Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop freezes upon scanning anything. Viruses visible in task manager.


  • This topic is locked This topic is locked
39 replies to this topic

#1 benyu332

benyu332

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 15 June 2012 - 03:52 AM

Since nearly half a year ago I've noticed a dramatic decrease in speed on my laptop. Additionally any type of scan, defragments, or windows updates would either freeze the computer or run EXTREMELY slow (ex. I've left the scan on overnight and it barely inched to 5%). I don't have a Windows 7 system CD, so I've tried the option of rebooting it to system settings. It helped enough to the point where it was bearable. The start up was still a bit slow, as I had to leave it alone for a good 10 minutes before everything runs smoothly. However every other day it would decide to act up and get stuck.

Recently I found a virus as I went through Processes in the task manager. I noticed it would generate random applications (wmpcns, vmptlsa/etc.) I also noticed there is an unusual CPU usage of 13 under certain applications, and would "hop" around as I ended the process. First it would be on Daemon tools, then I would end the process and it would hop onto Spotify; then Skype, Google Chrome-- and well you get the idea. Overheating is also an issue and I feel that is connected to the virus.

Tried running GMER but the check boxes are greyed out:

http://i46.tinypic.com/2dvr7fb.png

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 18 June 2012 - 08:15 AM

Hi benyu332,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

:step1: OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change File Age to 180 Days
  • Check off:
    • Use Company-Name Whitelist
    • Skip Microsoft Files
    • Use No-Company-Name Whitelist
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • OTL logs
  • FSS log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 18 June 2012 - 04:14 PM

Hi Jason! Thank you so much for your help! :]

Here are the OTL logs:


OTL logfile created on: 6/18/2012 2:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Ben.Ben-PC\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.22% Memory free
7.98 Gb Paging File | 6.29 Gb Available in Paging File | 78.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 305.26 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2012/06/18 14:38:11 | 000,012,970 | ---- | M] () -- C:\Users\BEN~1.BEN\AppData\Local\Temp\xvaxtq.exe
PRC - [2012/06/18 14:36:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ben.Ben-PC\Downloads\OTL.exe
PRC - [2012/06/15 00:41:34 | 000,932,528 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/12 02:02:46 | 001,403,640 | ---- | M] (CleanMyPC Software) -- C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/21 11:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/04/26 05:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/02/22 15:25:08 | 002,065,736 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/02/22 15:25:08 | 000,173,384 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/02/22 15:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/07/06 14:22:04 | 000,161,064 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/24 16:21:38 | 000,483,472 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 14:38:11 | 000,012,970 | ---- | M] () -- C:\Users\BEN~1.BEN\AppData\Local\Temp\xvaxtq.exe
MOD - [2012/06/15 00:41:34 | 000,932,528 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/03/22 05:07:18 | 000,469,880 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011/11/07 22:02:56 | 000,420,920 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
MOD - [2011/11/07 22:02:55 | 003,702,840 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 22:01:20 | 000,122,952 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 22:01:19 | 000,222,280 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 22:01:17 | 001,746,504 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/09/14 06:13:48 | 001,437,184 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2011/09/14 06:13:04 | 002,128,384 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/02/22 15:25:56 | 000,089,416 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAIEExtension.dll
MOD - [2010/02/22 15:25:12 | 000,059,208 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAib.dll
MOD - [2010/02/22 15:24:10 | 000,247,624 | ---- | M] () -- C:\WINDOWS\SysWOW64\FACrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/21 21:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/20 15:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,237,568 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/30 02:16:28 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/16 10:42:06 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/21 11:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/02/22 15:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/20 15:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 00:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/20 23:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/11/03 14:11:01 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/22 04:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/21 21:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/21 20:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/20 15:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/20 01:25:42 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/29 20:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/14 23:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 06:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 19:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 05:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/09 03:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FD10E12-047D-47F1-8A2C-75E11F084DAB}
IE:64bit: - HKLM\..\SearchScopes\{1FD10E12-047D-47F1-8A2C-75E11F084DAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5DF9ABF9-F38A-45DB-AA0E-E4C2504F5C2C}
IE - HKLM\..\SearchScopes\{5DF9ABF9-F38A-45DB-AA0E-E4C2504F5C2C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {6b556d31-eeee-de44-19f4-13e37eb9ba64} - C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {44FDFD44-E1DD-436F-B4C5-1C553FF6D62C}
IE - HKCU\..\SearchScopes\{44FDFD44-E1DD-436F-B4C5-1C553FF6D62C}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-87d7b36a1a2e43ec\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ben.Ben-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben.Ben-PC\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben.Ben-PC\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ben.Ben-PC\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/19 22:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/19 22:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben.Ben-PC\AppData\Roaming\mozilla\Extensions
[2012/06/01 02:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben.Ben-PC\AppData\Roaming\mozilla\Firefox\Profiles\w1ouiplr.default\extensions
[2012/05/19 22:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ben.Ben-PC\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Missing e = C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.9.17_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Ben.Ben-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.4_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ben.Ben-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BucksBee Loyalty Plugin - Softonic Notifications - {829cbb8d-4fbc-2464-e9d7-d55180b193b4} - C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic\ribbon.hta ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : BucksBee Loyalty Plugin - Softonic Notifications - {a8e3281a-999a-ab24-9566-42314ed92b6e} - C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic\ribbon_menu.hta ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{336B1690-8ECF-4FA6-9496-D7CA4DEC5716}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/03 15:11:59 | 000,000,240 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6052f6ef-04b9-11e1-b810-f04da24c23ba}\Shell - "" = AutoRun
O33 - MountPoints2\{6052f6ef-04b9-11e1-b810-f04da24c23ba}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 180 Days ==========

