Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Redirects, Internet Explorer running in the background


  • This topic is locked This topic is locked
16 replies to this topic

#1 Budgins

Budgins

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 21 May 2012 - 03:01 PM

Hello folks, I'm looking for some help with a computer on which I have exhausted all possibilites I can think of.

It's a 64 bit Windows 7 Home Premium machine, barely two months old. The Owner has visited various websites he shouldn't have, and as such
contracted numerous viruses including what I believe is a rootkit.

Constant redirects to various pay-per-click websites ( which I will not post here unless instructed to, for safety reasons ) across all 3
browsers on the system ( Chrome, IE 8 and Firefox ). Numerous instances of Internet Explorer are running in the background, witnessed with
Proccess Explorer. Shutting them down just causes them to restart.

I have run Combofix, which just removes some temp files from the ProgramData file that immediately reproduce themselves, TDSSKiller which
finds nothing, MBAM which removes several files each run, which then return. I have reset the hosts file several times which seems to
stop the redirecting for a short period, it however starts again quickly. Included are the required logs.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by John at 15:42:52 on 2012-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4731 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\DeviceVM\SmartView\SmartViewClientService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\DeviceVM\SmartView\SmartViewClientService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\John\Desktop\GeneralVRkit\procexp.exe
C:\Users\John\Desktop\GeneralVRkit\procexp64.exe
C:\Users\John\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\TEMP\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll
mURLSearchHooks: SearchHook Class: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll
mURLSearchHooks: H - No File
BHO: SmartView VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{0B42F3E1-EDB0-4FB7-B2F5-930758895732} : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{6CFDE953-5F16-434F-9813-33286F9F76EB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CFDE953-5F16-434F-9813-33286F9F76EB}\64163747D41485D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
BHO-X64: SmartView VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5rt6ol1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-23 378472]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 257696]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-27 136176]
S4 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-9-2 125216]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-26 2656280]
S4 WCUService;SmartView Software Updater Service;C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-9-2 456976]
S4 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-4-27 285152]
.
=============== Created Last 30 ================
.
2012-05-21 20:50:51 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-05-21 19:27:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D8E1E99-7481-42F2-B2D1-74D04AA2EEA8}\offreg.dll
2012-05-21 18:57:03 894 ----a-w- C:\ProgramData\qiqsbaa.tmp
2012-05-21 17:33:50 886 ----a-w- C:\ProgramData\kzjhbaa.tmp
2012-05-21 17:32:55 863 ----a-w- C:\ProgramData\lzjhbaa.tmp
2012-05-21 17:19:56 870 ----a-w- C:\ProgramData\ncayaaa.tmp
2012-05-21 17:18:57 871 ----a-w- C:\ProgramData\mcayaaa.tmp
2012-05-21 16:41:29 -------- d-----w- C:\$RECYCLE.BIN
2012-05-21 16:26:00 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D8E1E99-7481-42F2-B2D1-74D04AA2EEA8}\mpengine.dll
2012-05-21 16:08:13 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
2012-05-21 16:08:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-21 16:08:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-21 16:08:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-21 15:38:12 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-21 15:38:07 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-05-21 14:19:39 -------- d-----w- C:\Users\John\AppData\Local\Apple
2012-05-18 16:13:35 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-18 15:56:24 98816 ----a-w- C:\Windows\sed.exe
2012-05-18 15:56:24 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-18 15:56:24 256000 ----a-w- C:\Windows\PEV.exe
2012-05-18 15:56:24 208896 ----a-w- C:\Windows\MBR.exe
2012-05-18 15:54:44 -------- d-----w- C:\Users\John\AppData\Roaming\OpenOffice.org
2012-05-18 15:53:56 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-05-18 15:53:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-12 10:26:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-12 10:16:10 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-12 10:15:55 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-12 10:15:52 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-10 21:37:27 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-10 21:37:15 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-10 21:37:02 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-10 21:36:54 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-07 16:26:20 -------- d-----w- C:\Users\John\AppData\Local\CrashDumps
2012-05-05 03:02:21 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:17:49 -------- d-----w- C:\Program Files\Canon
2012-05-03 23:17:38 -------- d-----w- C:\Program Files (x86)\Canon
2012-05-01 17:38:24 -------- d-----w- C:\Users\John\AppData\Roaming\Garmin
2012-04-30 16:23:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 16:23:09 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-27 21:08:25 -------- d-----w- C:\Users\John\AppData\Local\Google
2012-04-27 21:08:08 -------- d-----w- C:\Program Files\iTunes
2012-04-27 21:08:08 -------- d-----w- C:\Program Files\iPod
2012-04-27 21:08:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-27 21:07:45 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-27 21:07:45 -------- d-----w- C:\Program Files\AVAST Software
2012-04-27 21:07:09 -------- d-----w- C:\Program Files\Bonjour
2012-04-27 21:07:09 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-27 21:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-27 20:56:47 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-04-27 20:56:47 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-04-27 20:56:47 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-04-27 20:56:33 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-27 20:27:55 25312 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2012-04-27 20:27:51 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-04-27 20:24:58 95472 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-04-27 20:24:58 838136 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys
2012-04-27 20:24:58 3552768 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-04-27 20:24:57 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-04-27 20:24:57 3888128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-04-27 20:24:57 1436920 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-04-27 07:39:37 -------- d-----w- C:\Windows\Panther
2012-04-27 04:05:35 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-27 04:05:30 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-04-27 04:05:29 -------- d-----w- C:\Users\John\AppData\Roaming\DeviceVm
2012-04-27 04:05:06 -------- d-----w- C:\Program Files (x86)\DeviceVM
2012-04-27 04:04:53 -------- d-----w- C:\Users\John\AppData\Local\Cyberlink
2012-04-27 04:03:19 90112 ------w- C:\Windows\Updreg.EXE
2012-04-27 04:03:16 26624 ------w- C:\Windows\System32\THXCfg64.dll
2012-04-27 04:03:16 141312 ------w- C:\Windows\System32\THXCfg64.exe
2012-04-27 04:03:16 11264 ------w- C:\Windows\SysWow64\ResDefA.exe
2012-04-27 04:03:15 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2012-04-27 04:03:15 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2012-04-27 04:03:15 190464 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2012-04-27 04:03:14 246784 ----a-w- C:\Windows\System32\APOMgr64.DLL
2012-04-27 04:03:01 -------- d-----w- C:\Program Files (x86)\Creative
2012-04-27 04:00:44 1632128 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2012-04-27 04:00:44 -------- d-----w- C:\Users\John\AppData\Local\cFos
2012-04-27 04:00:44 -------- d-----w- C:\Program Files\ASRock
2012-04-27 04:00:39 -------- d-----w- C:\ProgramData\cFos
2012-04-27 04:00:33 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2012-04-27 04:00:33 -------- d-----w- C:\ProgramData\FNET
2012-04-27 04:00:31 -------- d-----w- C:\Program Files (x86)\XFastUsb
2012-04-27 04:00:24 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2012-04-27 04:00:20 15368 ----a-w- C:\Windows\System32\drivers\AsrAppCharger.sys
2012-04-27 04:00:20 -------- d-----w- C:\Program Files\ASRock Utility
2012-04-27 03:59:13 66336 ----a-w- C:\Windows\System32\drivers\VirtuWDDM.sys
2012-04-27 03:59:12 -------- d-----w- C:\Users\John\Lucidlogix
2012-04-27 03:59:12 -------- d-----w- C:\Program Files\Lucidlogix Technologies
2012-04-27 03:58:50 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-04-27 03:58:48 -------- d-sh--w- C:\Windows\Installer
2012-04-27 03:57:29 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-04-27 03:57:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-04-27 03:57:22 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-04-27 03:54:41 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-27 03:52:29 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-04-27 03:52:21 -------- d-----w- C:\Intel
2012-04-26 19:23:04 -------- d-----w- C:\Program Files (x86)\CCleaner
2012-04-26 18:46:53 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-26 18:46:53 -------- d-----w- C:\Windows\System32\Wat
2012-04-26 16:49:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-26 16:46:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-26 16:46:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-26 16:46:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-26 16:46:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-26 16:46:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-26 16:46:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-26 16:46:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-26 16:38:05 -------- d-----w- C:\Program Files (x86)\ASUS
2012-04-26 16:37:52 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-26 16:37:52 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-26 16:37:52 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll
2012-04-26 16:36:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-26 16:36:19 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-04-26 16:36:12 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll
2012-04-26 16:36:09 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2012-04-26 16:27:15 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F31C563-54B1-4CBD-920E-DCB036F52DB7}\gapaengine.dll
2012-04-26 16:26:02 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-04-26 16:26:00 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-04-26 16:26:00 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-04-26 16:26:00 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-04-26 16:26:00 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-04-26 16:24:18 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-26 16:22:00 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-26 16:22:00 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-26 16:21:43 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-26 16:21:42 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-26 16:21:42 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-26 16:21:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-26 16:21:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-26 16:21:22 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-26 16:21:22 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-26 16:09:22 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-26 16:05:00 -------- d-----w- C:\ProgramData\DeviceVM
2012-04-26 16:03:27 -------- d-----w- C:\ProgramData\Norton
.
==================== Find3M ====================
.
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:43:17.65 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-21 15:49:57
Windows 6.1.7601 Service Pack 1
Running: 4p9sb7f6.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\yqkmaaa.tmp 659 bytes
File C:\ProgramData\zqkmaaa.tmp 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Toolbar\broker_metrics.xml 22834 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{944A9795-A37D-11E1-9853-BC5FF435606C}.dat 16384 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\69PML539.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7MP3NJUD.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UIB9LGU7.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EM4ZJ919.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O2KA69Y0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MKX4NC2C.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B7O30CU0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DX8B8UAE.txt 0 bytes

---- EOF - GMER 1.0.15 ----


Thank you for your time. I will be away from the computer until tomorrow morning, so if a response is prompt I may not be able to answer it until later on.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 21 May 2012 - 05:04 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 22 May 2012 - 10:17 AM

Hello Gringo, Thanks for the prompt assist. Here are the logs that you asked for. The machine is still experiencing redirects on both Chrome, and Firefox. Internet Explorer is not currently affected.

Results of screen317's Security Check version 0.99.34
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 22
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.5.2) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````




