2012-03-19 22:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 22:44 . 2012-03-19 22:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 22:44 . 2012-03-19 22:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 22:44 . 2012-03-19 22:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-19 22:42 . 2012-03-19 22:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 22:32 . 2012-03-19 22:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 22:31 . 2012-03-19 22:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 22:31 . 2012-03-19 22:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-19 22:31 . 2012-03-19 22:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-19 22:31 . 2012-03-19 22:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 22:26 . 2012-03-19 22:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 22:25 . 2012-03-19 22:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 22:22 . 2012-03-19 22:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 22:11 . 2012-03-19 22:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 21:31 . 2012-03-19 21:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 21:21 . 2012-03-19 21:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 21:18 . 2012-03-19 21:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 21:18 . 2012-03-19 21:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 21:18 . 2012-03-19 21:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 21:18 . 2012-03-19 21:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 21:18 . 2012-03-19 21:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 21:18 . 2012-03-19 21:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 21:18 . 2012-03-19 21:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 21:18 . 2012-03-19 21:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 21:18 . 2012-03-19 21:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 21:18 . 2012-03-19 21:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-19 21:18 . 2012-03-19 21:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-19 21:18 . 2012-03-19 21:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-19 21:17 . 2012-03-19 21:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-19 21:17 . 2011-07-26 12:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-19 21:17 . 2011-07-26 12:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-19 21:17 . 2012-03-19 21:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-19 21:17 . 2012-03-19 21:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-19 21:17 . 2012-03-19 21:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-19 21:16 . 2012-03-19 21:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-19 21:16 . 2012-03-19 21:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-19 21:16 . 2012-03-19 21:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-19 21:12 . 2012-03-19 21:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-19 21:11 . 2012-03-19 21:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-19 21:09 . 2012-03-19 21:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-19 21:09 . 2012-03-19 21:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-19 21:09 . 2012-03-19 21:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-19 21:09 . 2012-03-19 21:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-19 21:09 . 2012-03-19 21:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-19 21:09 . 2012-03-19 21:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-19 21:09 . 2012-03-19 21:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 01:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 01:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 01:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 01:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 01:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 01:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-01 00:02 . 2012-03-13 16:45 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-03-13 16:45 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-03-13 16:45 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-13 16:45 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-13 16:45 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-03-13 16:45 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-03-13 16:45 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-13 16:45 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-13 16:45 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-13 16:45 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-13 16:45 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-03-13 16:45 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-03-13 16:45 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-13 16:45 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-12_19.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 07:19 . 2012-05-13 00:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-20 07:19 . 2012-05-12 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-09 09:23 . 2012-05-12 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-05-09 09:23 . 2012-05-13 00:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-05-12 23:19 . 2012-05-13 00:22 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012051320120514\index.dat
+ 2012-05-12 23:56 . 2012-05-13 00:03 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13021A91-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:22 . 2012-05-13 00:22 43008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF7C5BB2-9C91-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:06 . 2012-05-13 00:12 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7AB32D1C-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:06 . 2012-05-13 00:06 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6DF37091-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:06 . 2012-05-13 00:06 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6DF3708D-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:42 . 2012-05-12 21:47 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{642EF6B0-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 21:42 . 2012-05-12 21:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{642EF6AF-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 21:13 . 2012-05-12 21:13 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55277E11-9C77-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 21:41 . 2012-05-12 21:47 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F94C4AB-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:04 . 2012-05-13 00:06 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BD9155E-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:40 . 2012-05-12 21:44 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14EE7AF1-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 23:56 . 2012-05-13 00:03 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13021A92-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:03 . 2012-05-13 00:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{108EE81D-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-09 09:33 . 2012-05-13 00:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-05-09 09:33 . 2012-05-12 19:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-05-13 00:30 39584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-12 19:11 29384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-13 00:30 29384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-09 12:41 . 2012-05-12 19:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{43AE92E7-99D4-11E1-ACCE-14DAE9061D82}.dat
+ 2012-05-09 12:41 . 2012-05-13 00:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{43AE92E7-99D4-11E1-ACCE-14DAE9061D82}.dat