[2012/06/17 04:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/06/17 04:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/06/16 02:52:49 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\jagexcache
[2012/06/15 02:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/15 01:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/06/15 01:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/06/13 02:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/13 02:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/13 02:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/13 02:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/13 02:36:59 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/13 02:36:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/13 02:36:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/13 02:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/11 04:10:05 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/11 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\CleanMyPC Software
[2012/06/11 03:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
[2012/06/11 03:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2012/06/11 03:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/11 03:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/06 03:47:05 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Windows Live
[2012/06/01 02:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/01 02:10:49 | 000,000,000 | ---D | C] -- C:\AMD
[2012/05/31 14:15:04 | 000,000,000 | ---D | C] -- C:\bce9edea2e4cf22b80a7f5a3c6
[2012/05/29 03:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/29 03:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/29 03:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/28 02:15:31 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Diablo III
[2012/05/28 01:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/28 01:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/05/25 04:02:22 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/05/25 04:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/05/25 04:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/05/21 00:49:46 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/19 22:12:57 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Mozilla
[2012/05/19 22:12:57 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Mozilla
[2012/05/19 22:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/19 22:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/19 22:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/19 19:26:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/18 03:33:14 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/14 01:23:26 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Project64k v0.38
[2012/05/14 00:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Vizzed
[2012/05/14 00:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vizzed
[2012/05/13 01:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/07 01:31:23 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\GarenaPlus
[2012/05/07 01:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/05/07 01:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/05/07 01:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/05/07 00:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/04/27 05:33:35 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM9311.dll
[2012/04/27 05:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/04/27 05:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/04/27 05:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/04/27 05:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/04/27 05:32:28 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\HP
[2012/04/26 20:06:14 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Templates
[2012/04/26 19:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/04/26 12:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/26 12:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/26 12:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/04/26 03:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/26 03:28:00 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012/04/26 03:28:00 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012/04/26 03:28:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012/04/26 03:28:00 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012/04/26 03:28:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012/04/26 03:28:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012/04/26 03:28:00 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012/04/26 03:27:59 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012/04/26 03:24:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/26 03:24:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/26 03:24:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/26 03:24:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/26 03:24:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/26 03:24:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/26 03:24:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/26 03:24:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/26 03:24:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/26 03:24:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/26 03:24:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/26 03:24:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/26 03:24:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/26 03:24:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/26 03:24:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/26 03:24:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/26 03:24:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/26 03:24:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/26 03:24:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/26 03:24:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/26 03:24:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/26 03:24:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/26 03:24:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/26 03:24:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/26 03:24:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/26 03:24:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/26 03:24:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/26 03:24:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/26 03:24:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/26 03:24:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/26 03:24:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/26 03:24:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/26 03:24:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/26 03:24:36 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/26 03:24:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/26 03:24:36 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/26 03:24:36 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/26 03:24:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/26 03:24:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/26 03:24:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/26 03:24:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/26 03:24:36 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/26 03:24:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/26 03:24:36 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/26 03:24:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/26 03:24:36 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/26 03:24:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/26 03:24:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/26 03:24:35 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/26 03:24:35 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/26 03:24:35 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/26 03:24:35 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/26 03:24:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/26 03:24:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/26 03:24:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/26 03:24:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/26 03:24:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/26 03:24:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/26 03:24:34 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/26 03:24:34 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/26 03:24:34 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/26 03:24:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/26 03:24:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/26 03:24:34 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/26 03:24:34 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/26 03:24:34 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/26 03:24:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/26 03:24:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/26 03:24:34 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/26 03:24:34 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/26 03:24:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/26 03:24:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/26 03:14:34 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/26 03:14:33 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/26 03:14:33 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/26 03:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/26 03:07:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/26 03:07:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/26 03:07:45 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/25 15:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\WindSolutions
[2012/04/25 15:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012/04/25 04:11:31 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/04/25 04:11:30 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/25 04:11:30 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/25 04:11:29 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/25 04:11:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/25 04:11:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/25 04:11:27 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/04/25 04:11:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/04/25 04:11:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/04/25 04:11:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/04/25 04:11:27 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/04/25 04:11:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/04/25 04:11:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/04/25 04:11:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/04/25 04:11:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/04/25 04:05:50 | 000,000,000 | ---D | C] -- C:\eb24af0ee1d9e187bee5fbb0
[2012/04/25 04:02:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/04/25 04:02:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/04/25 04:02:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/04/25 04:02:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/04/25 04:02:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/04/25 04:02:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/04/25 04:02:41 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/04/25 04:02:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/04/25 04:02:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/04/25 04:02:37 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/04/25 04:02:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/04/25 04:02:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/04/25 04:02:35 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/25 04:02:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/04/25 04:02:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/04/25 04:02:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/04/25 04:02:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/04/25 04:02:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/25 04:02:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/04/25 04:02:26 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/04/25 04:02:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/04/25 03:52:39 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/04/25 03:52:38 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/04/25 03:52:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/04/25 03:52:19 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/04/25 03:51:53 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/04/25 03:51:53 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/04/25 03:51:50 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/04/25 03:51:50 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/04/25 03:51:49 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/04/25 03:51:49 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/04/25 03:51:49 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/04/25 03:51:49 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/04/25 03:51:46 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/04/25 03:51:46 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/04/25 03:51:46 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/04/25 03:51:46 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/04/25 03:51:45 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/04/25 03:51:45 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/04/25 03:51:45 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/04/25 03:51:45 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/04/25 03:51:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/04/25 03:51:45 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/04/25 03:51:45 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/04/25 03:51:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/04/25 03:51:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/04/25 03:51:43 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/04/25 03:51:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/04/25 03:39:11 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/25 03:39:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/25 03:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/04/25 03:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/04/22 21:00:59 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Skype
[2012/04/21 03:02:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/04/21 03:01:31 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/04/21 03:01:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/04/21 03:00:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/04/21 03:00:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/04/21 03:00:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/04/21 03:00:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/04/21 03:00:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/04/21 03:00:40 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/21 03:00:40 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/21 02:51:12 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/21 02:50:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/04/21 02:50:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/04/21 02:45:18 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/04/21 02:45:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/04/21 02:30:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/21 02:30:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/21 02:30:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/21 02:30:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/21 02:30:53 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/21 02:30:51 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/04/21 02:29:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/04/21 02:29:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/04/21 02:28:35 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/04/21 02:28:35 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/04/21 02:28:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/04/21 02:28:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/04/21 02:28:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/04/21 02:28:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/04/21 02:28:15 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/04/21 02:28:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/04/21 02:28:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/04/21 02:27:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/04/21 02:27:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/04/21 02:27:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/04/21 02:27:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/04/21 02:27:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/04/21 02:27:50 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/04/21 02:27:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/04/21 02:27:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/04/21 02:27:50 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/04/21 02:27:50 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/04/21 02:27:15 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/04/21 02:27:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/04/21 02:27:02 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/04/21 02:27:02 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/04/21 02:27:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/04/21 02:27:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/04/21 02:27:01 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/04/21 02:27:01 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/04/21 02:27:01 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/04/21 02:27:01 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/04/21 02:27:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/04/21 02:27:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/04/21 02:27:00 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/04/21 02:26:59 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/04/21 02:26:56 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/04/21 02:26:56 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/04/21 02:26:56 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/04/21 02:26:56 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/04/21 02:25:21 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Games for Windows - LIVE Demos
[2012/04/21 02:25:19 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/04/21 02:20:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/04/21 02:18:24 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/04/21 02:18:24 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/04/21 02:18:24 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/04/21 02:18:24 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/04/21 02:18:24 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/04/21 02:18:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/04/21 02:18:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/04/21 02:18:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/04/21 02:18:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/04/21 02:17:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/21 02:17:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/21 02:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/21 02:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/21 02:17:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/21 02:17:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/21 02:17:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/21 02:17:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/21 02:17:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/21 02:17:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/21 02:17:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/21 02:17:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/21 02:17:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/21 02:17:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/21 02:17:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/21 02:17:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/21 02:17:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/21 02:17:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/21 02:17:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/21 02:17:54 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/21 02:17:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/21 02:17:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/04/21 02:17:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/04/21 02:17:45 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/04/21 02:17:45 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/04/21 02:17:44 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/04/21 02:17:44 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/04/21 02:17:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/04/21 02:17:02 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/04/21 02:17:00 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/04/21 02:17:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/04/21 02:16:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/04/21 02:16:56 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/04/21 02:16:51 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/04/21 02:16:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/04/21 02:16:36 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/04/21 02:16:36 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/04/21 02:16:30 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/04/21 02:16:29 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/04/21 02:16:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/04/21 01:33:19 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/21 01:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/21 01:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/04/21 01:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/19 01:35:26 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Spartan
[2012/04/19 00:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/04/19 00:55:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/04/19 00:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/04/19 00:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/04/18 01:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/04/17 03:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebirthRO
[2012/04/17 03:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RebirthRO
[2012/04/17 01:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/04/17 01:52:54 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Vindictus
[2012/04/17 01:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/04/17 01:29:30 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/04/17 01:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/04/16 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2012/04/16 01:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SilkroadR
[2012/04/12 01:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\My Podcasts
[2012/04/12 01:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\My iPod
[2012/04/12 01:27:38 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\BSD
[2012/04/12 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaWidget
[2012/04/12 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2012/04/12 01:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BSD
[2012/04/12 01:26:46 | 002,219,008 | ---- | C] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2012/04/12 01:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Widget
[2012/04/10 03:52:45 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Facebook
[2012/04/10 03:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/04/10 01:45:22 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\iPodContent
[2012/04/10 01:44:29 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Wide Angle Software
[2012/04/10 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchCopy 11
[2012/04/10 01:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wide Angle Software
[2012/04/09 01:59:14 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/04/09 01:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/04/09 01:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/04/08 23:39:26 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\WMTools Downloaded Files
[2012/04/08 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2012/04/05 22:34:10 | 000,074,752 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/04/05 22:34:04 | 000,064,512 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/04/05 22:33:56 | 000,063,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/04/05 22:33:52 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/04/05 22:33:44 | 016,457,216 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/04/05 22:32:56 | 013,007,872 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2012/04/05 22:32:08 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/05 22:32:04 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/03/31 03:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\55-55-55-55-55-55
[2012/03/30 12:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\85-r9-63-55-09-r9
[2012/03/29 16:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\1q-55-55-55-6p-55
[2012/03/29 16:33:41 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012/03/29 16:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro
[2012/03/29 16:29:26 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BucksBee Loyalty Plugin - Softonic
[2012/03/29 16:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BucksBee Loyalty Plugin - Softonic
[2012/03/29 16:28:08 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition
[2012/03/29 16:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition
[2012/03/29 16:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Monopoly Here & Now Edition
[2012/03/29 16:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2012/03/29 16:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2012/03/29 16:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012/03/29 16:07:36 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\BitTorrent
[2012/03/29 01:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012/03/23 13:28:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/23 13:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/23 13:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/05 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Microsoft Help
[2012/03/05 13:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/28 00:26:10 | 000,028,160 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys
[2012/02/23 07:32:04 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2012/02/20 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Solid State Networks
[2012/02/20 02:48:44 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Adobe
[2012/02/09 05:30:49 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Roblox
[2012/02/09 05:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
[2012/02/09 05:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roblox
[2012/02/06 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\PTA
[2012/02/05 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Akamai
[2012/02/05 02:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012/02/01 02:10:02 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\riotsGamesLogs
[2012/02/01 02:00:31 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\LolClient
[2012/02/01 01:28:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/02/01 01:28:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/02/01 01:28:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/02/01 01:24:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/02/01 01:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/01/28 05:58:14 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\ooVoo Details
[2012/01/28 05:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2012/01/28 05:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2012/01/23 13:29:14 | 002,478,592 | ---- | C] (Multicore Ware) -- C:\Windows\SysWow64\SlotMaximizerBe.dll
[2012/01/23 13:29:14 | 000,122,880 | ---- | C] (Multicore Ware) -- C:\Windows\SysWow64\SlotMaximizerAg.dll
[2012/01/23 13:15:14 | 002,478,592 | ---- | C] (Multicore Ware) -- C:\Windows\SysNative\SlotMaximizerBe.dll
[2012/01/23 13:15:14 | 000,122,880 | ---- | C] (Multicore Ware) -- C:\Windows\SysNative\SlotMaximizerAg.dll
[2012/01/23 00:34:24 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Local\Cyberlink
[2012/01/23 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\CyberLink
[2012/01/23 00:34:20 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\CyberLink
[2012/01/23 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\AppData\Roaming\BANDISOFT
[2012/01/23 00:01:46 | 000,000,000 | ---D | C] -- C:\Users\Ben.Ben-PC\Documents\Bandicam
[2012/01/23 00:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2012/01/23 00:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2012/01/23 00:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ben.Ben-PC\Documents\*.tmp files -> C:\Users\Ben.Ben-PC\Documents\*.tmp -> ]