ComboFix 12-05-22.02 - John 05/22/2012 10:59:41.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4908 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kzjhbaa.tmp
c:\programdata\lzjhbaa.tmp
c:\programdata\mcayaaa.tmp
c:\programdata\ncayaaa.tmp
c:\programdata\qiqsbaa.tmp
c:\programdata\yqkmaaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 15:02 . 2012-05-22 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 20:50 . 2012-05-21 20:50 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-21 16:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8E1E99-7481-42F2-B2D1-74D04AA2EEA8}\mpengine.dll
2012-05-21 16:08 . 2012-05-21 16:08 -------- d-----w- c:\programdata\Malwarebytes
2012-05-21 16:08 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 16:08 . 2012-05-21 16:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-05-21 14:58 . 2012-05-21 14:58 -------- d-----w- c:\program files\Google
2012-05-21 14:37 . 2012-05-21 14:37 -------- d-----w- c:\windows\Sun
2012-05-18 16:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-18 15:53 . 2012-05-18 15:54 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-18 15:53 . 2012-05-18 15:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-18 15:53 . 2012-05-18 15:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-18 15:53 . 2012-05-18 15:53 -------- d-----w- c:\program files (x86)\Java
2012-05-12 10:26 . 2012-05-16 11:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-12 10:16 . 2012-05-16 10:52 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-12 10:15 . 2012-05-16 10:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-12 10:15 . 2012-05-12 10:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-10 21:37 . 2012-05-18 08:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-10 21:37 . 2012-05-18 08:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-10 21:37 . 2012-05-18 08:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-10 21:36 . 2012-05-16 10:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-05 03:02 . 2012-05-05 03:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:17 . 2012-05-03 23:17 -------- d-----w- c:\program files\Canon
2012-05-03 23:17 . 2012-05-03 23:17 -------- d-----w- c:\program files (x86)\Canon
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\programdata\McAfee
2012-04-30 16:23 . 2012-05-05 03:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 16:23 . 2012-05-05 03:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 21:08 . 2012-05-21 14:58 -------- d-----w- c:\program files (x86)\Google
2012-04-27 21:08 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files\iTunes
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files (x86)\iTunes
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files\iPod
2012-04-27 21:07 . 2012-05-18 15:46 -------- d-----w- c:\programdata\AVAST Software
2012-04-27 21:07 . 2012-05-14 23:47 -------- d-----w- c:\program files\AVAST Software
2012-04-27 21:07 . 2012-04-27 21:07 -------- d-----w- c:\program files\Bonjour
2012-04-27 21:07 . 2012-04-27 21:07 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-27 21:04 . 2012-04-27 21:04 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-27 20:56 . 2012-04-27 20:56 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-27 20:56 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-27 20:56 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-27 20:56 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-27 20:56 . 2012-04-27 20:56 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-27 20:56 . 2012-04-27 21:08 -------- d-----w- c:\programdata\Apple Computer
2012-04-27 20:56 . 2012-05-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2012-04-27 20:55 . 2012-05-21 17:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-04-27 20:55 . 2012-04-27 21:07 -------- d-----w- c:\programdata\Apple
2012-04-27 20:27 . 2007-01-19 22:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-04-27 20:27 . 2012-04-27 20:27 -------- d-----w- c:\program files (x86)\NETGEAR
2012-04-27 20:24 . 2009-11-06 12:40 838136 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys
2012-04-27 20:24 . 2009-11-06 12:34 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-04-27 20:24 . 2009-11-06 12:34 3552768 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-04-27 20:24 . 2010-02-03 15:21 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-04-27 20:24 . 2009-11-06 12:34 3888128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-04-27 20:24 . 2009-11-06 12:31 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-04-27 07:39 . 2012-04-27 03:49 -------- d-----w- c:\windows\Panther
2012-04-27 04:05 . 2012-04-27 04:05 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-04-27 04:05 . 2012-04-27 04:05 -------- d-----w- c:\program files (x86)\DeviceVM
2012-04-27 04:04 . 2012-04-27 04:04 -------- d-----w- c:\programdata\CyberLink
2012-04-27 04:03 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2012-04-27 04:03 . 2011-05-13 16:30 26624 ------w- c:\windows\system32\THXCfg64.dll
2012-04-27 04:03 . 2010-07-21 20:51 11264 ------w- c:\windows\SysWow64\ResDefA.exe
2012-04-27 04:03 . 2009-10-01 20:42 141312 ------w- c:\windows\system32\THXCfg64.exe
2012-04-27 04:03 . 2011-05-19 13:56 190464 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2012-04-27 04:03 . 2009-12-29 20:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2012-04-27 04:03 . 2009-12-29 20:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2012-04-27 04:03 . 2011-05-19 13:58 246784 ----a-w- c:\windows\system32\APOMgr64.DLL
2012-04-27 04:03 . 2012-04-27 04:03 -------- d-----w- c:\program files (x86)\Creative
2012-04-27 04:02 . 2012-04-27 04:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-04-27 04:02 . 2012-04-27 04:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files\ASRock
2012-04-27 04:00 . 2011-07-04 19:19 1632128 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\programdata\cFos
2012-04-27 04:00 . 2012-04-27 04:00 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\programdata\FNET
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files (x86)\XFastUsb
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files (x86)\ASRock Utility
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files\ASRock Utility
2012-04-27 04:00 . 2010-06-11 18:37 15368 ----a-w- c:\windows\system32\drivers\AsrAppCharger.sys
2012-04-27 03:59 . 2011-07-07 20:05 66336 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2012-04-27 03:59 . 2012-04-27 03:59 -------- d-----w- c:\program files\Lucidlogix Technologies
2012-04-27 03:58 . 2012-04-27 03:58 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-04-27 03:58 . 2012-05-21 17:25 -------- d-sh--w- c:\windows\Installer
2012-04-27 03:57 . 2011-02-22 15:59 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-04-27 03:57 . 2012-04-27 03:57 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-04-27 03:57 . 2010-10-19 20:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-04-27 03:54 . 2012-04-27 03:54 -------- d-----w- c:\program files\Common Files\Intel
2012-04-27 03:52 . 2012-04-27 03:57 -------- d-----w- c:\program files (x86)\Intel
2012-04-27 03:52 . 2010-12-23 03:09 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-04-27 03:52 . 2012-04-27 03:53 -------- d-----w- C:\Intel
2012-04-27 03:49 . 2012-04-27 03:59 -------- d-----w- c:\users\John
2012-04-27 03:49 . 2012-04-27 03:49 -------- d-----w- C:\Recovery
2012-04-26 19:23 . 2012-04-26 19:23 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-26 18:46 . 2012-04-26 18:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-26 18:46 . 2012-04-26 18:46 -------- d-----w- c:\windows\system32\Wat
2012-04-26 16:49 . 2012-04-26 16:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-26 16:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-26 16:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-26 16:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-26 16:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-26 16:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-26 16:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-26 16:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-26 16:38 . 2012-04-26 16:38 -------- d-----w- c:\program files (x86)\ASUS
2012-04-26 16:37 . 2011-03-03 15:59 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-26 16:37 . 2011-03-03 15:59 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-26 16:37 . 2011-03-03 15:59 1359976 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2012-04-26 16:37 . 2012-05-22 15:03 -------- d-----w- c:\programdata\NVIDIA
2012-04-26 16:36 . 2012-04-26 16:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-26 16:36 . 2012-04-26 16:36 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-26 16:36 . 2011-03-28 10:27 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2012-04-26 16:36 . 2011-03-28 10:27 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2012-04-26 16:27 . 2012-04-26 16:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F31C563-54B1-4CBD-920E-DCB036F52DB7}\gapaengine.dll
2012-04-26 16:26 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-26 16:26 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:44 . 2010-10-25 01:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 01:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 3B933F4A7A00B4067B007AF73E8ABB21 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-05-21_16.41.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 13:26 . 2012-05-21 20:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-30 13:26 . 2012-05-21 16:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-21 19:45 . 2012-05-21 19:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{944A9797-A37D-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 20:03 . 2012-05-21 20:03 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{163CD525-A380-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:53 . 2012-05-21 17:53 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1777204-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:53 . 2012-05-21 17:53 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1777203-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:17 . 2012-05-21 17:17 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCA2668C-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:17 . 2012-05-21 17:18 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCA2668B-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:52 . 2012-05-21 17:52 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B28C125C-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:15 . 2012-05-21 17:18 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{971EB70C-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:51 . 2012-05-21 17:51 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{875677C2-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:50 . 2012-05-21 17:50 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B71F7C4-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:14 . 2012-05-21 17:16 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{791ADD16-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 19:09 . 2012-05-21 19:11 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7881090B-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:14 . 2012-05-21 17:16 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{650540C6-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 19:08 . 2012-05-21 19:13 62464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{53EA710E-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:13 . 2012-05-21 17:17 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EC503D8-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:47 . 2012-05-21 17:48 62464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1788D5E5-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:32 . 2012-05-21 17:33 47104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{007C50B2-A36B-11E1-98A2-BC5FF435606C}.dat
+ 2012-05-07 16:33 . 2012-05-21 19:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-05-07 16:33 . 2012-05-21 15:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-05-07 16:22 . 2012-05-21 20:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
- 2012-05-07 16:22 . 2012-05-21 16:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-11-21 03:09 . 2012-05-22 14:55 55448 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-22 14:55 34056 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-27 20:46 . 2012-05-21 16:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-27 20:46 . 2012-05-22 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-27 20:46 . 2012-05-22 14:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-27 20:46 . 2012-05-21 16:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-27 20:46 . 2012-05-21 16:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-27 20:46 . 2012-05-22 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 17:10 . 2012-05-22 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-26 17:10 . 2012-05-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-26 17:10 . 2012-05-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 17:10 . 2012-05-22 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-21 20:50 . 2012-05-21 20:59 40960 c:\windows\Microsoft Antimalware\Support\MpWppTracing-05212012-125052-00000003-ffffffff.bin
+ 2012-05-21 19:45 . 2012-05-21 19:45 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{944A9796-A37D-11E1-9853-BC5FF435606C}.dat
- 2012-05-09 17:54 . 2012-05-21 15:41 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{02C652C6-9A00-11E1-BE81-BC5FF435606C}.dat
+ 2012-05-09 17:54 . 2012-05-21 20:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{02C652C6-9A00-11E1-BE81-BC5FF435606C}.dat
+ 2012-05-21 18:15 . 2012-05-21 18:15 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F6E54E65-A370-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:46 . 2012-05-21 17:53 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F59615DF-A36C-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:43 . 2012-05-21 18:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ECAA7B36-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:50 . 2012-05-21 18:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4AD9AEB-A375-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:11 . 2012-05-21 19:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CC2E084E-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:00 . 2012-05-21 18:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CAC57100-A36E-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:57 . 2012-05-21 18:57 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C0263A85-A376-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:42 . 2012-05-21 18:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B42DB396-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:34 . 2012-05-21 18:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9041D1DC-A373-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:05 . 2012-05-21 18:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8E50BBC3-A36F-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:12 . 2012-05-21 18:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85DD76E1-A370-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:16 . 2012-05-21 19:16 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76EF1F37-A379-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:23 . 2012-05-21 19:23 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73C64951-A37A-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:30 . 2012-05-21 19:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70A6F8ED-A37B-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:37 . 2012-05-21 19:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A8489F1-A37C-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:25 . 2012-05-21 18:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F4A4581-A372-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:32 . 2012-05-21 18:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5ED15D4A-A373-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:08 . 2012-05-21 19:15 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{53EA710D-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:49 . 2012-05-21 17:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{503EBE8F-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:25 . 2012-05-21 18:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4DCF2A7D-A372-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:06 . 2012-05-21 17:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4BFF2BD0-A367-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 18:39 . 2012-05-21 18:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43DAC4A8-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:19 . 2012-05-21 17:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F23786E-A369-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:05 . 2012-05-21 17:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C55FE4C-A367-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:41 . 2012-05-21 17:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B26EF71-A36C-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:33 . 2012-05-21 17:33 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2071AA3F-A36B-11E1-98A2-BC5FF435606C}.dat
+ 2012-05-21 18:02 . 2012-05-21 18:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C47CFA3-A36F-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 20:04 . 2012-05-21 20:04 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A4AAD19-A380-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:06 . 2012-05-21 19:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19164599-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:18 . 2012-05-21 17:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C17D605-A369-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:26 . 2012-05-21 17:26 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{08E9FEDC-A36A-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:11 . 2012-05-21 17:18 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02FF5642-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:11 . 2012-05-21 17:11 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{024F306D-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:32 . 2012-05-21 17:32 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{007C50B1-A36B-11E1-98A2-BC5FF435606C}.dat
+ 2012-05-21 19:12 . 2012-05-21 19:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F71052BA-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:15 . 2012-05-21 18:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6E54E66-A370-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:18 . 2012-05-21 17:18 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF959AF9-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 18:43 . 2012-05-21 18:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECAA7B37-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:50 . 2012-05-21 18:54 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4AD9AEC-A375-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:11 . 2012-05-21 19:15 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CC2E084F-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:00 . 2012-05-21 18:04 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CAC57101-A36E-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:17 . 2012-05-21 17:17 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C79EC0A2-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:17 . 2012-05-21 17:17 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C79EC0A0-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 18:57 . 2012-05-21 18:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0263A86-A376-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:42 . 2012-05-21 18:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B42DB397-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:16 . 2012-05-21 17:18 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A8D7B5D5-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 18:34 . 2012-05-21 18:40 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9041D1DD-A373-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:05 . 2012-05-21 18:09 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E50BBC4-A36F-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:12 . 2012-05-21 18:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85DD76E2-A370-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:16 . 2012-05-21 19:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76EF1F38-A379-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:23 . 2012-05-21 19:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73C64952-A37A-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:30 . 2012-05-21 19:37 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A6F8EE-A37B-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:37 . 2012-05-21 19:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A8489F2-A37C-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:25 . 2012-05-21 18:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F4A4582-A372-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:32 . 2012-05-21 18:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5ED15D4B-A373-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:49 . 2012-05-21 17:53 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{503EBE90-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 18:25 . 2012-05-21 18:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4DCF2A7E-A372-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:06 . 2012-05-21 17:11 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4BFF2BD1-A367-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 19:15 . 2012-05-21 19:15 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49640B3D-A379-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 18:39 . 2012-05-21 18:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43DAC4A9-A374-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 19:15 . 2012-05-21 19:15 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43671506-A379-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:19 . 2012-05-21 17:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F23786F-A369-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 19:14 . 2012-05-21 19:14 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C9A66E5-A379-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:05 . 2012-05-21 17:06 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C55FE4D-A367-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:41 . 2012-05-21 17:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B26EF72-A36C-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:33 . 2012-05-21 17:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2071AA40-A36B-11E1-98A2-BC5FF435606C}.dat
+ 2012-05-21 18:02 . 2012-05-21 18:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C47CFA4-A36F-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 20:04 . 2012-05-21 20:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A4AAD1A-A380-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 19:06 . 2012-05-21 19:10 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1916459A-A378-11E1-9853-BC5FF435606C}.dat
+ 2012-05-21 17:18 . 2012-05-21 17:25 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C17D606-A369-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:26 . 2012-05-21 17:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08E9FEDD-A36A-11E1-BE8A-BC5FF435606C}.dat
+ 2012-05-21 17:11 . 2012-05-21 17:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{024F306E-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2012-04-27 03:55 . 2012-05-22 14:55 7084 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2255535704-1149818376-554438282-1000_UserData.bin
+ 2012-05-22 15:03 . 2012-05-22 15:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-21 16:41 . 2012-05-21 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-05-21 20:04 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-21 14:13 . 2012-05-21 20:04 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052120120522\index.dat
+ 2012-05-21 17:46 . 2012-05-21 17:51 248320 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F59615E0-A36C-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:49 . 2012-05-21 17:51 111616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B264C76-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:48 . 2012-05-21 17:53 107520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1788D5E6-A36D-11E1-98AE-BC5FF435606C}.dat
+ 2012-05-21 17:11 . 2012-05-21 17:18 326656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02FF5643-A368-11E1-BE8A-BC5FF435606C}.dat
+ 2009-07-14 02:36 . 2012-05-22 14:58 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-21 16:28 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-22 14:58 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-21 16:28 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-05-21 19:19 108632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-21 20:53 . 2012-05-21 20:53 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2012-05-21 20:51 . 2012-05-21 20:51 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-07-14 05:01 . 2012-05-22 15:02 274532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-21 16:33 274532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-21 20:50 . 2012-05-21 20:50 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
+ 2012-05-07 16:22 . 2012-05-21 20:03 5734400 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-05-07 16:22 . 2012-05-21 16:30 5734400 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-05-21 20:04 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 16:32 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-21 20:04 5029888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-21 20:51 . 2012-03-20 11:51 8669240 c:\windows\Microsoft Antimalware\Definition Updates\{582A43FE-0CB8-4E27-A421-0EF9F28BD01E}\mpengine.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-4-27 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 136176]
R4 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R4 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976]
R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-24 378472]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 03:02]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 21:08]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 21:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5rt6ol1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-22 11:05:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 15:05
ComboFix2.txt 2012-05-21 15:55
ComboFix3.txt 2012-05-21 15:34
ComboFix4.txt 2012-05-18 16:06
.
Pre-Run: 454,221,205,504 bytes free
Post-Run: 454,144,806,912 bytes free
.
- - End Of File - - 91DEFE4DA3E152413A36DBE04346FAA1

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 22 May 2012 - 01:26 PM

Greetings Budgins

I want you to uninstall Chrome and FireFox and if asked about user data or settings I want you to remove those also.

Restart the computer and reinstall Crome and Firefox and check for redirects.