+ 2012-05-12 23:41 . 2012-05-12 23:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0F6E808-9C8B-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:17 . 2012-05-12 21:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3969BD2-9C77-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:00 . 2012-05-13 00:06 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B3DD85A9-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:22 . 2012-05-13 00:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF7C5BB1-9C91-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 22:06 . 2012-05-12 22:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A93F30D2-9C7E-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:06 . 2012-05-13 00:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7AB32D1B-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:19 . 2012-05-13 00:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5CA05253-9C91-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:13 . 2012-05-12 21:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A9223B8-9C77-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 21:40 . 2012-05-12 21:43 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14EE7AF0-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:03 . 2012-05-13 00:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{108EE81C-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:41 . 2012-05-12 23:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FCF2DC81-9C8B-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:41 . 2012-05-12 23:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0F6E809-9C8B-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:02 . 2012-05-13 00:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFAD8649-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:02 . 2012-05-13 00:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDD64EC9-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:17 . 2012-05-12 21:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3969BD3-9C77-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:01 . 2012-05-13 00:01 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7A3EA36-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:01 . 2012-05-13 00:01 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7A3EA35-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:00 . 2012-05-13 00:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC05F601-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:00 . 2012-05-13 00:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC05F600-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 22:06 . 2012-05-12 22:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A93F30D3-9C7E-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:00 . 2012-05-13 00:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{95AD1D1B-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:43 . 2012-05-12 21:43 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{871AD626-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 23:59 . 2012-05-12 23:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D24FFF9-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:59 . 2012-05-12 23:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D24FFF8-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:59 . 2012-05-12 23:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D24FFF7-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:43 . 2012-05-12 21:43 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A6AF857-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 23:58 . 2012-05-12 23:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66BE1D1F-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:58 . 2012-05-12 23:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66BE1D1E-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:19 . 2012-05-13 00:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CA05254-9C91-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 23:58 . 2012-05-12 23:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{536DFBB9-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:13 . 2012-05-12 21:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A9223BA-9C77-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-12 23:57 . 2012-05-12 23:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44FD0667-9C8E-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:41 . 2012-05-12 21:41 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F94C4AD-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:03 . 2012-05-13 00:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{043EDEF3-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2012-05-13 00:03 . 2012-05-13 00:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{043EDEF2-9C8F-11E1-B352-14DAE9061D82}.dat
+ 2011-07-28 12:00 . 2012-05-13 00:30 4050 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3433945081-1426626829-1563182973-1003_UserData.bin
+ 2012-05-13 00:40 . 2012-05-13 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-12 19:38 . 2012-05-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 833024 c:\windows\SysWOW64\user32.dll
+ 2009-07-14 04:54 . 2012-05-13 00:22 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-11 23:07 . 2012-05-12 22:58 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012051220120513\index.dat
+ 2012-05-13 00:19 . 2012-05-13 00:19 113152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4F006BAE-9C91-11E1-B352-14DAE9061D82}.dat
+ 2012-05-12 21:43 . 2012-05-12 21:47 249856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{871AD627-9C7B-11E1-8CB6-14DAE9061D82}.dat
+ 2012-05-13 00:06 . 2012-05-13 00:06 186368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6DF3708F-9C8F-11E1-B352-14DAE9061D82}.dat
- 2009-07-14 02:36 . 2012-05-12 19:16 742186 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-13 00:34 742186 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-13 00:34 156066 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-12 19:16 156066 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-05-12 19:45 108816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-05-12 19:37 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-13 00:39 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-09 09:22 . 2012-05-13 00:22 3588096 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-05-13 00:22 1671168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-12 19:31 1671168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-13 00:22 4636672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-30 15:53 . 2012-05-13 00:22 5018500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-07-28 11:50 . 2012-05-13 00:39 61020816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3433945081-1426626829-1563182973-1003-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-25 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-24 131912]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\admin\Desktop\2NVIDIA\REALTEMP\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:19]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003Core.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433945081-1426626829-1563182973-1003UA.job
- c:\users\Genya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 07:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,57,86,3e,c5,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,6b,a1,fa,0e,18,65,42,90,49,6b,\
.
[HKEY_USERS\S-1-5-21-3433945081-1426626829-1563182973-1003\Software\SecuROM\License information*]
"datasecu"=hex:0b,ee,8f,3b,81,5b,c3,f0,56,8d,70,e0,c4,62,ba,ab,87,6c,e6,b3,4d,
14,3b,3a,17,80,a6,64,a9,4f,dd,17,ec,96,51,10,78,d4,17,74,84,2d,a7,80,d7,52,\
"rkeysecu"=hex:b7,b6,25,85,91,58,ef,5a,b9,2b,d9,ae,c1,44,36,dd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2012-05-13 01:41:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 00:41
ComboFix2.txt 2012-05-12 20:07
ComboFix3.txt 2012-05-12 19:39
ComboFix4.txt 2012-05-09 10:00
.
Pre-Run: 146,885,951,488 bytes free
Post-Run: 146,962,395,136 bytes free
.
- - End Of File - - 6B45282FD1180516E353F0A395594EEE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users