========== Files - Modified Within 180 Days ==========

[2012/06/18 15:02:05 | 003,145,728 | -HS- | M] () -- C:\Users\Ben.Ben-PC\NTUSER.DAT
[2012/06/18 14:43:19 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 14:43:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 14:40:31 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/18 14:40:31 | 000,615,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/18 14:40:31 | 000,103,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/18 14:34:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/18 14:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/18 14:33:30 | 410,292,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/18 14:33:29 | 3212,181,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 05:02:02 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000UA.job
[2012/06/17 04:28:34 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/06/17 00:41:32 | 000,000,024 | ---- | M] () -- C:\Users\Ben.Ben-PC\random.dat
[2012/06/16 23:41:13 | 000,000,049 | ---- | M] () -- C:\Users\Ben.Ben-PC\jagex_cl_runescape_LIVE.dat
[2012/06/16 02:02:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000Core.job
[2012/06/15 04:30:32 | 000,001,456 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/15 03:14:09 | 000,000,168 | ---- | M] () -- C:\Users\Ben.Ben-PC\defogger_reenable
[2012/06/15 02:22:07 | 002,371,511 | -H-- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\IconCache.db
[2012/06/15 00:41:34 | 000,001,832 | ---- | M] () -- C:\Users\Ben.Ben-PC\Desktop\Spotify.lnk
[2012/06/13 02:37:14 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/13 02:36:46 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/13 02:36:46 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/11 03:56:04 | 016,083,667 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\regbk.cab
[2012/06/08 03:14:19 | 000,045,270 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Roaming\room_v3.dat
[2012/06/07 20:35:25 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/06/01 14:00:05 | 000,706,025 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\Toph.jpg
[2012/06/01 02:18:11 | 000,910,848 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\Screenshot000.jpg
[2012/05/29 14:00:42 | 000,103,140 | ---- | M] () -- C:\diocho.pif
[2012/05/29 03:13:39 | 000,001,284 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/21 00:49:46 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/21 00:49:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/07 01:31:21 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/05/04 19:29:40 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/05/04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/05/04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/27 05:35:46 | 000,542,888 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\8.xps
[2012/04/27 05:28:29 | 000,479,033 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\1.xps
[2012/04/26 18:25:23 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/04/26 18:12:29 | 000,074,536 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/04/26 18:10:59 | 000,001,439 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/26 18:08:33 | 004,872,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 03:24:38 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/26 03:24:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/26 03:24:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/26 03:24:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/26 03:24:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/26 03:24:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/26 03:24:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/26 03:24:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/26 03:24:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/26 03:24:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/26 03:24:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/26 03:24:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/26 03:24:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/26 03:24:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/26 03:24:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/26 03:24:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/26 03:24:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/26 03:24:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/26 03:24:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/26 03:24:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/26 03:24:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/26 03:24:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/26 03:24:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/26 03:24:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/26 03:24:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/26 03:24:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/26 03:24:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/26 03:24:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/26 03:24:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/26 03:24:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/26 03:24:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/26 03:24:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/26 03:24:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/26 03:24:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/26 03:24:36 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/26 03:24:36 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/26 03:24:36 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/26 03:24:36 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/26 03:24:36 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/26 03:24:36 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/26 03:24:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/26 03:24:36 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/26 03:24:36 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/26 03:24:36 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/26 03:24:36 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/26 03:24:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/26 03:24:36 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/26 03:24:36 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/26 03:24:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/26 03:24:35 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/26 03:24:35 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/26 03:24:35 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/26 03:24:35 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/26 03:24:35 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/26 03:24:35 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/26 03:24:35 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/26 03:24:35 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/26 03:24:35 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/26 03:24:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/26 03:24:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/26 03:24:34 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/26 03:24:34 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/26 03:24:34 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/26 03:24:34 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/26 03:24:34 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/26 03:24:34 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/26 03:24:34 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/26 03:24:34 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/26 03:24:34 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/26 03:24:34 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/26 03:24:34 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/26 03:24:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/26 03:24:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/26 03:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/26 03:17:38 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 02:59:58 | 000,001,079 | -H-- | M] () -- C:\IPH.PH
[2012/04/25 01:22:16 | 000,053,248 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\sue.JPG
[2012/04/18 01:32:00 | 000,001,937 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/04/16 00:39:43 | 1296,731,543 | ---- | M] () -- C:\Users\Ben.Ben-PC\SilkroadOnline_SROROfficial_v1_022.exe
[2012/04/12 01:29:41 | 000,007,482 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\MediaWidget_SendToiTunes.xml
[2012/04/12 01:29:18 | 000,000,465 | ---- | M] () -- C:\Windows\win.ini
[2012/04/12 00:46:33 | 000,664,556 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\IMG_0956.JPG
[2012/04/05 22:34:26 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/04/05 22:34:10 | 000,074,752 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/04/05 22:34:04 | 000,064,512 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/04/05 22:33:56 | 000,063,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/04/05 22:33:52 | 000,056,320 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/04/05 22:33:44 | 016,457,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/04/05 22:32:56 | 013,007,872 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2012/04/05 22:32:08 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/04/05 22:32:04 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 15:11:59 | 000,000,240 | RHS- | M] () -- C:\autorun.inf