Then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 22 May 2012 - 02:06 PM

I have done as you asked, I removed Firefox and Chrome, along with the user settings, restarted and then installed the latest versions. Firefox chain crashes now, and when I can use it between crashes it is still getting redirected. Chrome is also still being redirected. Internet Explorer still seems to be working fine. Here are the logs:


14:53:05.0315 3176 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:53:05.0627 3176 ============================================================
14:53:05.0627 3176 Current date / time: 2012/05/22 14:53:05.0627
14:53:05.0627 3176 SystemInfo:
14:53:05.0627 3176
14:53:05.0627 3176 OS Version: 6.1.7601 ServicePack: 1.0
14:53:05.0627 3176 Product type: Workstation
14:53:05.0627 3176 ComputerName: JOHN-PC
14:53:05.0627 3176 UserName: John
14:53:05.0627 3176 Windows directory: C:\Windows
14:53:05.0627 3176 System windows directory: C:\Windows
14:53:05.0627 3176 Running under WOW64
14:53:05.0627 3176 Processor architecture: Intel x64
14:53:05.0627 3176 Number of processors: 4
14:53:05.0627 3176 Page size: 0x1000
14:53:05.0627 3176 Boot type: Normal boot
14:53:05.0627 3176 ============================================================
14:53:06.0610 3176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:53:06.0610 3176 ============================================================
14:53:06.0610 3176 \Device\Harddisk0\DR0:
14:53:06.0610 3176 MBR partitions:
14:53:06.0610 3176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:53:06.0610 3176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:53:06.0610 3176 ============================================================
14:53:06.0657 3176 C: <-> \Device\Harddisk0\DR0\Partition1
14:53:06.0657 3176 ============================================================
14:53:06.0657 3176 Initialize success
14:53:06.0657 3176 ============================================================
14:53:22.0444 3768 ============================================================
14:53:22.0444 3768 Scan started
14:53:22.0444 3768 Mode: Manual;
14:53:22.0444 3768 ============================================================
14:53:23.0583 3768 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:53:23.0583 3768 1394ohci - ok
14:53:23.0614 3768 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:53:23.0614 3768 ACPI - ok
14:53:23.0614 3768 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:53:23.0614 3768 AcpiPmi - ok
14:53:23.0723 3768 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:53:23.0723 3768 AdobeFlashPlayerUpdateSvc - ok
14:53:23.0755 3768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:53:23.0770 3768 adp94xx - ok
14:53:23.0786 3768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:53:23.0801 3768 adpahci - ok
14:53:23.0817 3768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:53:23.0817 3768 adpu320 - ok
14:53:23.0833 3768 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:53:23.0833 3768 AeLookupSvc - ok
14:53:23.0879 3768 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:53:23.0879 3768 AFD - ok
14:53:23.0926 3768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:53:23.0926 3768 agp440 - ok
14:53:23.0942 3768 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:53:23.0942 3768 ALG - ok
14:53:23.0957 3768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:53:23.0957 3768 aliide - ok
14:53:23.0957 3768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:53:23.0957 3768 amdide - ok
14:53:23.0973 3768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:53:23.0973 3768 AmdK8 - ok
14:53:23.0989 3768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:53:23.0989 3768 AmdPPM - ok
14:53:24.0004 3768 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
14:53:24.0004 3768 amdsata - ok
14:53:24.0035 3768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:53:24.0035 3768 amdsbs - ok
14:53:24.0051 3768 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
14:53:24.0051 3768 amdxata - ok
14:53:24.0082 3768 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:53:24.0082 3768 AppID - ok
14:53:24.0098 3768 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:53:24.0098 3768 AppIDSvc - ok
14:53:24.0176 3768 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:53:24.0176 3768 Appinfo - ok
14:53:24.0316 3768 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:53:24.0332 3768 Apple Mobile Device - ok
14:53:24.0347 3768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:53:24.0347 3768 arc - ok
14:53:24.0379 3768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:53:24.0379 3768 arcsas - ok
14:53:24.0410 3768 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
14:53:24.0410 3768 asmthub3 - ok
14:53:24.0441 3768 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:53:24.0441 3768 asmtxhci - ok
14:53:24.0472 3768 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
14:53:24.0472 3768 AsrAppCharger - ok
14:53:24.0488 3768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:53:24.0488 3768 AsyncMac - ok
14:53:24.0503 3768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:53:24.0503 3768 atapi - ok
14:53:24.0566 3768 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:24.0566 3768 AudioEndpointBuilder - ok
14:53:24.0581 3768 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:24.0581 3768 AudioSrv - ok
14:53:24.0613 3768 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:53:24.0613 3768 AxInstSV - ok
14:53:24.0644 3768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:53:24.0659 3768 b06bdrv - ok
14:53:24.0691 3768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:53:24.0691 3768 b57nd60a - ok
14:53:24.0784 3768 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
14:53:24.0800 3768 BCMH43XX - ok
14:53:24.0815 3768 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:53:24.0815 3768 BDESVC - ok
14:53:24.0831 3768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:53:24.0831 3768 Beep - ok
14:53:24.0909 3768 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:53:24.0909 3768 BFE - ok
14:53:24.0987 3768 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:53:25.0003 3768 BITS - ok
14:53:25.0034 3768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:53:25.0034 3768 blbdrive - ok
14:53:25.0127 3768 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:53:25.0127 3768 Bonjour Service - ok
14:53:25.0174 3768 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:53:25.0174 3768 bowser - ok
14:53:25.0190 3768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:53:25.0190 3768 BrFiltLo - ok
14:53:25.0205 3768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:53:25.0205 3768 BrFiltUp - ok
14:53:25.0237 3768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:53:25.0237 3768 BridgeMP - ok
14:53:25.0268 3768 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:53:25.0283 3768 Browser - ok
14:53:25.0299 3768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:53:25.0299 3768 Brserid - ok
14:53:25.0299 3768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:53:25.0315 3768 BrSerWdm - ok
14:53:25.0315 3768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:53:25.0315 3768 BrUsbMdm - ok
14:53:25.0315 3768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:53:25.0315 3768 BrUsbSer - ok
14:53:25.0330 3768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:53:25.0330 3768 BTHMODEM - ok
14:53:25.0346 3768 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:53:25.0346 3768 bthserv - ok
14:53:25.0361 3768 catchme - ok
14:53:25.0377 3768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:53:25.0377 3768 cdfs - ok
14:53:25.0424 3768 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:53:25.0424 3768 cdrom - ok
14:53:25.0439 3768 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:53:25.0439 3768 CertPropSvc - ok
14:53:25.0533 3768 cFosSpeed (33b82cf69e41b38a2ec0c3cabde80d6e) C:\Windows\system32\DRIVERS\cfosspeed6.sys
14:53:25.0549 3768 cFosSpeed - ok
14:53:26.0235 3768 cFosSpeedS (760085908644d2988f1b504c3fca6959) C:\Program Files\ASRock\XFast LAN\spd.exe
14:53:26.0235 3768 cFosSpeedS - ok
14:53:26.0407 3768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:53:26.0407 3768 circlass - ok
14:53:26.0438 3768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:53:26.0438 3768 CLFS - ok
14:53:26.0485 3768 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:26.0485 3768 clr_optimization_v2.0.50727_32 - ok
14:53:26.0547 3768 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:53:26.0547 3768 clr_optimization_v2.0.50727_64 - ok
14:53:26.0563 3768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:53:26.0563 3768 CmBatt - ok
14:53:26.0563 3768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:53:26.0578 3768 cmdide - ok
14:53:26.0625 3768 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:53:26.0625 3768 CNG - ok
14:53:26.0641 3768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:53:26.0641 3768 Compbatt - ok
14:53:26.0656 3768 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:53:26.0656 3768 CompositeBus - ok
14:53:26.0672 3768 COMSysApp - ok
14:53:26.0687 3768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:53:26.0687 3768 crcdisk - ok
14:53:26.0719 3768 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:53:26.0734 3768 CryptSvc - ok
14:53:26.0765 3768 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:53:26.0781 3768 DcomLaunch - ok
14:53:26.0812 3768 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:53:26.0812 3768 defragsvc - ok
14:53:26.0828 3768 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:53:26.0843 3768 DfsC - ok
14:53:26.0859 3768 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:53:26.0875 3768 Dhcp - ok
14:53:26.0890 3768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:53:26.0890 3768 discache - ok
14:53:26.0937 3768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:53:26.0937 3768 Disk - ok
14:53:26.0968 3768 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:53:26.0968 3768 Dnscache - ok
14:53:26.0999 3768 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:53:26.0999 3768 dot3svc - ok
14:53:27.0015 3768 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:53:27.0015 3768 DPS - ok
14:53:27.0046 3768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:53:27.0046 3768 drmkaud - ok
14:53:27.0093 3768 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:53:27.0109 3768 DXGKrnl - ok
14:53:27.0171 3768 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:53:27.0171 3768 EapHost - ok
14:53:27.0296 3768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:53:27.0327 3768 ebdrv - ok
14:53:27.0452 3768 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:53:27.0452 3768 EFS - ok
14:53:27.0545 3768 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:53:27.0545 3768 ehRecvr - ok
14:53:27.0561 3768 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:53:27.0561 3768 ehSched - ok
14:53:27.0639 3768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:53:27.0639 3768 elxstor - ok
14:53:27.0655 3768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:53:27.0655 3768 ErrDev - ok
14:53:27.0701 3768 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:53:27.0701 3768 EventSystem - ok
14:53:27.0733 3768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:53:27.0733 3768 exfat - ok
14:53:27.0748 3768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:53:27.0748 3768 fastfat - ok
14:53:27.0779 3768 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:53:27.0795 3768 Fax - ok
14:53:27.0795 3768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:53:27.0811 3768 fdc - ok
14:53:27.0826 3768 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:53:27.0826 3768 fdPHost - ok
14:53:27.0826 3768 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:53:27.0842 3768 FDResPub - ok
14:53:27.0842 3768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:53:27.0842 3768 FileInfo - ok
14:53:27.0857 3768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:53:27.0857 3768 Filetrace - ok
14:53:27.0873 3768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:53:27.0873 3768 flpydisk - ok
14:53:27.0889 3768 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:53:27.0889 3768 FltMgr - ok
14:53:27.0904 3768 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
14:53:27.0904 3768 FNETURPX - ok
14:53:28.0060 3768 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:53:28.0076 3768 FontCache - ok
14:53:28.0123 3768 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:53:28.0123 3768 FontCache3.0.0.0 - ok
14:53:28.0154 3768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:53:28.0154 3768 FsDepends - ok
14:53:28.0169 3768 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:53:28.0169 3768 Fs_Rec - ok
14:53:28.0201 3768 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:53:28.0201 3768 fvevol - ok
14:53:28.0232 3768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:53:28.0232 3768 gagp30kx - ok
14:53:28.0263 3768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:53:28.0263 3768 GEARAspiWDM - ok
14:53:28.0310 3768 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:53:28.0310 3768 gpsvc - ok
14:53:28.0403 3768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:28.0403 3768 gupdate - ok
14:53:28.0419 3768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:28.0419 3768 gupdatem - ok
14:53:28.0481 3768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:53:28.0481 3768 gusvc - ok
14:53:28.0497 3768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:53:28.0497 3768 hcw85cir - ok
14:53:28.0544 3768 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:53:28.0544 3768 HdAudAddService - ok
14:53:28.0559 3768 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:53:28.0559 3768 HDAudBus - ok
14:53:28.0575 3768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:53:28.0575 3768 HidBatt - ok
14:53:28.0575 3768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:53:28.0591 3768 HidBth - ok
14:53:28.0606 3768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:53:28.0606 3768 HidIr - ok
14:53:28.0622 3768 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:53:28.0622 3768 hidserv - ok
14:53:28.0637 3768 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:53:28.0637 3768 HidUsb - ok
14:53:28.0669 3768 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:53:28.0669 3768 hkmsvc - ok
14:53:28.0684 3768 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:53:28.0700 3768 HomeGroupListener - ok
14:53:28.0731 3768 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:53:28.0747 3768 HomeGroupProvider - ok
14:53:28.0762 3768 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:53:28.0762 3768 HpSAMD - ok
14:53:28.0793 3768 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:53:28.0809 3768 HTTP - ok
14:53:28.0825 3768 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:53:28.0825 3768 hwpolicy - ok
14:53:28.0856 3768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:53:28.0856 3768 i8042prt - ok
14:53:28.0887 3768 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
14:53:28.0887 3768 iaStorV - ok
14:53:29.0074 3768 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:53:29.0074 3768 IDriverT - ok
14:53:29.0152 3768 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:53:29.0168 3768 idsvc - ok
14:53:35.0236 3768 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:53:35.0392 3768 igfx - ok
14:53:36.0001 3768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:53:36.0001 3768 iirsp - ok
14:53:36.0063 3768 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:53:36.0063 3768 IKEEXT - ok
14:53:36.0188 3768 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
14:53:36.0203 3768 IntcAzAudAddService - ok
14:53:37.0202 3768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:53:37.0202 3768 intelide - ok
14:53:37.0233 3768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:53:37.0233 3768 intelppm - ok
14:53:37.0249 3768 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:53:37.0264 3768 IPBusEnum - ok
14:53:37.0280 3768 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:53:37.0295 3768 IpFilterDriver - ok
14:53:37.0327 3768 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:53:37.0327 3768 iphlpsvc - ok
14:53:37.0342 3768 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:53:37.0342 3768 IPMIDRV - ok
14:53:37.0342 3768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:53:37.0358 3768 IPNAT - ok
14:53:38.0902 3768 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:53:38.0949 3768 iPod Service - ok
14:53:38.0980 3768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:53:38.0980 3768 IRENUM - ok
14:53:38.0980 3768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:53:38.0996 3768 isapnp - ok
14:53:39.0011 3768 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:53:39.0011 3768 iScsiPrt - ok
14:53:39.0027 3768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:53:39.0027 3768 kbdclass - ok
14:53:39.0058 3768 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:53:39.0058 3768 kbdhid - ok
14:53:39.0074 3768 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:39.0074 3768 KeyIso - ok
14:53:39.0105 3768 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:53:39.0121 3768 KSecDD - ok
14:53:39.0136 3768 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:53:39.0136 3768 KSecPkg - ok
14:53:39.0152 3768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:53:39.0152 3768 ksthunk - ok
14:53:39.0183 3768 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:53:39.0199 3768 KtmRm - ok
14:53:39.0230 3768 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:53:39.0245 3768 LanmanServer - ok
14:53:39.0573 3768 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:53:39.0573 3768 LanmanWorkstation - ok
14:53:39.0604 3768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:53:39.0604 3768 lltdio - ok
14:53:39.0635 3768 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:53:39.0651 3768 lltdsvc - ok
14:53:39.0667 3768 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:53:39.0667 3768 lmhosts - ok
14:53:39.0745 3768 LMS (9ad4bee2fe76d4ca39ac969b617e94fb) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:53:39.0745 3768 LMS - ok
14:53:39.0776 3768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:53:39.0776 3768 LSI_FC - ok
14:53:39.0791 3768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:53:39.0791 3768 LSI_SAS - ok
14:53:39.0807 3768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:53:39.0807 3768 LSI_SAS2 - ok
14:53:39.0838 3768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:53:39.0838 3768 LSI_SCSI - ok
14:53:39.0854 3768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:53:39.0854 3768 luafv - ok
14:53:39.0885 3768 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
14:53:39.0885 3768 MBfilt - ok
14:53:39.0932 3768 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:53:39.0932 3768 Mcx2Svc - ok
14:53:39.0947 3768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:53:39.0947 3768 megasas - ok
14:53:39.0979 3768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:53:39.0994 3768 MegaSR - ok
14:53:40.0025 3768 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:53:40.0025 3768 MEIx64 - ok
14:53:40.0150 3768 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:53:40.0150 3768 MMCSS - ok
14:53:40.0166 3768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:53:40.0181 3768 Modem - ok
14:53:40.0197 3768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:53:40.0197 3768 monitor - ok
14:53:40.0213 3768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:53:40.0213 3768 mouclass - ok
14:53:40.0213 3768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:53:40.0213 3768 mouhid - ok
14:53:40.0244 3768 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:53:40.0244 3768 mountmgr - ok
14:53:40.0291 3768 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:53:40.0291 3768 MozillaMaintenance - ok
14:53:40.0322 3768 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:53:40.0337 3768 MpFilter - ok
14:53:40.0353 3768 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:53:40.0353 3768 mpio - ok
14:53:40.0369 3768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:53:40.0369 3768 mpsdrv - ok
14:53:40.0431 3768 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:53:40.0447 3768 MpsSvc - ok
14:53:40.0462 3768 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:53:40.0462 3768 MRxDAV - ok
14:53:40.0478 3768 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:53:40.0493 3768 mrxsmb - ok
14:53:40.0525 3768 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:53:40.0525 3768 mrxsmb10 - ok
14:53:40.0540 3768 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:53:40.0556 3768 mrxsmb20 - ok
14:53:40.0556 3768 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:53:40.0556 3768 msahci - ok
14:53:40.0571 3768 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:53:40.0571 3768 msdsm - ok
14:53:40.0603 3768 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:53:40.0603 3768 MSDTC - ok
14:53:40.0634 3768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:53:40.0634 3768 Msfs - ok
14:53:40.0665 3768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:53:40.0665 3768 mshidkmdf - ok
14:53:40.0665 3768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:53:40.0665 3768 msisadrv - ok
14:53:40.0712 3768 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:53:40.0712 3768 MSiSCSI - ok
14:53:40.0727 3768 msiserver - ok
14:53:40.0743 3768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:53:40.0743 3768 MSKSSRV - ok
14:53:40.0837 3768 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:53:40.0837 3768 MsMpSvc - ok
14:53:40.0868 3768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:53:40.0868 3768 MSPCLOCK - ok
14:53:40.0883 3768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:53:40.0883 3768 MSPQM - ok
14:53:40.0915 3768 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:53:40.0915 3768 MsRPC - ok
14:53:40.0930 3768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:53:40.0930 3768 mssmbios - ok
14:53:40.0930 3768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:53:40.0930 3768 MSTEE - ok
14:53:40.0946 3768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:53:40.0946 3768 MTConfig - ok
14:53:40.0961 3768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:53:40.0977 3768 Mup - ok
14:53:41.0008 3768 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:53:41.0008 3768 napagent - ok
14:53:41.0055 3768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:53:41.0055 3768 NativeWifiP - ok
14:53:41.0086 3768 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:53:41.0102 3768 NDIS - ok
14:53:41.0117 3768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:53:41.0117 3768 NdisCap - ok
14:53:41.0133 3768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:53:41.0133 3768 NdisTapi - ok
14:53:41.0149 3768 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:53:41.0149 3768 Ndisuio - ok
14:53:41.0164 3768 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:53:41.0164 3768 NdisWan - ok
14:53:41.0180 3768 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:53:41.0180 3768 NDProxy - ok
14:53:41.0195 3768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:53:41.0195 3768 NetBIOS - ok
14:53:41.0227 3768 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:53:41.0227 3768 NetBT - ok
14:53:41.0242 3768 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:41.0242 3768 Netlogon - ok
14:53:41.0273 3768 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:53:41.0289 3768 Netman - ok
14:53:41.0336 3768 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:53:41.0336 3768 netprofm - ok
14:53:41.0414 3768 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:53:41.0414 3768 NetTcpPortSharing - ok
14:53:41.0429 3768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:53:41.0445 3768 nfrd960 - ok
14:53:41.0461 3768 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:53:41.0461 3768 NisDrv - ok
14:53:41.0960 3768 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:53:41.0975 3768 NisSrv - ok
14:53:42.0007 3768 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:53:42.0022 3768 NlaSvc - ok
14:53:42.0022 3768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:53:42.0022 3768 Npfs - ok
14:53:42.0038 3768 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:53:42.0038 3768 nsi - ok
14:53:42.0053 3768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:53:42.0053 3768 nsiproxy - ok
14:53:42.0100 3768 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
14:53:42.0116 3768 Ntfs - ok
14:53:42.0350 3768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:53:42.0365 3768 Null - ok
14:53:42.0397 3768 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
14:53:42.0397 3768 NVHDA - ok
14:53:47.0311 3768 nvlddmkm (f87fc68f90b09f06ebaaad687e2e83a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:53:47.0357 3768 nvlddmkm - ok
14:53:47.0638 3768 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
14:53:47.0638 3768 nvraid - ok
14:53:47.0669 3768 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
14:53:47.0669 3768 nvstor - ok
14:53:47.0747 3768 NVSvc (e5afbe55415828ee6230f148425a30e4) C:\Windows\system32\nvvsvc.exe
14:53:47.0747 3768 NVSvc - ok
14:53:47.0779 3768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:53:47.0779 3768 nv_agp - ok
14:53:47.0779 3768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:53:47.0794 3768 ohci1394 - ok
14:53:47.0825 3768 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:53:47.0825 3768 p2pimsvc - ok
14:53:47.0841 3768 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:53:47.0857 3768 p2psvc - ok
14:53:47.0857 3768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:53:47.0857 3768 Parport - ok
14:53:47.0872 3768 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:53:47.0888 3768 partmgr - ok
14:53:47.0903 3768 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:53:47.0903 3768 PcaSvc - ok
14:53:47.0919 3768 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:53:47.0919 3768 pci - ok
14:53:47.0935 3768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:53:47.0935 3768 pciide - ok
14:53:47.0935 3768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:53:47.0950 3768 pcmcia - ok
14:53:47.0966 3768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:53:47.0966 3768 pcw - ok
14:53:47.0997 3768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:53:47.0997 3768 PEAUTH - ok
14:53:48.0091 3768 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:53:48.0091 3768 PerfHost - ok
14:53:48.0153 3768 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:53:48.0169 3768 pla - ok
14:53:48.0200 3768 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:53:48.0200 3768 PlugPlay - ok
14:53:48.0215 3768 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:53:48.0215 3768 PNRPAutoReg - ok
14:53:48.0231 3768 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:53:48.0247 3768 PNRPsvc - ok
14:53:48.0262 3768 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:53:48.0278 3768 PolicyAgent - ok
14:53:48.0293 3768 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:53:48.0309 3768 Power - ok
14:53:48.0356 3768 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:53:48.0356 3768 PptpMiniport - ok
14:53:48.0371 3768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:53:48.0371 3768 Processor - ok
14:53:48.0387 3768 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:53:48.0387 3768 ProfSvc - ok
14:53:48.0403 3768 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:48.0403 3768 ProtectedStorage - ok
14:53:48.0434 3768 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:53:48.0434 3768 Psched - ok
14:53:48.0496 3768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:53:48.0512 3768 ql2300 - ok
14:53:48.0605 3768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:53:48.0605 3768 ql40xx - ok
14:53:48.0637 3768 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:53:48.0637 3768 QWAVE - ok
14:53:48.0652 3768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:53:48.0652 3768 QWAVEdrv - ok
14:53:48.0668 3768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:53:48.0668 3768 RasAcd - ok
14:53:48.0683 3768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:53:48.0683 3768 RasAgileVpn - ok
14:53:48.0730 3768 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:53:48.0730 3768 RasAuto - ok
14:53:48.0746 3768 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:53:48.0746 3768 Rasl2tp - ok
14:53:48.0761 3768 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:53:48.0777 3768 RasMan - ok
14:53:48.0777 3768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:53:48.0777 3768 RasPppoe - ok
14:53:48.0793 3768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:53:48.0793 3768 RasSstp - ok
14:53:48.0808 3768 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:53:48.0808 3768 rdbss - ok
14:53:48.0824 3768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:53:48.0824 3768 rdpbus - ok
14:53:48.0824 3768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:53:48.0824 3768 RDPCDD - ok
14:53:48.0839 3768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:53:48.0839 3768 RDPENCDD - ok
14:53:48.0839 3768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:53:48.0855 3768 RDPREFMP - ok
14:53:48.0871 3768 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:53:48.0871 3768 RDPWD - ok
14:53:48.0886 3768 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:53:48.0886 3768 rdyboost - ok
14:53:48.0933 3768 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:53:48.0933 3768 RemoteAccess - ok
14:53:48.0964 3768 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:53:48.0964 3768 RemoteRegistry - ok
14:53:48.0980 3768 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:53:48.0980 3768 RpcEptMapper - ok
14:53:48.0995 3768 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:53:48.0995 3768 RpcLocator - ok
14:53:49.0011 3768 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:53:49.0011 3768 RpcSs - ok
14:53:49.0042 3768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:53:49.0042 3768 rspndr - ok
14:53:49.0089 3768 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:53:49.0089 3768 RTL8167 - ok
14:53:49.0105 3768 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:49.0105 3768 SamSs - ok
14:53:49.0120 3768 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:53:49.0120 3768 sbp2port - ok
14:53:49.0120 3768 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:53:49.0120 3768 SCardSvr - ok
14:53:49.0151 3768 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:53:49.0151 3768 scfilter - ok
14:53:49.0198 3768 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:53:49.0214 3768 Schedule - ok
14:53:49.0245 3768 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
14:53:49.0245 3768 SCMNdisP - ok
14:53:49.0261 3768 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:53:49.0261 3768 SCPolicySvc - ok
14:53:49.0292 3768 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:53:49.0292 3768 SDRSVC - ok
14:53:49.0307 3768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:53:49.0307 3768 secdrv - ok
14:53:49.0323 3768 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:53:49.0323 3768 seclogon - ok
14:53:49.0339 3768 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:53:49.0339 3768 SENS - ok
14:53:49.0354 3768 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:53:49.0354 3768 SensrSvc - ok
14:53:49.0385 3768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:53:49.0385 3768 Serenum - ok
14:53:49.0401 3768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:53:49.0401 3768 Serial - ok
14:53:49.0432 3768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:53:49.0432 3768 sermouse - ok
14:53:49.0479 3768 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:53:49.0479 3768 SessionEnv - ok
14:53:49.0479 3768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:53:49.0479 3768 sffdisk - ok
14:53:49.0479 3768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:53:49.0479 3768 sffp_mmc - ok
14:53:49.0495 3768 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:53:49.0495 3768 sffp_sd - ok
14:53:49.0495 3768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:53:49.0495 3768 sfloppy - ok
14:53:49.0526 3768 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:53:49.0526 3768 SharedAccess - ok
14:53:49.0557 3768 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:53:49.0557 3768 ShellHWDetection - ok
14:53:49.0588 3768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:53:49.0588 3768 SiSRaid2 - ok
14:53:49.0604 3768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:53:49.0604 3768 SiSRaid4 - ok
14:53:49.0666 3768 SmartViewService (c337738ba4bd745e0983ec6ef262798d) C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
14:53:49.0666 3768 SmartViewService - ok
14:53:49.0697 3768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:53:49.0697 3768 Smb - ok
14:53:49.0713 3768 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:53:49.0713 3768 SNMPTRAP - ok
14:53:49.0729 3768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:53:49.0729 3768 spldr - ok
14:53:49.0760 3768 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:53:49.0775 3768 Spooler - ok
14:53:49.0885 3768 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:53:49.0931 3768 sppsvc - ok
14:53:50.0087 3768 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:53:50.0087 3768 sppuinotify - ok
14:53:50.0165 3768 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:53:50.0181 3768 srv - ok
14:53:50.0197 3768 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:53:50.0197 3768 srv2 - ok
14:53:50.0212 3768 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:53:50.0212 3768 srvnet - ok
14:53:50.0243 3768 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:53:50.0243 3768 SSDPSRV - ok
14:53:50.0259 3768 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:53:50.0259 3768 SstpSvc - ok
14:53:50.0337 3768 Stereo Service (db341a3598cd7b157d9097d273557f8f) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:53:50.0337 3768 Stereo Service - ok
14:53:50.0399 3768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:53:50.0399 3768 stexstor - ok
14:53:50.0446 3768 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:53:50.0462 3768 stisvc - ok
14:53:50.0509 3768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:53:50.0509 3768 swenum - ok
14:53:50.0867 3768 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:53:50.0883 3768 swprv - ok
14:53:50.0945 3768 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:53:50.0977 3768 SysMain - ok
14:53:51.0055 3768 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:53:51.0055 3768 TabletInputService - ok
14:53:51.0101 3768 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:53:51.0101 3768 TapiSrv - ok
14:53:51.0117 3768 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:53:51.0117 3768 TBS - ok
14:53:51.0226 3768 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:53:51.0257 3768 Tcpip - ok
14:53:53.0145 3768 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:53:53.0161 3768 TCPIP6 - ok
14:53:53.0925 3768 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:53:53.0941 3768 tcpipreg - ok
14:53:53.0941 3768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:53:53.0941 3768 TDPIPE - ok
14:53:53.0972 3768 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:53:53.0972 3768 TDTCP - ok
14:53:53.0972 3768 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:53:53.0987 3768 tdx - ok
14:53:53.0987 3768 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:53:53.0987 3768 TermDD - ok
14:53:54.0050 3768 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:53:54.0065 3768 TermService - ok
14:53:54.0081 3768 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:53:54.0081 3768 Themes - ok
14:53:54.0112 3768 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:53:54.0112 3768 THREADORDER - ok
14:53:54.0112 3768 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:53:54.0128 3768 TrkWks - ok
14:53:54.0159 3768 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:53:54.0159 3768 TrustedInstaller - ok
14:53:54.0175 3768 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:54.0175 3768 tssecsrv - ok
14:53:54.0206 3768 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:53:54.0206 3768 TsUsbFlt - ok
14:53:54.0221 3768 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:53:54.0221 3768 TsUsbGD - ok
14:53:54.0237 3768 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:53:54.0237 3768 tunnel - ok
14:53:54.0253 3768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:53:54.0253 3768 uagp35 - ok
14:53:54.0299 3768 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:53:54.0299 3768 udfs - ok
14:53:54.0346 3768 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:53:54.0346 3768 UI0Detect - ok
14:53:54.0377 3768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:53:54.0393 3768 uliagpkx - ok
14:53:54.0409 3768 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:53:54.0409 3768 umbus - ok
14:53:54.0409 3768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:53:54.0409 3768 UmPass - ok
14:53:55.0157 3768 UNS (cd114ce02a10fa79c229770788106842) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:53:55.0220 3768 UNS - ok
14:53:56.0109 3768 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:53:56.0109 3768 upnphost - ok
14:53:56.0156 3768 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:53:56.0156 3768 usbaudio - ok
14:53:56.0203 3768 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:53:56.0203 3768 usbccgp - ok
14:53:56.0234 3768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:53:56.0234 3768 usbcir - ok
14:53:56.0249 3768 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
14:53:56.0249 3768 usbehci - ok
14:53:56.0281 3768 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
14:53:56.0281 3768 usbhub - ok
14:53:56.0296 3768 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
14:53:56.0296 3768 usbohci - ok
14:53:56.0312 3768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:53:56.0312 3768 usbprint - ok
14:53:56.0343 3768 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:53:56.0359 3768 usbscan - ok
14:53:56.0374 3768 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:53:56.0374 3768 USBSTOR - ok
14:53:56.0374 3768 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
14:53:56.0374 3768 usbuhci - ok
14:53:56.0421 3768 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:53:56.0437 3768 UxSms - ok
14:53:56.0452 3768 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:56.0452 3768 VaultSvc - ok
14:53:56.0468 3768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:53:56.0468 3768 vdrvroot - ok
14:53:56.0499 3768 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:53:56.0515 3768 vds - ok
14:53:56.0530 3768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:53:56.0530 3768 vga - ok
14:53:56.0546 3768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:53:56.0546 3768 VgaSave - ok
14:53:56.0561 3768 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:53:56.0561 3768 vhdmp - ok
14:53:56.0577 3768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:53:56.0577 3768 viaide - ok
14:53:56.0608 3768 VirtuWDDM (d7d9e7c0c64350259c355efe37ad9ce6) C:\Windows\system32\DRIVERS\VirtuWDDM.sys
14:53:56.0608 3768 VirtuWDDM - ok
14:53:56.0624 3768 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:53:56.0624 3768 volmgr - ok
14:53:56.0639 3768 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:53:56.0655 3768 volmgrx - ok
14:53:56.0671 3768 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:53:56.0671 3768 volsnap - ok
14:53:56.0702 3768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:53:56.0702 3768 vsmraid - ok
14:53:56.0764 3768 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:53:56.0795 3768 VSS - ok
14:53:57.0185 3768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:53:57.0185 3768 vwifibus - ok
14:53:57.0217 3768 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:53:57.0217 3768 vwififlt - ok
14:53:57.0248 3768 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:53:57.0263 3768 W32Time - ok
14:53:57.0279 3768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:53:57.0279 3768 WacomPen - ok
14:53:57.0310 3768 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:53:57.0310 3768 WANARP - ok
14:53:57.0310 3768 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:53:57.0310 3768 Wanarpv6 - ok
14:53:57.0404 3768 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:53:57.0419 3768 WatAdminSvc - ok
14:53:57.0497 3768 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:53:57.0513 3768 wbengine - ok
14:53:58.0293 3768 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:53:58.0309 3768 WbioSrvc - ok
14:53:58.0324 3768 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:53:58.0340 3768 wcncsvc - ok
14:53:58.0355 3768 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:53:58.0355 3768 WcsPlugInService - ok
14:53:58.0402 3768 WCUService (49496a86c042a681a81e1002412bed3e) C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe
14:53:58.0418 3768 WCUService - ok
14:53:58.0480 3768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:53:58.0480 3768 Wd - ok
14:53:58.0511 3768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:53:58.0527 3768 Wdf01000 - ok
14:53:58.0543 3768 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:53:58.0558 3768 WdiServiceHost - ok
14:53:58.0558 3768 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:53:58.0558 3768 WdiSystemHost - ok
14:53:58.0589 3768 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:53:58.0589 3768 WebClient - ok
14:53:58.0605 3768 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:53:58.0621 3768 Wecsvc - ok
14:53:58.0636 3768 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:53:58.0636 3768 wercplsupport - ok
14:53:58.0652 3768 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:53:58.0652 3768 WerSvc - ok
14:53:58.0699 3768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:53:58.0699 3768 WfpLwf - ok
14:53:58.0714 3768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:53:58.0714 3768 WIMMount - ok
14:53:58.0745 3768 WinDefend - ok
14:53:58.0745 3768 WinHttpAutoProxySvc - ok
14:53:58.0792 3768 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:53:58.0792 3768 Winmgmt - ok
14:53:58.0901 3768 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:53:58.0933 3768 WinRM - ok
14:53:59.0042 3768 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:53:59.0057 3768 Wlansvc - ok
14:53:59.0089 3768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:53:59.0089 3768 WmiAcpi - ok
14:53:59.0167 3768 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:53:59.0167 3768 wmiApSrv - ok
14:53:59.0213 3768 WMPNetworkSvc - ok
14:53:59.0245 3768 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:53:59.0245 3768 WPCSvc - ok
14:53:59.0260 3768 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:53:59.0260 3768 WPDBusEnum - ok
14:53:59.0276 3768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:53:59.0276 3768 ws2ifsl - ok
14:53:59.0291 3768 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:53:59.0291 3768 wscsvc - ok
14:53:59.0291 3768 WSearch - ok
14:53:59.0401 3768 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
14:53:59.0416 3768 WSWNA3100 - ok
14:53:59.0494 3768 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:53:59.0525 3768 wuauserv - ok
14:53:59.0744 3768 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:53:59.0759 3768 WudfPf - ok
14:53:59.0775 3768 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:53:59.0791 3768 WUDFRd - ok
14:53:59.0806 3768 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:53:59.0806 3768 wudfsvc - ok
14:53:59.0822 3768 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:53:59.0837 3768 WwanSvc - ok
14:53:59.0853 3768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:54:01.0007 3768 \Device\Harddisk0\DR0 - ok
14:54:01.0007 3768 Boot (0x1200) (d4f4a775d5615ba06ced8b8692fa8965) \Device\Harddisk0\DR0\Partition0
14:54:01.0039 3768 \Device\Harddisk0\DR0\Partition0 - ok
14:54:01.0054 3768 Boot (0x1200) (117cdd7c3e230f9f4d31b615c7fc7ee4) \Device\Harddisk0\DR0\Partition1
14:54:01.0054 3768 \Device\Harddisk0\DR0\Partition1 - ok
14:54:01.0054 3768 ============================================================
14:54:01.0054 3768 Scan finished
14:54:01.0054 3768 ============================================================
14:54:01.0070 3452 Detected object count: 0
14:54:01.0070 3452 Actual detected object count: 0
14:54:06.0202 2284 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 14:54:27
-----------------------------
14:54:27.725 OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:27.725 Number of processors: 4 586 0x2A07
14:54:27.725 ComputerName: JOHN-PC UserName: John
14:54:28.302 Initialize success
14:55:25.691 AVAST engine defs: 12052200
14:55:38.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7
14:55:38.233 Disk 0 Vendor: ST500DM005_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
14:55:38.264 Disk 0 MBR read successfully
14:55:38.264 Disk 0 MBR scan
14:55:38.264 Disk 0 Windows 7 default MBR code
14:55:38.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:55:38.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:55:38.311 Disk 0 scanning C:\Windows\system32\drivers
14:55:45.222 Service scanning
14:55:59.231 Modules scanning
14:55:59.231 Disk 0 trace - called modules:
14:55:59.246 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:55:59.246 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800718f060]
14:55:59.761 3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa8006ef9c60]
14:55:59.761 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa8006ef8060]
14:56:00.276 AVAST engine scan C:\Windows
14:56:01.852 AVAST engine scan C:\Windows\system32
14:57:09.603 AVAST engine scan C:\Windows\system32\drivers
14:57:16.248 AVAST engine scan C:\Users\John
14:59:13.857 AVAST engine scan C:\ProgramData
14:59:27.179 Scan finished successfully
14:59:43.122 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
14:59:43.122 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 22 May 2012 - 03:07 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 22 May 2012 - 03:28 PM