[2012/04/01 00:27:32 | 000,059,474 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\26604_368351339461_742334461_4676547_5397816_n.jpg
[2012/03/30 12:20:35 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/03/29 16:33:41 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012/03/29 16:24:29 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2012/03/29 16:08:00 | 000,000,989 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/03/29 01:41:22 | 000,001,145 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2012/03/28 12:05:06 | 000,135,609 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\Bounczn Dance Company - Dancers.jpg
[2012/03/16 15:25:05 | 000,004,608 | ---- | M] () -- C:\Users\Ben.Ben-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 01:43:21 | 005,504,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/06 00:59:41 | 003,958,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/06 00:59:41 | 003,902,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/03/01 01:45:41 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/03/01 01:40:14 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/28 00:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys
[2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
[2012/02/15 01:27:54 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/15 00:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/10 01:18:10 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/10 01:17:55 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/02/10 01:17:54 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/02/10 01:17:54 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/02/10 01:17:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/05 03:41:21 | 2064,236,552 | -H-- | M] () -- C:\Users\Ben.Ben-PC\Desktop\edeneternal_us_install_20111205.exe.part
[2012/02/01 01:23:02 | 000,000,257 | ---- | M] () -- C:\Windows\system.ini
[2012/01/25 01:27:11 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/01/25 01:27:11 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/01/25 01:20:59 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/01/23 13:29:14 | 002,478,592 | ---- | M] (Multicore Ware) -- C:\Windows\SysWow64\SlotMaximizerBe.dll
[2012/01/23 13:29:14 | 000,122,880 | ---- | M] (Multicore Ware) -- C:\Windows\SysWow64\SlotMaximizerAg.dll
[2012/01/23 13:15:14 | 002,478,592 | ---- | M] (Multicore Ware) -- C:\Windows\SysNative\SlotMaximizerBe.dll
[2012/01/23 13:15:14 | 000,122,880 | ---- | M] (Multicore Ware) -- C:\Windows\SysNative\SlotMaximizerAg.dll
[2012/01/23 00:01:21 | 000,001,014 | ---- | M] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/01/22 18:52:00 | 000,000,218 | ---- | M] () -- C:\Users\Ben.Ben-PC\.recently-used.xbel
[2012/01/15 15:58:56 | 002,219,008 | ---- | M] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2012/01/04 04:58:13 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/01/03 01:24:52 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/01/03 00:44:24 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2011/12/22 02:02:12 | 005,250,819 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\IMG_1978.JPG
[2011/12/22 02:01:26 | 005,519,942 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\IMG_1973.JPG
[2011/12/22 01:50:20 | 004,658,601 | ---- | M] () -- C:\Users\Ben.Ben-PC\IMG_2045.JPG
[2011/12/22 01:47:21 | 001,453,175 | ---- | M] () -- C:\Users\Ben.Ben-PC\Documents\IMG_2052.JPG
[2011/12/22 01:45:16 | 001,464,368 | ---- | M] () -- C:\Users\Ben.Ben-PC\IMG_2022.JPG
[2011/12/22 01:45:15 | 001,395,851 | ---- | M] () -- C:\Users\Ben.Ben-PC\IMG_2016.JPG
[2011/12/22 01:44:54 | 002,262,568 | ---- | M] () -- C:\Users\Ben.Ben-PC\IMG_2046.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ben.Ben-PC\Documents\*.tmp files -> C:\Users\Ben.Ben-PC\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 04:27:53 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/06/16 02:52:49 | 000,000,049 | ---- | C] () -- C:\Users\Ben.Ben-PC\jagex_cl_runescape_LIVE.dat
[2012/06/16 02:52:49 | 000,000,024 | ---- | C] () -- C:\Users\Ben.Ben-PC\random.dat
[2012/06/15 04:27:27 | 000,001,456 | ---- | C] () -- C:\Users\Ben.Ben-PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/15 03:14:08 | 000,000,168 | ---- | C] () -- C:\Users\Ben.Ben-PC\defogger_reenable
[2012/06/15 00:41:34 | 000,001,832 | ---- | C] () -- C:\Users\Ben.Ben-PC\Desktop\Spotify.lnk
[2012/06/13 05:04:40 | 000,144,183 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\tumblr_lw339wRs031qzbocc.png
[2012/06/13 05:04:40 | 000,053,248 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\sue.JPG
[2012/06/13 02:37:14 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/11 03:56:04 | 016,083,667 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\regbk.cab
[2012/06/03 14:53:13 | 002,371,511 | -H-- | C] () -- C:\Users\Ben.Ben-PC\AppData\Local\IconCache.db
[2012/06/01 14:00:02 | 000,706,025 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\Toph.jpg
[2012/06/01 02:17:54 | 000,910,848 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\Screenshot000.jpg
[2012/05/29 14:00:42 | 000,103,140 | ---- | C] () -- C:\diocho.pif
[2012/05/29 03:13:39 | 000,001,284 | ---- | C] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/25 04:02:21 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/05/19 22:12:28 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/08 00:46:47 | 000,045,270 | ---- | C] () -- C:\Users\Ben.Ben-PC\AppData\Roaming\room_v3.dat
[2012/05/07 01:31:21 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/04/27 05:35:40 | 000,542,888 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\8.xps
[2012/04/27 05:28:23 | 000,479,033 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\1.xps
[2012/04/26 12:32:40 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/04/26 12:31:50 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012/04/26 12:29:39 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/04/26 12:29:16 | 000,001,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/04/26 12:20:44 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/04/26 12:20:37 | 000,001,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/04/26 12:19:51 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/04/26 03:24:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/26 03:24:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/21 02:18:59 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/04/16 00:17:34 | 1296,731,543 | ---- | C] () -- C:\Users\Ben.Ben-PC\SilkroadOnline_SROROfficial_v1_022.exe
[2012/04/12 01:29:41 | 000,007,482 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\MediaWidget_SendToiTunes.xml
[2012/04/12 00:45:56 | 000,664,556 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\IMG_0956.JPG
[2012/04/10 03:52:46 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000UA.job
[2012/04/10 03:52:45 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000Core.job
[2012/04/09 01:59:14 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2012/04/08 23:36:59 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2012/04/05 22:34:26 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/04/03 15:11:27 | 000,000,240 | RHS- | C] () -- C:\autorun.inf
[2012/04/01 00:27:19 | 000,059,474 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\26604_368351339461_742334461_4676547_5397816_n.jpg
[2012/03/30 12:20:35 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/03/29 16:24:29 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/03/29 16:08:00 | 000,000,989 | ---- | C] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/03/29 01:41:22 | 000,001,145 | ---- | C] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2012/03/28 12:04:42 | 000,135,609 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\Bounczn Dance Company - Dancers.jpg
[2012/03/16 15:21:01 | 000,004,608 | ---- | C] () -- C:\Users\Ben.Ben-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 16:48:21 | 000,001,818 | ---- | C] () -- C:\Users\Ben.Ben-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/02/05 02:55:21 | 2064,236,552 | -H-- | C] () -- C:\Users\Ben.Ben-PC\Desktop\edeneternal_us_install_20111205.exe.part
[2012/01/23 00:01:21 | 000,001,014 | ---- | C] () -- C:\Users\Ben.Ben-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/01/22 18:52:00 | 000,000,218 | ---- | C] () -- C:\Users\Ben.Ben-PC\.recently-used.xbel
[2011/12/22 02:01:48 | 005,250,819 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\IMG_1978.JPG
[2011/12/22 02:01:01 | 005,519,942 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\IMG_1973.JPG
[2011/12/22 01:47:14 | 001,453,175 | ---- | C] () -- C:\Users\Ben.Ben-PC\Documents\IMG_2052.JPG
[2011/12/22 01:45:03 | 001,464,368 | ---- | C] () -- C:\Users\Ben.Ben-PC\IMG_2022.JPG
[2011/12/22 01:45:03 | 001,395,851 | ---- | C] () -- C:\Users\Ben.Ben-PC\IMG_2016.JPG
[2011/12/22 01:44:33 | 004,658,601 | ---- | C] () -- C:\Users\Ben.Ben-PC\IMG_2045.JPG
[2011/12/22 01:44:33 | 002,262,568 | ---- | C] () -- C:\Users\Ben.Ben-PC\IMG_2046.JPG
[2011/11/15 03:05:01 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 12:56:41 | 000,074,536 | ---- | C] () -- C:\Users\Ben.Ben-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/09/13 13:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/13 11:40:25 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/08/04 00:48:39 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

And the Extras:


OTL Extras logfile created on: 6/18/2012 2:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Ben.Ben-PC\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.22% Memory free
7.98 Gb Paging File | 6.29 Gb Available in Paging File | 78.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 305.26 Gb Free Space | 68.12% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 180 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078681C5-D6C5-4B9C-899E-0F89244010C7}" = lport=49795 | protocol=6 | dir=in | name=akamai netsession interface |
"{155999AB-8EB1-499E-BE5B-5CABDBD46674}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C97872F-3899-45AF-9C7A-A9ACE4E36BE8}" = rport=139 | protocol=6 | dir=out | app=system |
"{255919CE-228A-4C54-8A48-4258F2D18F98}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3B523F1B-2622-44C3-B5C7-06974FDA090D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C9DDFAE-48C7-4B7F-B776-7C7586B80F25}" = lport=139 | protocol=6 | dir=in | app=system |
"{438290BF-050A-40A4-AB6A-159ED4F406DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4AC72E03-EC3E-44F4-AFFF-CB7835063466}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F7C10B5-FE92-4A02-92BD-7934741F4298}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B6FEFA4-B268-4439-8BBE-9F4CC436A815}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{603A7694-96ED-4714-BC17-82B0E3651B45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{669686A6-D549-4B89-B33E-099036D22F6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{79069763-DF2B-4587-A4F3-3DD4271B0C6A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8778080F-4548-489E-B7BB-F9A69EB7650B}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A9CEB7F-E539-4B83-BECE-5B0B3C8CFEFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{8DE98FFD-AD25-469A-B579-DB356A75F9F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B259682D-EE74-4EC9-8636-6ED51AD3BC8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B57870DD-F581-4E0E-B18F-0515D2744584}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C76D1CC0-5F0F-46D0-B851-B983801FD633}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA932BFB-94C7-456B-8A09-35091F36B089}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DAF3FD12-B3D8-4CDD-AAA7-5575DE01A714}" = rport=137 | protocol=17 | dir=out | app=system |
"{E3B108D3-B938-48F5-ADBF-EFAC6C44684B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E3C927A6-572E-4E7B-AAC4-75197C148428}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6C998D8-540C-436F-B0BF-B74767D20478}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1D20D8B-9F3E-4B02-AA63-135AB3BF27AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA17DD1C-53BD-413A-A494-55532986DFC1}" = lport=53040 | protocol=6 | dir=in | name=akamai netsession interface |
"{FF5525DB-2BA8-4C5D-89B5-9F8E0929B338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D77BDA-F44E-41B5-A32B-C8A97BE1C2B4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{032914D9-63CE-45BE-902C-4A19976430A5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{03631F7D-171E-4CBD-AAAB-AD06BC682FE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04A4717F-5605-4CF2-8EF6-668F3496DE89}" = protocol=6 | dir=out | app=system |
"{0619516F-1667-432E-AC6C-E0E2878F36A9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{075128C7-3266-42E8-A9FA-73C2AC3659E4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{12CAB1CF-A493-4BA9-A6AD-06206EFB2485}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{14660133-2B23-4A2C-B633-0EC327E385E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15ACFBFD-46E5-479F-8E80-0EB2D7088D04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{19FEF42C-B44A-4983-9CFF-F2040039D03D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1C5E2ED6-4776-471E-B2A3-B883EF52AF2A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{1DAA50E0-6DAC-4128-9D61-9435E0F4491A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1DFC2C0C-195F-4DD9-849E-34605CF720A9}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{23814C32-2FA3-4A32-A2B1-CAD804920AE3}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{2633DA7E-25CB-40A5-9ED9-B63902E2EE6D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2B14846D-A92D-492A-8AC1-ABD59A7EA159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B49B76F-CB2C-48CA-8EE8-DA45A1CAAF1F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2E200B45-6515-4A9A-8E2D-00D8FB453E55}" = protocol=6 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - softonic\troubleshooter.exe |
"{317B36DE-D836-4683-9FF2-783BFF7DA016}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{36C7E311-DF9D-403A-833F-DAB770999A66}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39AF34E3-30F9-4037-AFE4-7FCB45966403}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{39D98061-9557-4879-8C07-86DE643C7EC3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{43106DBB-FBBD-4D18-BF35-49ED4CFA326F}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{438D9F3D-7D0F-4C73-A4EE-2DCAB535F4E5}" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\cf_downloader.exe |
"{444F8C19-4E22-400D-BA53-0419C0D62FE2}" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\downloads\bittorrent.exe |
"{4B856541-37B8-4349-8F4F-3A38987FCA69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{57D2CC0B-E546-4F83-8DC9-E0BCD28EA408}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57D46E9B-84CA-4115-A374-C7F9E53657AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{5D7E7843-6A45-483A-B3D2-B6CE8A958865}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D90F38E-49D0-45E7-AED3-0AADF2C45A53}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5FFD89C8-A05F-4D36-98D9-3685CB99FB8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61C791CF-67AB-49EA-A532-02F5BD45941C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{63C0F173-3AC6-417B-A52B-A4E63F35D696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65A29BE1-38F5-4939-8D7B-A7CB93A78E37}" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\cf_downloader.exe |
"{6861F03A-4ABD-4BC8-8D4B-2391A29B62FB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6DBD6ECD-9919-4687-8495-F7F5360D324C}" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe |
"{6F84A213-54BE-48BD-B021-45633D95DEE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70961FA8-3E9C-453A-97AC-1D743C6A986D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E49FD44-F60C-4A0C-BFBD-5B90D7700772}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{8436C1A2-1409-4880-9458-91C2459C39EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88E1BA82-C028-4EB7-AADA-897774F9EC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - softonic\troubleshooter.exe |
"{971B57CC-053F-4ACA-A0F1-CB7F144DD852}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97B8004C-D71B-40DA-A1CF-B6B118BE48E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{98816C81-5319-4293-B4AB-50383CDD9176}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{98C0F6D6-505B-4E2F-82A6-BEFBBF16D9F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{9A3F355C-4322-46E6-97B6-DC2FD68D8335}" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe |
"{A0CF5A18-6E4B-405A-87DB-569113D8953E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3555DC1-8489-4327-B61B-BC5FF2DAB175}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{A494B05C-FEC7-4BFB-B817-D611E3E52920}" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe |
"{A75D7596-B198-4101-8FD2-C9544CFC9466}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA47B9AF-BAB4-4069-8B65-4ABD3F27EDF0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{AD6C709B-90AD-4B85-A007-2344C1C70572}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4EA9C11-951E-42B9-AEDC-3ACE0561449E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B54EA5EB-BC52-4CAF-9BAE-21CE26270122}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B79305BE-C976-4D9D-9D4B-E7CAF6D1FDD5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD549E4A-7984-4D1C-8983-F103580D7C55}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{BDFAB859-A576-4A99-8C66-9242FAF278F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C152E786-6A94-4F8F-8A0B-CD817305BF97}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{C42AD326-F3F7-481B-9840-4FB8FA2EB8DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C4B34AB8-56B3-4C6F-9C5E-FAA2B86D2446}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C83FD5EF-3266-471A-AFF7-BD6873C66EFC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C8FB4B31-EC09-4F54-BE75-64BCE94E0EBC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{C95042BB-54C9-4A0D-A9B5-DE62CF854707}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{D0D4E26A-6E8D-4972-8589-B92915FC57BC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D663676A-FB3F-4BCF-B1A1-6D16FD25B271}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7CCD34D-DE93-4861-95B2-D38545FFC408}" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe |
"{DCE8F1AA-EDDC-446B-BF9F-8B5EB3D58693}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{DE50CF95-BF8F-4C4F-A2C9-6B0CEB197B11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E053E612-9992-4ABC-9CAE-F8C6FC95DF24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{E1FB9C4D-D621-479D-895D-4045A0751C9C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E700FF88-6B21-45BE-85E4-F98BC165B15C}" = dir=in | app=c:\users\ben.ben-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E81C62AE-1C03-49FC-A597-386F87EFADEC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{EB358C86-F817-4B70-8F89-328CE41ED8BC}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{EFD9BCD3-98F1-4ACB-9477-4EDEB21FF271}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{F21486A9-FE2E-4636-A043-CD955EB2E533}" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\downloads\bittorrent.exe |
"{F42E87E3-3771-4EC9-9C6C-8BA1B167F956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F4453547-A679-49B7-83C1-68F7F608BB0E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{F547B234-E603-4724-B60B-3C80FDFDFC1E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAC5AF30-2E68-47B3-89F2-D93AC70E728E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{FE9BA5FB-010D-40E3-A442-1A6B088DDB9A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FFEAD748-2852-4CBA-BFC5-893477829761}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{02A84AE4-7994-4C2B-9017-375D8EC493E9}C:\users\ben.ben-pc\appdata\local\temp\winijuvck.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winijuvck.exe |
"TCP Query User{06A439BE-5D31-4983-BB34-C029A3480876}C:\users\ben.ben-pc\appdata\local\temp\wingwfx.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wingwfx.exe |