Here is the OTL log:


OTL logfile created on: 5/22/2012 4:21:50 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 75.36% Memory free
11.83 Gb Paging File | 10.28 Gb Available in Paging File | 86.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 423.61 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive F: | 3.51 Gb Total Space | 2.65 Gb Free Space | 75.38% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DeviceVM\SmartView\SmartViewClientService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SmartViewService) -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe (DeviceVM, Inc.)
SRV - (WCUService) -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe (DeviceVM, Inc.)
SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.)
DRV:64bit: - (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm118YYus&ptnrS=XPxdm118YYus&si=bing_tvfan&ptb=4036D59D-778F-4CE6-B23C-6129909A5696&psa=&ind=2012050712&st=sb&n=77ed7518&searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF F6 08 46 7E 24 CD 01 [binary data]
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS485
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\SearchScopes\{AE13804D-749F-44db-A3F2-6D25CAACB67F}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/22 14:48:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/22 14:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/05/22 14:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/05/22 11:03:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B42F3E1-EDB0-4FB7-B2F5-930758895732}: DhcpNameServer = 24.92.226.11 24.92.226.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CFDE953-5F16-434F-9813-33286F9F76EB}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/21 13:28:47 | 000,000,114 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/01/03 11:40:00 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 16:20:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/05/22 14:52:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/22 14:48:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/05/22 14:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/22 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/22 14:43:09 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\JohnsStuff
[2012/05/22 14:35:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/22 11:05:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/22 10:56:57 | 004,502,181 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/05/21 16:50:51 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/05/21 15:36:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/05/21 15:13:12 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\John\Desktop\HijackThis.exe
[2012/05/21 13:22:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/21 12:08:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/05/21 12:08:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/21 12:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/21 12:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/21 11:38:12 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/05/21 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/05/21 11:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/05/21 11:24:39 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\AZAkit
[2012/05/21 11:24:04 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\GeneralVRkit
[2012/05/21 10:59:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Google
[2012/05/21 10:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/21 10:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/05/21 10:40:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2012/05/21 10:37:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/05/21 10:19:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apple
[2012/05/18 11:56:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/18 11:56:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/18 11:56:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/18 11:56:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/18 11:56:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/18 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2012/05/18 11:54:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/05/18 11:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/05/18 11:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/18 11:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/18 11:53:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/18 11:53:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/18 11:53:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/18 11:53:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/18 11:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/07 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2012/05/04 23:02:21 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 19:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/05/03 19:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/05/03 19:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/05/03 19:16:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/05/03 19:16:43 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/05/03 19:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830
[2012/05/03 19:16:38 | 000,234,496 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM7Q.DLL
[2012/05/03 19:16:35 | 000,270,336 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCC830.DLL
[2012/05/03 19:16:35 | 000,122,368 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCL830.DLL
[2012/05/03 19:16:35 | 000,049,664 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCI830.DLL
[2012/05/03 19:16:35 | 000,017,408 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\cncisco.x64.dll
[2012/05/03 19:16:34 | 000,188,928 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Lb.DLL
[2012/05/03 19:16:34 | 000,093,696 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSb.EXE
[2012/05/03 19:16:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLbUS.DLL
[2012/05/03 19:16:34 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLbJP.DLL
[2012/05/03 19:16:28 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/05/01 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Garmin
[2012/04/30 12:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/04/30 12:23:09 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/30 12:23:09 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/30 12:23:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/04/30 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/27 17:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/27 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Google
[2012/04/27 17:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/27 17:08:13 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/04/27 17:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/27 17:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/27 17:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/27 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/27 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/27 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/27 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/04/27 17:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/27 17:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/04/27 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Apple Computer
[2012/04/27 16:56:47 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/04/27 16:56:47 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/04/27 16:56:47 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/04/27 16:56:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/04/27 16:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/27 16:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/27 16:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/27 16:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/27 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/04/27 16:27:55 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2012/04/27 16:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
[2012/04/27 16:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2012/04/27 16:24:58 | 003,552,768 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012/04/27 16:24:58 | 000,838,136 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys
[2012/04/27 16:24:58 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012/04/27 16:24:57 | 003,888,128 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012/04/27 16:24:57 | 001,436,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2012/04/27 16:24:57 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/04/27 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Johnhearingloss1.11.2012
[2012/04/27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\tools
[2012/04/27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\meds
[2012/04/27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\letters 2010-11
[2012/04/27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Johnhearingloss1.11.2012
[2012/04/27 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\GMAC_files
[2012/04/27 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Downloads
[2012/04/27 10:57:26 | 004,158,200 | ---- | C] (Garmin International) -- C:\Users\John\Documents\GarminMapUpdater_v2.6.12.exe
[2012/04/27 10:57:26 | 004,158,200 | ---- | C] (Garmin International) -- C:\Users\John\Documents\GarminMapUpdater_v2.6.12(1).exe
[2012/04/27 10:31:19 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Kathy Closson
[2012/04/27 10:29:16 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\John Closson
[2012/04/27 10:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/27 03:39:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/04/27 02:47:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/27 02:40:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/04/27 02:40:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/27 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/04/27 00:05:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2012/04/27 00:05:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DeviceVm
[2012/04/27 00:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
[2012/04/27 00:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/04/27 00:04:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Cyberlink
[2012/04/27 00:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/04/27 00:03:19 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\Updreg.EXE
[2012/04/27 00:03:16 | 000,141,312 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\THXCfg64.exe
[2012/04/27 00:03:16 | 000,026,624 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\THXCfg64.dll
[2012/04/27 00:03:16 | 000,011,264 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\ResDefA.exe
[2012/04/27 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012/04/27 00:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012/04/27 00:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/04/27 00:02:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia
[2012/04/27 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2012/04/27 00:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/04/27 00:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/04/27 00:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/04/27 00:00:44 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2012/04/27 00:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
[2012/04/27 00:00:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\cFos
[2012/04/27 00:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2012/04/27 00:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012/04/27 00:00:33 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2012/04/27 00:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2012/04/27 00:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2012/04/27 00:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUsb
[2012/04/27 00:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2012/04/27 00:00:20 | 000,015,368 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2012/04/27 00:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2012/04/27 00:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2012/04/26 23:59:13 | 000,066,336 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys
[2012/04/26 23:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTU
[2012/04/26 23:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidlogix Technologies
[2012/04/26 23:59:12 | 000,000,000 | ---D | C] -- C:\Users\John\Lucidlogix
[2012/04/26 23:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012/04/26 23:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012/04/26 23:58:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/04/26 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/04/26 23:57:22 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2012/04/26 23:57:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\InstallShield
[2012/04/26 23:56:41 | 000,471,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/04/26 23:56:41 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/04/26 23:56:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/04/26 23:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/26 23:56:05 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/04/26 23:56:05 | 002,405,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/04/26 23:56:05 | 001,560,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/04/26 23:56:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/04/26 23:56:05 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/04/26 23:56:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/04/26 23:56:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/04/26 23:56:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/04/26 23:56:05 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/04/26 23:56:04 | 003,114,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/04/26 23:56:04 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/04/26 23:56:04 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/04/26 23:56:04 | 001,805,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/04/26 23:56:04 | 001,284,712 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/04/26 23:56:04 | 001,245,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/04/26 23:56:04 | 000,876,120 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2012/04/26 23:56:04 | 000,738,392 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2012/04/26 23:56:04 | 000,625,752 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll
[2012/04/26 23:56:04 | 000,561,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll
[2012/04/26 23:56:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/04/26 23:56:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/04/26 23:56:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/04/26 23:56:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/04/26 23:56:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/04/26 23:56:04 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/04/26 23:56:04 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/04/26 23:56:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/04/26 23:56:04 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/04/26 23:56:04 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2012/04/26 23:56:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/04/26 23:56:04 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys
[2012/04/26 23:56:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/04/26 23:56:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/26 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/04/26 23:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/04/26 23:54:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/04/26 23:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/26 23:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/04/26 23:54:27 | 017,901,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2012/04/26 23:54:27 | 014,520,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/04/26 23:54:27 | 012,297,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/04/26 23:54:27 | 012,228,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/04/26 23:54:27 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/04/26 23:54:27 | 008,244,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/04/26 23:54:27 | 006,278,656 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/04/26 23:54:27 | 004,378,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/04/26 23:54:27 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/04/26 23:54:27 | 000,510,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/04/26 23:54:27 | 000,416,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/04/26 23:54:27 | 000,392,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/04/26 23:54:27 | 000,385,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/04/26 23:54:27 | 000,378,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/04/26 23:54:27 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/04/26 23:54:27 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/04/26 23:54:27 | 000,335,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/04/26 23:54:27 | 000,288,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/04/26 23:54:27 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/04/26 23:54:27 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/04/26 23:54:27 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/04/26 23:54:27 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/04/26 23:54:27 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/04/26 23:54:27 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/04/26 23:54:27 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/04/26 23:54:27 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/04/26 23:54:27 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/04/26 23:54:27 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/04/26 23:54:27 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/04/26 23:54:27 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/04/26 23:54:27 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/04/26 23:54:27 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/04/26 23:54:27 | 000,239,384 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/04/26 23:54:27 | 000,168,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/04/26 23:54:27 | 000,158,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/04/26 23:54:27 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/04/26 23:54:27 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/04/26 23:54:27 | 000,136,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/04/26 23:54:27 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/04/26 23:54:27 | 000,109,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/04/26 23:54:27 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/04/26 23:54:27 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/04/26 23:54:27 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2372.dll
[2012/04/26 23:54:27 | 000,062,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/04/26 23:54:27 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/04/26 23:54:27 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/04/26 23:52:29 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/04/26 23:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/04/26 23:52:21 | 000,000,000 | ---D | C] -- C:\Intel
[2012/04/26 23:49:54 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/26 23:49:54 | 000,000,000 | R--D | C] -- C:\Users\John\Searches
[2012/04/26 23:49:54 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/26 23:49:54 | 000,000,000 | -H-D | C] -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/26 23:49:47 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2012/04/26 23:49:45 | 000,000,000 | R--D | C] -- C:\Users\John\Contacts
[2012/04/26 23:49:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2012/04/26 23:49:39 | 000,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2012/04/26 23:49:39 | 000,000,000 | RHSD | C] -- C:\Users\John\My Documents
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Videos
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Links
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Downloads
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\Desktop
[2012/04/26 23:49:39 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Templates
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Recent
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2012/04/26 23:49:39 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2012/04/26 23:49:39 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData
[2012/04/26 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2012/04/26 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2012/04/26 23:49:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2012/04/26 23:49:36 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/04/26 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/04/26 15:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2012/04/26 14:46:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/04/26 14:46:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/04/26 12:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/26 12:46:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/26 12:46:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/26 12:46:27 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/26 12:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/04/26 12:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/04/26 12:37:52 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco642040.dll
[2012/04/26 12:37:52 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/04/26 12:37:52 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/04/26 12:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/04/26 12:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/04/26 12:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/04/26 12:36:12 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2012/04/26 12:36:09 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2012/04/26 12:35:57 | 008,129,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/04/26 12:35:57 | 006,049,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/04/26 12:35:57 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/26 12:35:57 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/26 12:35:55 | 020,490,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/04/26 12:35:54 | 015,063,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/04/26 12:35:51 | 012,870,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/04/26 12:35:50 | 010,084,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/04/26 12:35:50 | 003,113,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/04/26 12:35:50 | 002,897,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/04/26 12:35:50 | 002,482,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/04/26 12:35:49 | 006,607,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/04/26 12:35:49 | 004,943,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/04/26 12:35:49 | 002,252,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/04/26 12:35:43 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/04/26 12:35:42 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/04/26 12:35:42 | 002,221,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/04/26 12:35:42 | 001,985,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/04/26 12:35:42 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2012/04/26 12:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/04/26 12:26:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/04/26 12:26:00 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/04/26 12:26:00 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/04/26 12:26:00 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/04/26 12:26:00 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/04/26 12:25:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/26 12:25:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/26 12:25:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/26 12:25:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/26 12:25:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/26 12:25:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/26 12:25:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/26 12:25:43 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/04/26 12:25:43 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/04/26 12:25:41 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/04/26 12:25:41 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/04/26 12:25:40 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/04/26 12:25:40 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/04/26 12:25:39 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/04/26 12:25:39 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/04/26 12:25:39 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/04/26 12:25:39 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/04/26 12:25:39 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/04/26 12:25:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/04/26 12:25:38 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/04/26 12:25:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/04/26 12:25:37 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/26 12:25:36 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/26 12:25:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/26 12:25:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/26 12:25:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/26 12:25:36 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/26 12:25:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/26 12:25:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/26 12:25:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/26 12:25:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/26 12:25:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/26 12:25:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/26 12:25:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/26 12:25:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/26 12:25:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/26 12:25:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/26 12:25:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/26 12:25:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/26 12:25:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/26 12:25:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/26 12:25:32 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/04/26 12:25:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/04/26 12:25:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/04/26 12:25:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/04/26 12:25:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/26 12:25:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/04/26 12:25:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/04/26 12:25:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/04/26 12:25:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/26 12:25:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/04/26 12:25:27 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/04/26 12:25:27 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/04/26 12:25:27 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/04/26 12:25:27 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/04/26 12:25:27 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/04/26 12:25:27 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/04/26 12:25:27 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/04/26 12:25:25 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/26 12:25:23 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/26 12:25:23 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/26 12:25:21 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/04/26 12:25:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/04/26 12:25:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/04/26 12:25:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/04/26 12:25:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/04/26 12:25:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/04/26 12:25:19 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/04/26 12:25:19 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/04/26 12:25:19 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/04/26 12:25:19 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/04/26 12:25:18 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/26 12:25:18 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/04/26 12:25:18 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/04/26 12:25:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/04/26 12:25:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/04/26 12:25:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/04/26 12:25:18 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/04/26 12:25:18 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/04/26 12:25:18 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/04/26 12:25:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/04/26 12:25:15 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/26 12:25:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/26 12:25:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/26 12:25:08 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/04/26 12:25:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/04/26 12:25:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/04/26 12:25:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/26 12:25:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/26 12:25:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/26 12:25:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/04/26 12:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/26 12:22:00 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/04/26 12:21:43 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/26 12:21:42 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/26 12:21:42 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/26 12:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/26 12:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/26 12:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/26 12:21:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/04/26 12:21:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/04/26 12:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/04/26 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/26 12:08:28 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\John\Desktop\ATF-Cleaner.exe
[2012/04/26 12:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2012/04/26 12:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/22 16:19:50 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/22 16:19:50 | 000,617,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/22 16:19:50 | 000,104,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/22 16:18:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/05/22 16:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/22 16:18:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/22 16:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/22 15:56:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000UA.job
[2012/05/22 14:59:43 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/05/22 14:56:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000Core.job
[2012/05/22 14:54:47 | 000,022,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 14:54:47 | 000,022,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 14:52:07 | 000,002,306 | ---- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2012/05/22 14:48:24 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/22 14:47:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/22 14:47:27 | 467,288,063 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 11:03:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/22 10:55:49 | 004,502,181 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2012/05/22 10:55:15 | 000,851,898 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2012/05/21 15:35:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/05/21 12:08:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 11:57:57 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\4p9sb7f6.exe
[2012/05/21 11:38:08 | 000,002,267 | ---- | M] () -- C:\Users\John\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/05/21 10:59:15 | 000,001,106 | ---- | M] () -- C:\Users\John\Desktop\Activate SmartView.lnk
[2012/05/18 12:02:45 | 000,294,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/18 11:54:18 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/05/18 11:53:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/18 11:53:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/18 11:53:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/18 11:53:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/18 11:49:00 | 000,001,409 | ---- | M] () -- C:\Users\John\Desktop\Internet Explorer (64-bit).lnk
[2012/05/14 19:59:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/14 19:42:42 | 001,187,457 | ---- | M] () -- C:\Users\John\Desktop\bookmarks-2012-05-14.json
[2012/05/04 23:02:38 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 23:02:38 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 23:02:24 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 19:18:10 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/05/03 19:17:51 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/05/03 19:17:40 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator 2.2.lnk
[2012/05/02 14:26:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/01 14:47:24 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/04/30 09:41:48 | 000,000,000 | ---- | M] () -- C:\Users\John\AppData\Local\{98B7B332-07E2-49F5-9959-C94CE9162A90}
[2012/04/27 17:08:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/27 17:04:49 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/27 16:27:51 | 000,000,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2012/04/27 16:27:51 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2012/04/27 16:25:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2012/04/27 10:01:36 | 000,001,437 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/27 02:42:50 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/04/27 02:42:50 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/04/27 00:03:15 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012/04/27 00:00:45 | 000,000,003 | ---- | M] () -- C:\Users\John\AppData\Local\user_data.ini
[2012/04/27 00:00:33 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2012/04/26 23:58:37 | 000,016,300 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/04/26 15:23:04 | 000,001,885 | ---- | M] () -- C:\Users\John\Desktop\CCleaner.lnk
[2012/04/26 12:49:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/26 12:49:50 | 000,730,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/26 12:25:06 | 000,001,897 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Security Essentials.lnk
[2012/04/26 12:23:58 | 000,442,850 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120503-122918.backup
[2012/04/26 12:21:37 | 000,001,282 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/26 12:21:37 | 000,001,258 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2012/04/26 12:09:22 | 000,001,264 | ---- | M] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/22 14:59:43 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/05/22 14:52:07 | 000,002,306 | ---- | C] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2012/05/22 14:51:36 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000UA.job
[2012/05/22 14:51:35 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000Core.job
[2012/05/22 14:48:24 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/22 14:48:24 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/22 10:56:57 | 000,851,898 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2012/05/21 12:08:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 11:59:28 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\4p9sb7f6.exe
[2012/05/21 11:38:08 | 000,002,267 | ---- | C] () -- C:\Users\John\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/05/21 10:59:15 | 000,001,106 | ---- | C] () -- C:\Users\John\Desktop\Activate SmartView.lnk
[2012/05/18 11:56:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/18 11:56:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/18 11:56:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/18 11:56:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/18 11:56:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/18 11:54:18 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/05/18 11:49:00 | 000,001,409 | ---- | C] () -- C:\Users\John\Desktop\Internet Explorer (64-bit).lnk
[2012/05/14 19:42:41 | 001,187,457 | ---- | C] () -- C:\Users\John\Desktop\bookmarks-2012-05-14.json
[2012/05/03 19:18:10 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/05/03 19:17:51 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2012/05/03 19:17:40 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator 2.2.lnk
[2012/05/02 14:26:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/01 14:47:24 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012/04/30 12:23:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 09:41:48 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Local\{98B7B332-07E2-49F5-9959-C94CE9162A90}
[2012/04/27 17:08:36 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 17:08:31 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 17:08:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/27 17:08:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/04/27 17:04:49 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/27 16:27:51 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2012/04/27 16:27:51 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2012/04/27 16:25:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2012/04/27 11:04:31 | 000,000,190 | ---- | C] () -- C:\Users\John\Desktop\Shortcut (2) to CD Drive.lnk
[2012/04/27 10:57:27 | 000,579,890 | R--- | C] () -- C:\Users\John\Documents\mha_refinance080310.pdf
[2012/04/27 10:57:27 | 000,194,021 | R--- | C] () -- C:\Users\John\Documents\Updating_Maps-1.pdf
[2012/04/27 10:57:27 | 000,194,021 | R--- | C] () -- C:\Users\John\Documents\Updating_Maps.pdf
[2012/04/27 10:57:26 | 005,601,832 | ---- | C] () -- C:\Users\John\Documents\jobsite table saw #28463.TIF
[2012/04/27 10:57:26 | 005,601,832 | ---- | C] () -- C:\Users\John\Documents\C--DOCUME~1-JOHNCL~1-LOCALS~1-Temp-L1003525.tif
[2012/04/27 10:57:26 | 001,819,656 | ---- | C] () -- C:\Users\John\Documents\CLOSSON_APPRAISAL9.2011.PDF
[2012/04/27 10:57:26 | 000,046,553 | ---- | C] () -- C:\Users\John\Documents\GMAC.htm
[2012/04/27 10:57:26 | 000,043,550 | ---- | C] () -- C:\Users\John\Documents\C--DOCUME~1-JOHNCL~1-LOCALS~1-Temp-2010 HAMP Report Form.tif
[2012/04/27 10:57:26 | 000,010,752 | ---- | C] () -- C:\Users\John\Documents\APPRAISAL CC REQUEST.wps
[2012/04/27 10:01:36 | 000,001,437 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/27 02:42:44 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/27 02:42:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/27 02:40:11 | 467,288,063 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/27 00:05:29 | 000,001,426 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2012/04/27 00:03:16 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini
[2012/04/27 00:03:16 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2012/04/27 00:03:16 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/04/27 00:03:16 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/04/27 00:03:16 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/04/27 00:03:15 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/04/27 00:03:15 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012/04/27 00:03:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/04/27 00:03:14 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012/04/27 00:03:14 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012/04/27 00:02:41 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/04/27 00:02:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/27 00:00:45 | 000,000,003 | ---- | C] () -- C:\Users\John\AppData\Local\user_data.ini
[2012/04/26 23:58:37 | 000,016,300 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/04/26 23:57:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/04/26 23:56:41 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/04/26 23:56:05 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2012/04/26 23:54:27 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/04/26 23:54:27 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/04/26 23:54:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/04/26 23:54:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/04/26 23:54:27 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/26 23:54:27 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/04/26 23:54:27 | 000,211,082 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/04/26 23:54:27 | 000,197,902 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/04/26 23:54:27 | 000,182,514 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/04/26 23:54:27 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/04/26 23:54:27 | 000,156,057 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/04/26 23:54:27 | 000,152,994 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/04/26 23:54:27 | 000,148,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/04/26 23:54:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/04/26 23:54:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/04/26 23:54:27 | 000,140,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/04/26 23:54:27 | 000,138,572 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/04/26 23:54:27 | 000,137,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/04/26 23:54:27 | 000,137,506 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/04/26 23:54:27 | 000,136,449 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/04/26 23:54:27 | 000,135,519 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/04/26 23:54:27 | 000,135,222 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/04/26 23:54:27 | 000,134,686 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/04/26 23:54:27 | 000,134,272 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/04/26 23:54:27 | 000,134,238 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/04/26 23:54:27 | 000,133,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/04/26 23:54:27 | 000,133,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/04/26 23:54:27 | 000,133,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/04/26 23:54:27 | 000,133,014 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/04/26 23:54:27 | 000,132,752 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/04/26 23:54:27 | 000,132,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/04/26 23:54:27 | 000,131,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/04/26 23:54:27 | 000,128,863 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/04/26 23:54:27 | 000,128,667 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/04/26 23:54:27 | 000,128,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/04/26 23:54:27 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/04/26 23:54:27 | 000,117,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/04/26 23:54:27 | 000,116,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/04/26 23:54:27 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/04/26 23:54:27 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/04/26 23:54:27 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/04/26 23:54:27 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/04/26 23:54:27 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/04/26 23:54:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/04/26 23:54:27 | 000,017,220 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/04/26 23:54:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/04/26 23:54:27 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/04/26 23:49:58 | 000,001,409 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/26 23:49:55 | 000,001,443 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/26 23:49:39 | 000,000,290 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/26 23:49:39 | 000,000,272 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/26 15:23:04 | 000,001,885 | ---- | C] () -- C:\Users\John\Desktop\CCleaner.lnk
[2012/04/26 12:36:12 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/26 12:25:06 | 000,001,897 | ---- | C] () -- C:\Users\John\Desktop\Microsoft Security Essentials.lnk
[2012/04/26 12:24:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/26 12:24:36 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/26 12:24:25 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/26 12:21:37 | 000,001,282 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/26 12:21:37 | 000,001,258 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2012/04/26 12:09:22 | 000,001,264 | ---- | C] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2010/11/20 23:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 22 May 2012 - 05:23 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm118YYus&ptnrS=XPxdm118YYus&si=bing_tvfan&ptb=4036D59D-778F-4CE6-B23C-6129909A5696&psa=&ind=2012050712&st=sb&n=77ed7518&searchfor={searchTerms}
    IE - HKU\.DEFAULT\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-18\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-2255535704-1149818376-554438282-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 May 2012 - 09:19 AM