"TCP Query User{09DF52FE-6C29-4074-A6EB-B29D61D09453}C:\users\ben.ben-pc\appdata\local\temp\wincguarn.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wincguarn.exe |
"TCP Query User{0CDA4891-572D-4738-9EB2-E7CAA7E271A4}C:\program files (x86)\daemon tools lite\dtlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daemon tools lite\dtlite.exe |
"TCP Query User{0D7D710A-E558-4078-B6AA-9873B4EE03F4}C:\users\ben.ben-pc\appdata\local\temp\jaxgve.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\jaxgve.exe |
"TCP Query User{14913878-E386-4CCC-A0C0-DA8ED7B8BCD0}C:\program files (x86)\sensible vision\fast access\fatraymon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sensible vision\fast access\fatraymon.exe |
"TCP Query User{193E65C4-A59B-4BC4-A3CD-91CBEF11A829}C:\users\ben.ben-pc\appdata\roaming\spotify\data\spotifywebhelper.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\data\spotifywebhelper.exe |
"TCP Query User{1C63647B-93FD-49FA-8B7E-AA11ED0A2ECC}C:\users\ben.ben-pc\appdata\local\temp\winwfodp.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwfodp.exe |
"TCP Query User{20259BC7-8531-4CE7-844A-4995EED57B01}C:\users\ben.ben-pc\appdata\local\temp\winlxfts.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winlxfts.exe |
"TCP Query User{24209A77-C330-44CD-8865-091BF7DC4013}C:\users\ben.ben-pc\appdata\local\temp\winqequ.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winqequ.exe |
"TCP Query User{25003143-4ED2-438E-8E09-B7A265FE935A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{2621747A-3F19-440A-BAC5-20526C3E7C50}C:\users\ben.ben-pc\desktop\leagueoflegends\setup.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\desktop\leagueoflegends\setup.exe |
"TCP Query User{2929EF66-AFFD-4BF3-B85D-C599895D2FCC}C:\users\ben.ben-pc\appdata\local\temp\winebvorv.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winebvorv.exe |
"TCP Query User{336E3852-E83C-48C2-9EFC-7D91CB3901ED}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{35736055-3743-426F-B78D-7D19C66DC730}C:\users\ben.ben-pc\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{36807BC8-12B6-4A8B-B8DC-42785FFC9651}C:\users\ben.ben-pc\appdata\local\facebook\messenger\2.0.4478.0\facebookmessenger.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\facebook\messenger\2.0.4478.0\facebookmessenger.exe |
"TCP Query User{397AD746-55D7-458A-8EB3-5FCFEFFC057E}C:\users\ben.ben-pc\appdata\local\temp\winxbfe.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winxbfe.exe |
"TCP Query User{3A63E419-6A7A-48F6-AB35-A6D66ACEA2AF}C:\users\ben.ben-pc\appdata\local\temp\winjaef.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winjaef.exe |
"TCP Query User{4679D9F2-73B6-4EDE-860F-17A095F5E7E6}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{4AD93C4A-2F73-4A2C-B692-2CE2BACBE17A}C:\users\ben.ben-pc\appdata\local\temp\wineuaf.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wineuaf.exe |
"TCP Query User{56CA2274-53C4-4FB0-85B9-8207CDE5FB15}C:\users\ben.ben-pc\appdata\local\temp\winfekuds.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winfekuds.exe |
"TCP Query User{576CA2EB-4F08-4BAD-A2FC-C3EFC954703E}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer™ generals zero hour\generals.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer™ generals zero hour\generals.exe |
"TCP Query User{596DC6FD-7C2D-45E6-A084-13491B170D43}C:\users\ben.ben-pc\appdata\local\temp\pwbnk.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\pwbnk.exe |
"TCP Query User{5F3E6DA3-1454-41C9-BADF-E2C326881A47}C:\users\ben.ben-pc\appdata\local\temp\winrcnpc.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winrcnpc.exe |
"TCP Query User{675485F1-702E-4329-841F-2C658E3B4583}C:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{68B6137C-FA4D-44B8-B4A5-29909C54919E}C:\users\ben.ben-pc\appdata\local\temp\xvaxtq.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\xvaxtq.exe |
"TCP Query User{6C521E11-AA8F-4676-9A0D-C3EEBAD663A8}C:\users\ben.ben-pc\appdata\local\temp\winwfvup.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwfvup.exe |
"TCP Query User{720DE19E-2ADF-48BD-80FE-36C7DD684B26}C:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe |
"TCP Query User{72626D43-BE67-499D-A963-96A00DF2B6D0}C:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe |
"TCP Query User{7DF8D8A8-24AA-4A9A-A73A-F5C3A825D5B8}C:\users\ben.ben-pc\appdata\local\temp\winwsvpdj.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwsvpdj.exe |
"TCP Query User{7EC0E227-CFDA-4D90-8AA5-21ED865818BA}C:\users\ben.ben-pc\appdata\local\temp\rjnwi.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\rjnwi.exe |
"TCP Query User{82029AA4-65B0-44C1-9296-2326E3ECF667}C:\users\ben.ben-pc\appdata\local\temp\qmls.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\qmls.exe |
"TCP Query User{86845459-0065-46BD-9344-9EDA37860B57}C:\program files (x86)\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\java\java update\jusched.exe |
"TCP Query User{8B7BCBA1-72D7-433E-95F5-3C99FEC1024B}C:\users\ben.ben-pc\appdata\local\temp\winsbna.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winsbna.exe |
"TCP Query User{939D569F-FAF7-4059-B267-18BCF4AC6574}C:\users\ben.ben-pc\appdata\local\temp\mvjlcl.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\mvjlcl.exe |
"TCP Query User{A2147280-2B6F-4E22-A993-2E8892F32474}C:\users\ben.ben-pc\appdata\local\temp\winummpit.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winummpit.exe |
"TCP Query User{A673EF43-B418-49E7-A8E0-73AF1DF908F3}C:\program files (x86)\cyberlink\shared files\brs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\shared files\brs.exe |
"TCP Query User{A79D508B-8C23-4856-B35E-80CC6E8DA822}C:\program files (x86)\dell datasafe online\datasafeonline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell datasafe online\datasafeonline.exe |
"TCP Query User{B1560866-6E63-49BC-BEAE-F38F00A64530}C:\users\ben.ben-pc\appdata\local\temp\pcfolg.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\pcfolg.exe |
"TCP Query User{B6C98FE3-C3B3-4A6F-A16F-68551606193E}C:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe |
"TCP Query User{B7746BAF-C60F-4651-BD82-1166A9FE6B78}C:\users\ben.ben-pc\appdata\local\temp\podyo.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\podyo.exe |
"TCP Query User{B7F642D2-6384-4EE1-ABF9-5678CC9A240F}C:\program files (x86)\manycam\bin\manycam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\manycam\bin\manycam.exe |
"TCP Query User{BAEE81D8-A27F-43B3-932C-1E5D433B98F6}C:\users\ben.ben-pc\appdata\local\temp\qnsnyw.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\qnsnyw.exe |
"TCP Query User{BB653AB2-C81A-4B7F-B2ED-CD953B5358F0}C:\program files (x86)\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\java\java update\jusched.exe |
"TCP Query User{C3F4CD99-A706-4873-8F06-B522E62B7A91}C:\users\ben.ben-pc\appdata\local\temp\winxampng.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winxampng.exe |
"TCP Query User{CD26A655-F401-40C9-9ABE-874A2A3D4466}C:\program files (x86)\daemon tools lite\dtlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\daemon tools lite\dtlite.exe |
"TCP Query User{CD52402E-A911-4C25-A1F1-243B7B224149}C:\users\ben.ben-pc\appdata\local\temp\bhsvjd.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\bhsvjd.exe |
"TCP Query User{D91A19B6-3242-47FA-BA82-D24B74FBBFA0}C:\users\ben.ben-pc\appdata\local\facebook\update\facebookupdate.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\facebook\update\facebookupdate.exe |
"TCP Query User{DCB47164-D227-44A6-8B35-A392ABAA0608}C:\program files (x86)\cleanmypc\registry cleaner\rchelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cleanmypc\registry cleaner\rchelper.exe |
"TCP Query User{E09B1AF4-C530-4E6D-A775-4DEA4212CAEC}C:\users\ben.ben-pc\appdata\local\temp\winufld.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winufld.exe |
"TCP Query User{E81F719A-9695-4451-AB94-C68DE9AD50CC}C:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe |
"TCP Query User{EDB12496-0E05-41BF-816B-41AD398C72A7}C:\users\ben.ben-pc\appdata\local\temp\winvlfbi.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winvlfbi.exe |
"TCP Query User{F1AF8132-1254-49F7-BD82-21B918C357AE}C:\users\ben.ben-pc\appdata\local\temp\winwsyhdg.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwsyhdg.exe |
"TCP Query User{F51186F0-C0F4-4310-A2F0-3BFCED05F819}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{FB09E9C3-903A-4E1B-861B-80205F960ECE}C:\users\ben.ben-pc\appdata\local\temp\winwevgyg.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwevgyg.exe |
"TCP Query User{FB3BA704-07CD-40CD-BBE9-3C989A44B246}C:\users\ben.ben-pc\appdata\local\temp\wineqtyo.exe" = protocol=6 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wineqtyo.exe |
"UDP Query User{03576A63-3ED1-49D8-946D-941A0A686C69}C:\users\ben.ben-pc\appdata\local\temp\winijuvck.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winijuvck.exe |
"UDP Query User{0C0EAF41-790F-44BA-9DD5-0FA049FA1E5C}C:\users\ben.ben-pc\appdata\local\temp\wineqtyo.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wineqtyo.exe |
"UDP Query User{0E8684A1-E7C3-413D-A972-59350FB69D24}C:\users\ben.ben-pc\appdata\local\temp\winqequ.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winqequ.exe |
"UDP Query User{100B00AA-8BDE-4B94-9BA8-46F059D959F7}C:\program files (x86)\manycam\bin\manycam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\manycam\bin\manycam.exe |
"UDP Query User{10672840-9C13-4E81-9461-B646240D04DE}C:\program files (x86)\dell datasafe online\datasafeonline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell datasafe online\datasafeonline.exe |
"UDP Query User{1299F653-B140-4F67-A837-F7B3D544C585}C:\users\ben.ben-pc\appdata\local\temp\winrcnpc.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winrcnpc.exe |
"UDP Query User{15E9595C-3410-42DE-9B40-B10DF78BEF5C}C:\users\ben.ben-pc\appdata\local\temp\rjnwi.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\rjnwi.exe |
"UDP Query User{20FFF19A-6B73-42BA-A93C-C593C6F2B13B}C:\users\ben.ben-pc\appdata\local\temp\winsbna.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winsbna.exe |
"UDP Query User{29C83E7E-0504-488E-85AD-4E3148381653}C:\users\ben.ben-pc\appdata\local\temp\winlxfts.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winlxfts.exe |
"UDP Query User{2F8C9760-77B4-4EA0-B472-87C85CCDBE30}C:\users\ben.ben-pc\appdata\local\temp\winufld.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winufld.exe |
"UDP Query User{325B8343-EA1D-4D37-9645-161F5481B223}C:\users\ben.ben-pc\appdata\local\temp\wincguarn.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wincguarn.exe |
"UDP Query User{3A651307-A2B2-4420-A72D-A8846499FD7A}C:\users\ben.ben-pc\appdata\local\temp\winwsvpdj.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwsvpdj.exe |
"UDP Query User{420B332C-D1B4-4194-8E86-FB333ADA1450}C:\users\ben.ben-pc\appdata\roaming\spotify\data\spotifywebhelper.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\data\spotifywebhelper.exe |
"UDP Query User{48120A81-1978-4A24-95C4-26E58E7A3A42}C:\users\ben.ben-pc\appdata\local\temp\winxampng.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winxampng.exe |
"UDP Query User{4CC650CA-7E01-4F84-99B6-CD4B181DF715}C:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{58ACF7A6-6BF6-428B-B682-52EF30BDF1F7}C:\users\ben.ben-pc\appdata\local\temp\winwfvup.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwfvup.exe |
"UDP Query User{58D103A7-518A-4C45-B8C3-934C5969A0A9}C:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe |
"UDP Query User{62B1E091-BBB3-47CC-902D-AB09236B90F5}C:\users\ben.ben-pc\appdata\local\temp\winwsyhdg.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwsyhdg.exe |
"UDP Query User{69CB3AF5-E08D-4AB0-8D9A-82DD4DF8AC6D}C:\program files (x86)\cleanmypc\registry cleaner\rchelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cleanmypc\registry cleaner\rchelper.exe |
"UDP Query User{6C3E315D-D5A3-4A8B-850A-AE62AAE2C5C9}C:\users\ben.ben-pc\appdata\local\temp\winummpit.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winummpit.exe |
"UDP Query User{6D2DE821-5F7E-40CD-9526-A6D59B370D3A}C:\users\ben.ben-pc\appdata\local\temp\wingwfx.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wingwfx.exe |
"UDP Query User{724922AA-6F74-4B32-8853-C14B4FB5CB26}C:\users\ben.ben-pc\appdata\local\temp\qnsnyw.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\qnsnyw.exe |
"UDP Query User{72C9BA59-9D61-4DB9-86DC-FD9374CF0C1F}C:\users\ben.ben-pc\appdata\local\temp\wineuaf.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\wineuaf.exe |
"UDP Query User{7659CEDE-3847-4A14-956B-8BF4B0DDB987}C:\users\ben.ben-pc\appdata\local\temp\jaxgve.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\jaxgve.exe |
"UDP Query User{776C8E8F-5396-4543-96B6-E25EEBFE427C}C:\users\ben.ben-pc\appdata\local\temp\podyo.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\podyo.exe |
"UDP Query User{7B18224B-BEC2-4506-A498-CCC8BC7DE867}C:\users\ben.ben-pc\appdata\local\temp\winfekuds.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winfekuds.exe |
"UDP Query User{7E019546-AC41-4D6D-AEA9-E94386CB0693}C:\program files (x86)\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\java\java update\jusched.exe |
"UDP Query User{7F868D59-3F8F-4081-9143-AFF2C8665E79}C:\users\ben.ben-pc\appdata\local\temp\winxbfe.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winxbfe.exe |
"UDP Query User{80A78F18-98BC-4C18-AFC1-EE16F7A58647}C:\program files (x86)\daemon tools lite\dtlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daemon tools lite\dtlite.exe |
"UDP Query User{81857A59-63B6-454D-85ED-A3B82B6EADC4}C:\users\ben.ben-pc\appdata\local\temp\pcfolg.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\pcfolg.exe |
"UDP Query User{844C70B1-0C30-4641-9699-C01B5BF4E8E7}C:\program files (x86)\sensible vision\fast access\fatraymon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sensible vision\fast access\fatraymon.exe |
"UDP Query User{886E1876-8FEB-492D-B405-67E4EE713A8D}C:\users\ben.ben-pc\desktop\leagueoflegends\setup.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\desktop\leagueoflegends\setup.exe |
"UDP Query User{894F46CC-76FC-458C-9E4F-7AA422CBCBB1}C:\users\ben.ben-pc\appdata\local\temp\winjaef.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winjaef.exe |
"UDP Query User{8B315D62-BCBB-4646-A7B9-85C076469068}C:\users\ben.ben-pc\appdata\local\temp\mvjlcl.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\mvjlcl.exe |
"UDP Query User{8FC68B2B-D30F-400C-A6F9-FCB7903A6CDF}C:\users\ben.ben-pc\appdata\local\temp\qmls.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\qmls.exe |
"UDP Query User{90531820-3DE7-4A04-B097-DB30E8A6AC55}C:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ABF01743-D16B-404C-B100-9C0C5996F118}C:\users\ben.ben-pc\appdata\local\facebook\messenger\2.0.4478.0\facebookmessenger.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\facebook\messenger\2.0.4478.0\facebookmessenger.exe |
"UDP Query User{AF4B1A9F-75A0-45F7-B0D7-5E16890C48BF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{B5896657-DACC-4F30-9D44-56CB86FEF03B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{B6376B2F-E4D6-4750-B611-2E41B485CF26}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{B96F15BC-AD9B-4157-BABF-637FAD64A76F}C:\program files (x86)\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\java\java update\jusched.exe |
"UDP Query User{BC6ADF18-A086-4104-86C2-DEADE75A010B}C:\users\ben.ben-pc\appdata\local\temp\winwfodp.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwfodp.exe |
"UDP Query User{BEB487A3-61F6-4FFE-B051-FC6E46AC5239}C:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe |
"UDP Query User{C4B00488-094F-433D-AA2E-BCE2C0140FAD}C:\users\ben.ben-pc\appdata\local\temp\pwbnk.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\pwbnk.exe |
"UDP Query User{C560A01E-F0AE-40AD-A8A4-1B1A55175BCB}C:\users\ben.ben-pc\appdata\local\temp\winebvorv.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winebvorv.exe |
"UDP Query User{C616568A-4C2E-4CE1-8B35-113496326605}C:\users\ben.ben-pc\appdata\local\temp\xvaxtq.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\xvaxtq.exe |
"UDP Query User{CC0F9531-38E8-4495-80CD-634B9E8B8EEC}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{CD832872-C78A-4B23-91F4-F748F94E7985}C:\users\ben.ben-pc\appdata\local\temp\winvlfbi.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winvlfbi.exe |
"UDP Query User{E67F65AE-5774-4F69-8B9D-14C3C417664F}C:\users\ben.ben-pc\appdata\local\temp\bhsvjd.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\bhsvjd.exe |
"UDP Query User{EBB408FD-A064-4FD7-963B-93AD438F3C14}C:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\update\googleupdate.exe |
"UDP Query User{EE0DCE61-6E13-4E50-8D1D-F4EE7A5D118E}C:\users\ben.ben-pc\appdata\local\temp\winwevgyg.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\temp\winwevgyg.exe |
"UDP Query User{F21E7C7C-6EE5-48EA-AB8E-25D78610B96B}C:\program files (x86)\daemon tools lite\dtlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\daemon tools lite\dtlite.exe |
"UDP Query User{F39BE6F6-745D-4964-AB14-BFEAC9F80C0B}C:\users\ben.ben-pc\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{F6018BA3-60A4-40E1-80FE-946A298C0FDA}C:\users\ben.ben-pc\appdata\local\facebook\update\facebookupdate.exe" = protocol=17 | dir=in | app=c:\users\ben.ben-pc\appdata\local\facebook\update\facebookupdate.exe |
"UDP Query User{FB48D06B-B3D9-4A04-A8F2-ACA9D0ECF10B}C:\program files (x86)\cyberlink\shared files\brs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\shared files\brs.exe |
"UDP Query User{FD7B2458-A865-4A15-ADCD-1784CC87D6B9}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer™ generals zero hour\generals.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer™ generals zero hour\generals.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{876F4556-6811-4341-A6D7-78C3F15420E2}" = FastAccess
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EBD530B3-091A-5BD9-275E-CBDF1CCA2E54}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0869F6A1-86BA-65D2-C97F-B0EE333D0902}" = Catalyst Control Center Graphics Full New
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17C28108-CD83-460E-9DD0-36F8781BC2F6}" = TouchCopy 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A344298-86D7-C605-5B26-C7952B4CF938}" = Skins
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{445FC29E-EE77-FC7B-905C-F53D7307D03B}" = Catalyst Control Center Graphics Full Existing
"{448E51F0-8E9A-9B4C-3EB6-B7401389A563}" = CCC Help Norwegian
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49E40759-1C1A-4FFC-1BBE-2D50002FAC77}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{526A90EA-B2BF-BEE2-8017-71536A1FBDD9}" = Catalyst Control Center InstallProxy
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60E4B7E6-C7A8-147C-6ACF-2E9E6CCDEFE1}" = CCC Help Korean
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{696A6D35-1A6D-D520-808B-26C240020F30}" = Catalyst Control Center Core Implementation
"{6B102088-057B-0342-B2B8-C3352D769955}" = CCC Help French
"{70F2EF06-E7FB-7656-9142-FF2BCA8B930C}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CCE802E-898B-6749-5FB2-25D3998AD2D6}" = CCC Help Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{890C4AF6-9B42-A76C-7572-C0B00B2EEFF6}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9096E5ED-9A18-FE68-A372-BFFCF223B0A6}" = Catalyst Control Center Localization All
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9215ECF0-9172-5E81-60FE-B376F2178A2D}" = Catalyst Control Center Graphics Previews Common
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99C0DA37-F349-3665-E861-569887900324}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A33054A0-415E-092B-9B5C-73254920B324}" = ccc-core-static
"{A677D827-B2EE-EE93-2B30-45B3AC4CD48C}" = Catalyst Control Center Graphics Previews Vista
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE4D31E0-2695-BF72-A7AD-387141CDCCE8}" = CCC Help Italian
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4E64B86-C071-BFFF-A61D-DFB9E67D518C}" = CCC Help Portuguese
"{C507CE57-5AFF-6A0B-33AB-EC5B4AD2B5C6}" = CCC Help Russian
"{CC9D6678-4966-0030-3A96-455A408ACC6D}" = CCC Help Spanish
"{CE8B57D7-66D9-E5F2-9899-247B825DA6C6}" = CCC Help German
"{CFBB8EC9-9482-8613-6ECA-2CCACE8E5C6D}" = Catalyst Control Center Graphics Light
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDC33053-68A3-DB5F-17E6-822674008423}" = CCC Help Chinese Traditional
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F69D9812-0759-DB5C-A849-140E74C93513}" = CCC Help Japanese
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE45C734-EF41-D5CE-C3DB-B1E76213E811}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitLord" = BitLord 2.0
"BucksBee Loyalty Plugin - Softonic" = BucksBee Loyalty Plugin - Softonic
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Diablo III" = Diablo III
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"iLivid" = iLivid
"im" = Garena Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 3.0.53 (remove only)
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RebirthRO_is1" = RebirthRO
"SilkroadR" = SilkroadR
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Steam App 105430" = Age of Empires Online
"Vindictus" = Vindictus
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2012 5:34:28 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 302174