Hello, The machine is still experiencing redirects on both Chrome and Firefox. Internet Explorer working fine currently. Still multiple instances of Internet Explorer running in processes, surfing various websites running random PHP queries, according to Process Explorer. I can't see them on the screen, however. Here's the OTL Custom Fix log.


========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}\ not found.
File C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll not found.
Registry value HKEY_USERS\S-1-5-21-2255535704-1149818376-554438282-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}\ not found.
File C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: John
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: John
->Flash cache emptied: 2881 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05232012_100444

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 23 May 2012 - 09:33 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 May 2012 - 09:53 AM

No change in the machine. Combofix log:


ComboFix 12-05-23.01 - John 05/23/2012 10:41:52.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4760 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uejyaaa.tmp
c:\programdata\vejyaaa.tmp
c:\programdata\zsfsbaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 14:44 . 2012-05-23 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 14:04 . 2012-05-23 14:04 -------- d-----w- C:\_OTL
2012-05-22 18:48 . 2012-05-22 18:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-22 18:45 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29A5C61-3D93-49BF-BD86-9B4F9C60F72A}\mpengine.dll
2012-05-21 20:50 . 2012-05-21 20:50 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-21 16:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-21 16:08 . 2012-05-21 16:08 -------- d-----w- c:\programdata\Malwarebytes
2012-05-21 16:08 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 16:08 . 2012-05-21 16:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-05-21 14:58 . 2012-05-21 14:58 -------- d-----w- c:\program files\Google
2012-05-21 14:37 . 2012-05-21 14:37 -------- d-----w- c:\windows\Sun
2012-05-18 15:53 . 2012-05-18 15:54 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-18 15:53 . 2012-05-18 15:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-18 15:53 . 2012-05-18 15:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-18 15:53 . 2012-05-18 15:53 -------- d-----w- c:\program files (x86)\Java
2012-05-12 10:26 . 2012-05-22 16:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-12 10:16 . 2012-05-22 16:01 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-12 10:15 . 2012-05-22 16:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-12 10:15 . 2012-05-12 10:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-10 21:37 . 2012-05-18 08:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-10 21:37 . 2012-05-18 08:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-10 21:37 . 2012-05-18 08:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-10 21:36 . 2012-05-16 10:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-05 03:02 . 2012-05-05 03:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:17 . 2012-05-03 23:17 -------- d-----w- c:\program files\Canon
2012-05-03 23:17 . 2012-05-03 23:17 -------- d-----w- c:\program files (x86)\Canon
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\programdata\McAfee
2012-04-30 16:23 . 2012-05-05 03:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-30 16:23 . 2012-05-05 03:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-30 16:23 . 2012-04-30 16:23 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 21:08 . 2012-05-22 18:43 -------- d-----w- c:\program files (x86)\Google
2012-04-27 21:08 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files\iTunes
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files (x86)\iTunes
2012-04-27 21:08 . 2012-04-27 21:08 -------- d-----w- c:\program files\iPod
2012-04-27 21:07 . 2012-05-18 15:46 -------- d-----w- c:\programdata\AVAST Software
2012-04-27 21:07 . 2012-05-14 23:47 -------- d-----w- c:\program files\AVAST Software
2012-04-27 21:07 . 2012-04-27 21:07 -------- d-----w- c:\program files\Bonjour
2012-04-27 21:07 . 2012-04-27 21:07 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-27 21:04 . 2012-04-27 21:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-27 21:04 . 2012-04-27 21:04 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-27 20:56 . 2012-04-27 20:56 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-27 20:56 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-27 20:56 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-27 20:56 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-27 20:56 . 2012-04-27 20:56 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-27 20:56 . 2012-04-27 21:08 -------- d-----w- c:\programdata\Apple Computer
2012-04-27 20:56 . 2012-05-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2012-04-27 20:55 . 2012-05-21 17:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-04-27 20:55 . 2012-04-27 21:07 -------- d-----w- c:\programdata\Apple
2012-04-27 20:27 . 2007-01-19 22:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-04-27 20:27 . 2012-04-27 20:27 -------- d-----w- c:\program files (x86)\NETGEAR
2012-04-27 20:24 . 2009-11-06 12:40 838136 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys
2012-04-27 20:24 . 2009-11-06 12:34 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-04-27 20:24 . 2009-11-06 12:34 3552768 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-04-27 20:24 . 2010-02-03 15:21 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-04-27 20:24 . 2009-11-06 12:34 3888128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-04-27 20:24 . 2009-11-06 12:31 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-04-27 07:39 . 2012-04-27 03:49 -------- d-----w- c:\windows\Panther
2012-04-27 04:05 . 2012-04-27 04:05 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-04-27 04:05 . 2012-04-27 04:05 -------- d-----w- c:\program files (x86)\DeviceVM
2012-04-27 04:04 . 2012-04-27 04:04 -------- d-----w- c:\programdata\CyberLink
2012-04-27 04:03 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2012-04-27 04:03 . 2011-05-13 16:30 26624 ------w- c:\windows\system32\THXCfg64.dll
2012-04-27 04:03 . 2010-07-21 20:51 11264 ------w- c:\windows\SysWow64\ResDefA.exe
2012-04-27 04:03 . 2009-10-01 20:42 141312 ------w- c:\windows\system32\THXCfg64.exe
2012-04-27 04:03 . 2011-05-19 13:56 190464 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2012-04-27 04:03 . 2009-12-29 20:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2012-04-27 04:03 . 2009-12-29 20:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2012-04-27 04:03 . 2011-05-19 13:58 246784 ----a-w- c:\windows\system32\APOMgr64.DLL
2012-04-27 04:03 . 2012-04-27 04:03 -------- d-----w- c:\program files (x86)\Creative
2012-04-27 04:02 . 2012-04-27 04:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-04-27 04:02 . 2012-04-27 04:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files\ASRock
2012-04-27 04:00 . 2011-07-04 19:19 1632128 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\programdata\cFos
2012-04-27 04:00 . 2012-04-27 04:00 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\programdata\FNET
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files (x86)\XFastUsb
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files (x86)\ASRock Utility
2012-04-27 04:00 . 2012-04-27 04:00 -------- d-----w- c:\program files\ASRock Utility
2012-04-27 04:00 . 2010-06-11 18:37 15368 ----a-w- c:\windows\system32\drivers\AsrAppCharger.sys
2012-04-27 03:59 . 2011-07-07 20:05 66336 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2012-04-27 03:59 . 2012-04-27 03:59 -------- d-----w- c:\program files\Lucidlogix Technologies
2012-04-27 03:58 . 2012-04-27 03:58 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-04-27 03:58 . 2012-05-21 17:25 -------- d-sh--w- c:\windows\Installer
2012-04-27 03:57 . 2011-02-22 15:59 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-04-27 03:57 . 2012-04-27 03:57 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-04-27 03:57 . 2010-10-19 20:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-04-27 03:54 . 2012-04-27 03:54 -------- d-----w- c:\program files\Common Files\Intel
2012-04-27 03:52 . 2012-04-27 03:57 -------- d-----w- c:\program files (x86)\Intel
2012-04-27 03:52 . 2010-12-23 03:09 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-04-27 03:52 . 2012-04-27 03:53 -------- d-----w- C:\Intel
2012-04-27 03:49 . 2012-04-27 03:59 -------- d-----w- c:\users\John
2012-04-27 03:49 . 2012-04-27 03:49 -------- d-----w- C:\Recovery
2012-04-26 19:23 . 2012-04-26 19:23 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-26 18:46 . 2012-04-26 18:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-26 18:46 . 2012-04-26 18:46 -------- d-----w- c:\windows\system32\Wat
2012-04-26 16:49 . 2012-04-26 16:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-26 16:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-26 16:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-26 16:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-26 16:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-26 16:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-26 16:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-26 16:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-26 16:38 . 2012-04-26 16:38 -------- d-----w- c:\program files (x86)\ASUS
2012-04-26 16:37 . 2011-03-03 15:59 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-26 16:37 . 2011-03-03 15:59 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-26 16:37 . 2011-03-03 15:59 1359976 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2012-04-26 16:37 . 2012-05-23 14:45 -------- d-----w- c:\programdata\NVIDIA
2012-04-26 16:36 . 2012-04-26 16:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-26 16:36 . 2012-04-26 16:36 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-26 16:36 . 2011-03-28 10:27 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2012-04-26 16:36 . 2011-03-28 10:27 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2012-04-26 16:27 . 2012-04-26 16:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F31C563-54B1-4CBD-920E-DCB036F52DB7}\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:44 . 2010-10-25 01:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2010-10-25 01:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 3B933F4A7A00B4067B007AF73E8ABB21 . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-05-22_15.03.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-30 13:26 . 2012-05-21 20:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-30 13:26 . 2012-05-23 14:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-23 14:13 . 2012-05-23 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052320120524\index.dat
+ 2012-05-22 20:47 . 2012-05-22 20:47 86016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{61F52C3C-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:51 . 2012-05-22 20:51 55808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F20F502D-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:28 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC172D44-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:28 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC172D43-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:28 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A728F3BB-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:28 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A728F3BA-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:27 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98C42193-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:27 . 2012-05-22 20:29 57344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83B6F626-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:26 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70AE5555-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:26 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6208828A-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:26 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62088289-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:26 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{585AF766-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:25 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BBE8D3C-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:25 . 2012-05-22 20:29 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BBE8D3B-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-07 16:33 . 2012-05-22 20:46 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-05-07 16:33 . 2012-05-21 19:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-05-07 16:22 . 2012-05-23 14:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
- 2012-05-07 16:22 . 2012-05-21 20:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-11-21 03:09 . 2012-05-23 14:10 55878 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-23 14:10 34072 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-27 20:46 . 2012-05-23 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-27 20:46 . 2012-05-22 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-27 20:46 . 2012-05-22 14:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-27 20:46 . 2012-05-23 14:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-27 20:46 . 2012-05-23 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-27 20:46 . 2012-05-22 14:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 17:10 . 2012-05-23 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-26 17:10 . 2012-05-22 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-26 17:10 . 2012-05-22 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 17:10 . 2012-05-23 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-22 20:47 . 2012-05-22 20:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{61F52C3D-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:47 . 2012-05-22 20:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{61F52C3B-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-09 17:54 . 2012-05-23 14:20 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{02C652C6-9A00-11E1-BE81-BC5FF435606C}.dat
- 2012-05-09 17:54 . 2012-05-21 20:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{02C652C6-9A00-11E1-BE81-BC5FF435606C}.dat
+ 2012-05-23 14:20 . 2012-05-23 14:20 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7C7B13E8-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:54 . 2012-05-22 19:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFD74DF4-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:11 . 2012-05-22 19:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD1D4855-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:01 . 2012-05-22 20:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA5B600A-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:17 . 2012-05-23 14:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F7945FC0-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:18 . 2012-05-22 19:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F77B4467-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:08 . 2012-05-22 20:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4C2E19D-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:42 . 2012-05-22 18:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2EDE50F-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:25 . 2012-05-22 19:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F1E2C5FA-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:15 . 2012-05-22 20:15 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F05B1353-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:23 . 2012-05-22 20:29 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED6A453A-A44B-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:32 . 2012-05-22 19:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC4A478D-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:39 . 2012-05-22 19:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E6D31C63-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:56 . 2012-05-22 18:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E48935D6-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:56 . 2012-05-22 18:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E18F7D7E-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:46 . 2012-05-22 19:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E186C9FF-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:03 . 2012-05-22 19:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DEEF6F53-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:53 . 2012-05-22 19:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC16C2F7-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:10 . 2012-05-22 19:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D9559937-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:00 . 2012-05-22 20:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D69873AC-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:16 . 2012-05-23 14:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3CF1202-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:17 . 2012-05-22 19:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3B85809-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:07 . 2012-05-22 20:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0FD93DF-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:41 . 2012-05-22 18:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF2D5A12-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:24 . 2012-05-22 19:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE1FD99C-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:14 . 2012-05-22 20:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB651572-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:29 . 2012-05-22 20:29 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C90184A3-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:31 . 2012-05-22 19:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C882986E-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:38 . 2012-05-22 19:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3103006-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:55 . 2012-05-22 18:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C0C3E818-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:45 . 2012-05-22 19:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BDC17C41-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:02 . 2012-05-22 19:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB5C1E7B-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:52 . 2012-05-22 19:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B84CB278-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:09 . 2012-05-22 19:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B58B88B8-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:59 . 2012-05-22 20:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B2D7E8AF-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:15 . 2012-05-23 14:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B00762E4-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:16 . 2012-05-22 19:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AFF56BAC-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:06 . 2012-05-22 20:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD3AA781-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:40 . 2012-05-22 18:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB6273A5-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:23 . 2012-05-22 19:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA5A8BDE-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:40 . 2012-05-22 18:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A87BC64E-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:30 . 2012-05-22 19:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4C20D71-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:37 . 2012-05-22 19:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F4AE248-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:54 . 2012-05-22 18:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D081FDB-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:44 . 2012-05-22 19:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9A70D1F0-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:34 . 2012-05-22 20:34 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{963F6B53-A44D-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:51 . 2012-05-22 19:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9489C61A-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:41 . 2012-05-22 20:47 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{933F0CD3-A44E-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:34 . 2012-05-22 20:34 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9339CC19-A44D-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:08 . 2012-05-22 19:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{91CFC07B-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:41 . 2012-05-22 20:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{902B2557-A44E-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:14 . 2012-05-23 14:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8CB6B893-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:15 . 2012-05-22 19:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C2DBC8D-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:05 . 2012-05-22 20:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{897559C3-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:13 . 2012-05-23 14:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8945FB6D-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:22 . 2012-05-22 19:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86953E20-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:12 . 2012-05-22 20:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83D81895-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:46 . 2012-05-22 18:46 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81FF239D-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:29 . 2012-05-22 19:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{80F7FCF2-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:46 . 2012-05-22 18:46 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F060783-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:36 . 2012-05-22 19:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B85948A-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:53 . 2012-05-22 18:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79385295-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:00 . 2012-05-22 19:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{739CF5D0-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:50 . 2012-05-22 19:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70C216FC-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:07 . 2012-05-22 19:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6E034E9D-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:57 . 2012-05-22 19:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B2BF9EF-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:14 . 2012-05-22 19:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{68686ECF-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:47 . 2012-05-22 20:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6685EFE4-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:04 . 2012-05-22 20:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{65ADAAA5-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:20 . 2012-05-23 14:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62E448FA-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:21 . 2012-05-22 19:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62CFF062-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:11 . 2012-05-22 20:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6012CAD7-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:45 . 2012-05-22 18:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E3D5080-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:35 . 2012-05-22 19:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57C046CB-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:52 . 2012-05-22 18:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55756638-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:52 . 2012-05-22 18:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{52794C7F-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:59 . 2012-05-22 19:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4FDA0973-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:06 . 2012-05-22 19:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A3E00DF-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:56 . 2012-05-22 19:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4761E970-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:13 . 2012-05-22 19:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{44A32111-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:03 . 2012-05-22 20:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{41ED1FA7-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:46 . 2012-05-22 20:46 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F6C7583-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:19 . 2012-05-23 14:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F1EFB3C-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:20 . 2012-05-22 19:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F084144-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:10 . 2012-05-22 20:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3C4FDE79-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:44 . 2012-05-22 18:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A7A0665-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:27 . 2012-05-22 19:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{396B0016-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:34 . 2012-05-22 19:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33FD5A6E-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:41 . 2012-05-22 19:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E58F51F-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:58 . 2012-05-22 18:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C13D153-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:41 . 2012-05-22 19:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B87B42B-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:48 . 2012-05-22 19:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2911657B-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:05 . 2012-05-22 19:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{268E1F83-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:55 . 2012-05-22 19:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{239C9BB2-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:12 . 2012-05-22 19:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20E034B3-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:02 . 2012-05-22 20:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E230F29-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:18 . 2012-05-23 14:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B574C1E-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:19 . 2012-05-22 19:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B4554E6-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:09 . 2012-05-22 20:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18F81008-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:43 . 2012-05-22 18:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16B0D0A6-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:26 . 2012-05-22 19:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{15A813B8-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:40 . 2012-05-22 19:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A9ACB82-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:57 . 2012-05-22 18:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0850E4F5-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:04 . 2012-05-22 19:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02B5C6C3-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:54 . 2012-05-22 19:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFD74DF5-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:11 . 2012-05-22 19:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FD1D4856-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:01 . 2012-05-22 20:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA5B600B-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:17 . 2012-05-23 14:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7945FC1-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:18 . 2012-05-22 19:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F77B4468-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:08 . 2012-05-22 20:09 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F4C2E19E-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:42 . 2012-05-22 18:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2EDE510-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:25 . 2012-05-22 19:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1E2C5FB-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:15 . 2012-05-22 20:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F05B1354-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:32 . 2012-05-22 19:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC4A478E-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:39 . 2012-05-22 19:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6D31C64-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:56 . 2012-05-22 18:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E48935D7-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:56 . 2012-05-22 18:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E18F7D80-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:46 . 2012-05-22 19:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E186CA00-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:03 . 2012-05-22 19:04 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DEEF6F54-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:53 . 2012-05-22 19:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC16C2F8-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:10 . 2012-05-22 19:11 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9559938-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:00 . 2012-05-22 20:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D69873AD-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:16 . 2012-05-23 14:16 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3CF1203-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:17 . 2012-05-22 19:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3B8580A-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:07 . 2012-05-22 20:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0FD93E0-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:41 . 2012-05-22 18:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF2D5A13-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:24 . 2012-05-22 19:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE1FD99D-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:14 . 2012-05-22 20:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CB651573-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:29 . 2012-05-22 20:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C90184A4-A44C-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:31 . 2012-05-22 19:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C882986F-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:38 . 2012-05-22 19:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3103007-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:55 . 2012-05-22 18:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0C3E819-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:45 . 2012-05-22 19:46 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDC17C42-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:02 . 2012-05-22 19:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB5C1E7C-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:52 . 2012-05-22 19:53 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84CB279-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:09 . 2012-05-22 19:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B58B88B9-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:59 . 2012-05-22 20:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2D7E8B0-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:15 . 2012-05-23 14:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B00762E5-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:16 . 2012-05-22 19:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AFF56BAD-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:06 . 2012-05-22 20:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AD3AA782-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:40 . 2012-05-22 18:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB6273A6-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:23 . 2012-05-22 19:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA5A8BDF-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:40 . 2012-05-22 18:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A87BC64F-A43D-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:30 . 2012-05-22 19:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4C20D72-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:37 . 2012-05-22 19:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F4AE249-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:54 . 2012-05-22 18:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D081FDC-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:44 . 2012-05-22 19:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A70D1F1-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:34 . 2012-05-22 20:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{963F6B54-A44D-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:51 . 2012-05-22 19:52 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9489C61B-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:34 . 2012-05-22 20:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9339CC1A-A44D-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:08 . 2012-05-22 19:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91CFC07C-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:41 . 2012-05-22 20:46 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{902B2558-A44E-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:14 . 2012-05-23 14:14 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CB6B894-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:15 . 2012-05-22 19:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C2DBC8E-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:05 . 2012-05-22 20:06 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{897559C4-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:13 . 2012-05-23 14:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8945FB6E-A4E1-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:22 . 2012-05-22 19:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86953E21-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:12 . 2012-05-22 20:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83D81896-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:46 . 2012-05-22 18:46 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81FF239E-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:29 . 2012-05-22 19:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80F7FCF3-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:46 . 2012-05-22 18:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F060784-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:36 . 2012-05-22 19:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B85948B-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:53 . 2012-05-22 18:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{79385296-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:00 . 2012-05-22 19:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{739CF5D1-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:50 . 2012-05-22 19:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70C216FD-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:07 . 2012-05-22 19:08 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E034E9E-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:57 . 2012-05-22 19:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B2BF9F0-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:14 . 2012-05-22 19:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68686ED0-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:04 . 2012-05-22 20:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{65ADAAA6-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:20 . 2012-05-23 14:20 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62E448FB-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:21 . 2012-05-22 19:22 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62CFF063-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:11 . 2012-05-22 20:12 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6012CAD8-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:45 . 2012-05-22 18:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E3D5081-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:35 . 2012-05-22 19:36 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{57C046CC-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:52 . 2012-05-22 18:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55756639-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:52 . 2012-05-22 18:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52794C80-A43F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:59 . 2012-05-22 19:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FDA0974-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:06 . 2012-05-22 19:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A3E00E0-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:42 . 2012-05-22 19:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48183772-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:56 . 2012-05-22 19:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4761E971-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:13 . 2012-05-22 19:14 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44A32112-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:03 . 2012-05-22 20:04 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41ED1FA8-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:19 . 2012-05-23 14:19 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F1EFB3D-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:20 . 2012-05-22 19:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F084145-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:10 . 2012-05-22 20:11 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3C4FDE7A-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:44 . 2012-05-22 18:45 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A7A0666-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:27 . 2012-05-22 19:28 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{396B0017-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:34 . 2012-05-22 19:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33FD5A6F-A445-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:46 . 2012-05-22 20:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2EA3E1B2-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:41 . 2012-05-22 19:42 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E58F520-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:58 . 2012-05-22 18:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C13D154-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:48 . 2012-05-22 19:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2911657C-A447-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:05 . 2012-05-22 19:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{268E1F84-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:55 . 2012-05-22 19:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{239C9BB3-A448-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:12 . 2012-05-22 19:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20E034B4-A442-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:02 . 2012-05-22 20:03 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E230F2A-A449-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-23 14:18 . 2012-05-23 14:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B574C1F-A4E2-11E1-BE9F-BC5FF435606C}.dat
+ 2012-05-22 19:19 . 2012-05-22 19:20 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B4554E7-A443-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:09 . 2012-05-22 20:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18F81009-A44A-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:43 . 2012-05-22 18:44 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16B0D0A7-A43E-11E1-98A5-BC5FF435606C}.dat
+ 2012-05-22 19:26 . 2012-05-22 19:27 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{15A813B9-A444-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:40 . 2012-05-22 19:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A9ACB83-A446-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 18:57 . 2012-05-22 18:58 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0850E4F6-A440-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 19:04 . 2012-05-22 19:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02B5C6C4-A441-11E1-BEED-BC5FF435606C}.dat
+ 2012-04-27 03:55 . 2012-05-23 14:10 7132 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2255535704-1149818376-554438282-1000_UserData.bin
- 2012-05-22 15:03 . 2012-05-22 15:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-23 14:45 . 2012-05-23 14:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-05-21 20:04 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-23 14:20 409600 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-22 18:40 . 2012-05-22 20:47 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052220120523\index.dat
+ 2012-05-22 20:47 . 2012-05-22 20:47 284672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{61F52C3E-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:23 . 2012-05-22 20:29 172544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED6A453B-A44B-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:41 . 2012-05-22 20:47 324608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933F0CD4-A44E-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:46 . 2012-05-22 20:49 506880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F6C7584-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2012-05-22 20:45 . 2012-05-22 20:47 138752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1373AA12-A44F-11E1-BEED-BC5FF435606C}.dat
+ 2009-07-14 02:36 . 2012-05-23 14:42 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-22 14:58 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-23 14:42 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-22 14:58 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-23 14:44 274532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-22 15:02 274532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-07 16:22 . 2012-05-22 20:47 5734400 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-05-07 16:22 . 2012-05-21 20:03 5734400 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2009-07-14 04:54 . 2012-05-21 20:04 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 14:20 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 14:20 5029888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 20:04 5029888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-30 13:30 . 2012-05-23 14:44 14432168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2255535704-1149818376-554438282-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-4-27 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 136176]
R4 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R4 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976]
R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-24 378472]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 03:02]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 21:08]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 21:08]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 20:13]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255535704-1149818376-554438282-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-22 20:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\cfxyk6yx.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,68,2a,14,7b,21,bd,4a,8d,2c,7b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 10:47:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 14:47
ComboFix2.txt 2012-05-22 15:05
ComboFix3.txt 2012-05-21 15:55
ComboFix4.txt 2012-05-21 15:34
ComboFix5.txt 2012-05-23 14:41
.
Pre-Run: 454,843,215,872 bytes free
Post-Run: 454,809,255,936 bytes free
.
- - End Of File - - BA6FA7A995277DB2376F7B0D0406CBCE

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 23 May 2012 - 10:17 AM

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 May 2012 - 10:50 AM

Nothing found. Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
John :: JOHN-PC [administrator]

5/23/2012 11:28:32 AM
mbam-log-2012-05-23 (11-28-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204719
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 23 May 2012 - 11:42 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Budgins

Budgins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 25 May 2012 - 11:20 AM

Sorry for the late response. We've decided to format our troubles away. The Owner is anxious to have his machine back. Thank you for the assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users