Error - 6/18/2012 5:34:28 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 302174

Error - 6/18/2012 5:34:29 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2012 5:34:29 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 303172

Error - 6/18/2012 5:34:29 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 303172

Error - 6/18/2012 5:34:30 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2012 5:34:30 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 304171

Error - 6/18/2012 5:34:30 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 304171

Error - 6/18/2012 5:34:31 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2012 5:34:31 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 305169

Error - 6/18/2012 5:34:31 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 305169

[ System Events ]
Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/18/2012 3:54:44 PM | Computer Name = Ben-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

And lastly the FSS:

Farbar Service Scanner Version: 09-06-2012
Ran by Ben (administrator) on 18-06-2012 at 16:10:16
Running from "C:\Users\Ben.Ben-PC\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-21 02:45] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 18 June 2012 - 05:48 PM

benyu332,

Combofix

Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 18 June 2012 - 09:01 PM

After running ComboFix & rebooting, I browsed the web for a 20 minutes and it still got stuck. Pages would be kept on loading, I couldn't click the start button on the bottom left, screen would freeze and let go. But again-- after 10 minutes of leaving it alone it ran back up again smoothly. I'm not noticing much a difference yet. The virus taking up CPU still remains in the task manager.

Here are the ComboFix logs:


ComboFix 12-06-16.02 - Ben 06/18/2012 18:10:07.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4084.2579 [GMT -5:00]
Running from: c:\users\Ben.Ben-PC\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\diocho.pif
C:\install.exe
c:\users\Ben.Ben-PC\Documents\~WRL1219.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 23:32 . 2012-06-18 23:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-18 23:32 . 2012-06-18 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 23:22 . 2009-07-14 01:40 877056 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_f2b1ee1367d469c3fa66ea323a74ff0dd4e2c2_cab_aeb5ed5e\advapi32.dll
2012-06-17 09:27 . 2012-06-17 09:59 -------- d-----w- c:\program files (x86)\Diablo III
2012-06-16 07:52 . 2012-06-16 07:52 -------- d-----w- c:\users\Ben.Ben-PC\jagexcache
2012-06-15 06:58 . 2012-06-15 07:00 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-15 06:51 . 2012-06-15 06:52 -------- d-----w- c:\programdata\Battle.net
2012-06-13 07:39 . 2012-06-13 07:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-13 07:38 . 2012-06-13 07:38 -------- d-----w- c:\program files (x86)\Oracle
2012-06-13 07:37 . 2012-06-13 07:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-13 07:36 . 2012-06-13 07:36 -------- d-----w- c:\program files (x86)\Java
2012-06-11 09:10 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-11 08:50 . 2012-06-11 08:50 -------- d-----w- c:\users\Ben.Ben-PC\AppData\Roaming\CleanMyPC Software
2012-06-11 08:50 . 2012-06-11 08:50 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-06-11 08:31 . 2012-06-11 08:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-11 08:31 . 2012-06-11 08:31 -------- d-----w- c:\program files\ATI Technologies
2012-06-06 08:53 . 2012-06-06 08:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf76398a1cd43c138\MeshBetaRemover.exe
2012-06-06 08:51 . 2012-06-06 08:51 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94a04f381cd43c12a\DSETUP.dll
2012-06-06 08:51 . 2012-06-06 08:51 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94a04f381cd43c12a\DXSETUP.exe
2012-06-06 08:51 . 2012-06-06 08:51 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94a04f381cd43c12a\dsetup32.dll
2012-06-06 08:51 . 2012-06-06 08:51 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\913c12fb1cd43c129\DSETUP.dll
2012-06-06 08:51 . 2012-06-06 08:51 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\913c12fb1cd43c129\DXSETUP.exe
2012-06-06 08:51 . 2012-06-06 08:51 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\913c12fb1cd43c129\dsetup32.dll
2012-06-06 08:47 . 2012-06-06 08:47 -------- d-----w- c:\users\Ben.Ben-PC\AppData\Local\Windows Live
2012-06-01 07:28 . 2012-06-01 07:28 -------- d-----w- c:\program files\ATI
2012-06-01 07:10 . 2012-06-01 07:27 -------- d-----w- C:\AMD
2012-05-31 19:15 . 2012-05-31 19:15 -------- d-----w- C:\bce9edea2e4cf22b80a7f5a3c6
2012-05-29 08:13 . 2012-05-29 09:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-29 08:13 . 2012-05-29 08:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-28 06:32 . 2012-06-18 17:08 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-28 06:32 . 2012-05-28 06:32 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-25 09:02 . 2012-06-08 01:35 -------- d-----w- c:\program files (x86)\SpeedFan
2012-05-21 05:49 . 2012-05-21 05:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 03:12 . 2012-05-20 03:12 -------- d-----w- c:\users\Ben.Ben-PC\AppData\Local\Mozilla
2012-05-20 03:12 . 2012-05-20 03:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 23:35 . 2012-06-18 23:35 103140 --sh--r- C:\gawyda.exe
2012-05-21 05:49 . 2011-12-02 16:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:29 . 2010-09-13 16:17 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 08:24 . 2012-04-26 08:24 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 08:24 . 2012-04-26 08:24 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 08:24 . 2012-04-26 08:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 08:24 . 2012-04-26 08:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 08:24 . 2012-04-26 08:24 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-26 08:24 . 2012-04-26 08:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 08:24 . 2012-04-26 08:24 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-26 08:24 . 2012-04-26 08:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 08:24 . 2012-04-26 08:24 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 08:24 . 2012-04-26 08:24 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 08:24 . 2012-04-26 08:24 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 08:24 . 2012-04-26 08:24 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 08:24 . 2012-04-26 08:24 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 08:24 . 2012-04-26 08:24 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 08:24 . 2012-04-26 08:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-26 08:24 . 2012-04-26 08:24 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 08:24 . 2012-04-26 08:24 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 08:24 . 2012-04-26 08:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 08:24 . 2012-04-26 08:24 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 08:24 . 2012-04-26 08:24 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-26 08:24 . 2012-04-26 08:24 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 08:24 . 2012-04-26 08:24 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-26 08:24 . 2012-04-26 08:24 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 08:24 . 2012-04-26 08:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-26 08:24 . 2012-04-26 08:24 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-04-26 08:24 . 2012-04-26 08:24 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 08:24 . 2012-04-26 08:24 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 08:24 . 2012-04-26 08:24 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-26 08:24 . 2012-04-26 08:24 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 08:24 . 2012-04-26 08:24 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 08:24 . 2012-04-26 08:24 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 08:24 . 2012-04-26 08:24 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 08:24 . 2012-04-26 08:24 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 08:24 . 2012-04-26 08:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 08:24 . 2012-04-26 08:24 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 08:24 . 2012-04-26 08:24 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 08:24 . 2012-04-26 08:24 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 08:24 . 2012-04-26 08:24 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 08:24 . 2012-04-26 08:24 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 08:24 . 2012-04-26 08:24 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 08:24 . 2012-04-26 08:24 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 08:24 . 2012-04-26 08:24 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-21 07:31 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-21 07:31 . 2009-08-18 16:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-16 05:39 . 2012-04-16 05:17 1296731543 ----a-w- c:\users\Ben.Ben-PC\SilkroadOnline_SROROfficial_v1_022.exe
2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 03:32 . 2012-04-06 03:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 03:32 . 2012-04-06 03:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-04 20:56 . 2011-11-03 03:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 21:33 . 2012-03-29 21:33 108144 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\kbdclass.sys
.
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\SoftwareDistribution\Download\381aab19d0d6e32692591e63c85c2f8b\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[7] 2011-03-11 . 867C1395F0100CBE9ACD73B1C2741149 . 1685888 . . [6.1.7600.20921] .. c:\windows\SoftwareDistribution\Download\381aab19d0d6e32692591e63c85c2f8b\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[7] 2011-03-11 . 378E0E0DFEA67D98AE6EA53ADBBD76BC . 1657216 . . [6.1.7600.16778] .. c:\windows\SoftwareDistribution\Download\381aab19d0d6e32692591e63c85c2f8b\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\SoftwareDistribution\Download\381aab19d0d6e32692591e63c85c2f8b\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[7] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[7] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16889] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[7] 2011-09-29 . AC3E29880DB5659532A1AA3439304A43 . 1886064 . . [6.1.7600.21060] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[7] 2011-06-21 . F0E98C00A09FDF791525829A1D14240F . 1923968 . . [6.1.7601.17638] .. c:\windows\SoftwareDistribution\Download\f307fc5c29800f410c59b5e1d580a3d4\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[7] 2011-06-21 . B9D87C7707F058AC652A398CD28DE14B . 1896832 . . [6.1.7600.16839] .. c:\windows\SoftwareDistribution\Download\f307fc5c29800f410c59b5e1d580a3d4\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[7] 2011-06-21 . A0EB71E0DC047C7CC95CD6AB4036296E . 1914752 . . [6.1.7601.21754] .. c:\windows\SoftwareDistribution\Download\f307fc5c29800f410c59b5e1d580a3d4\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[7] 2011-06-21 . 5279D4DD69C7C71524B8E7A5746D15CC . 1888128 . . [6.1.7600.20992] .. c:\windows\SoftwareDistribution\Download\f307fc5c29800f410c59b5e1d580a3d4\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[7] 2011-04-25 . B77977AEB2FF159D01DB08A309989C5F . 1927552 . . [6.1.7601.21712] .. c:\windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[7] 2011-04-25 . 92CE29D95AC9DD2D0EE9061D551BA250 . 1923968 . . [6.1.7601.17603] .. c:\windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[7] 2011-04-25 . 61DC720BB065D607D5823F13D2A64321 . 1896832 . . [6.1.7600.16802] .. c:\windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[7] 2011-04-25 . 1F748D5439B65E0BEBD92F65048F030D . 1893248 . . [6.1.7600.20951] .. c:\windows\SoftwareDistribution\Download\da4463397caf4338fc547a263ebe279e\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2009-07-14 . 94FBC06F294D58D02361918418F996E3 . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll
[7] 2009-07-14 . 94FBC06F294D58D02361918418F996E3 . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[7] 2011-11-17 . D21BD47E528CD62E79311FB5DF0150E6 . 31232 . . [6.1.7600.21092] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[7] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2009-07-14 . 7F0C323FE3DA28AA4AA1BDA3F575707F . 848384 . . [7.5.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[7] 2009-07-14 . 7F0C323FE3DA28AA4AA1BDA3F575707F . 848384 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2010-09-13 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2010-09-13 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[7] 2010-09-13 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe
[7] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\system32\wuauclt.exe
.
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll
[7] 2010-08-24 . 882C1C473BE598DF08730DA11C5B2B27 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
[7] 2010-08-21 . 113921FC4A80A3DDF646852998B836D0 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll
[7] 2009-07-14 . C093E7835C1372D6D70A6675EDAA97B5 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\system32\usp10.dll
.
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2011-07-16 . DDBD24DC04DA5FD0EDF45CF72B7C01E2 . 1162240 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_06198dbf73fafd2d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_068d8ab28d28d4d9\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2012-04-26 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[7] 2012-04-26 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . 579F6AFC6A6561951FA2202EFC3FE485 . 634368 . . [7.0.7600.16930] .. c:\windows\system32\msvcrt.dll
.
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2012-04-26 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
[7] 2012-04-26 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16624] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-02 . 5269A787C24D968D291B22F7ED4955B1 . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll
[7] 2009-07-14 . EC56B171F85C7E855E7B0588AC503EEA . 1104384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\system32\termsrv.dll
.
[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2012-03-06 . F96AA8BE1890C99883A6C233F9FB59A7 . 5473136 . . [6.1.7600.21163] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_c8c272dce6e37075\ntoskrnl.exe
[7] 2012-03-06 . 51F2FD7B6C7966AFE271611D786D35A3 . 5504880 . . [6.1.7600.16973] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_c82e2e03cdcdb95a\ntoskrnl.exe
[7] 2012-03-06 . 51F2FD7B6C7966AFE271611D786D35A3 . 5504880 . . [6.1.7600.16973] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll
[7] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
[7] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[7] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[7] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2009-07-14 . 0DE3069D6E09BA262856EF31C941BEFE . 119808 . . [6.1.7600.16385] .. c:\windows\SysWOW64\imm32.dll
[7] 2009-07-14 . 0DE3069D6E09BA262856EF31C941BEFE . 119808 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll
.
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_106e3811a85bbf28\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_10e23504c18996d4\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
.
[7] 2012-04-26 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2012-04-26 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll
.
.
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[7] 2012-04-26 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2012-04-26 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
.
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-09-13 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2010-09-13 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2010-09-13 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2010-09-13 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2010-09-13 . 6D4F9E4B640B413C6F73414327484C80 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[7] 2010-09-13 . CA17F8620815267DC838E30B68CB5052 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll
[7] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.20744] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[7] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] .. c:\windows\SysWOW64\usp10.dll
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 06EF177FE7FEBB1314E42F568FCB55A3 . 3958128 . . [6.1.7600.16973] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2012-03-06 . 06EF177FE7FEBB1314E42F568FCB55A3 . 3958128 . . [6.1.7600.16973] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
[7] 2012-03-06 . 3B237D98A0DFC9395C7D97E33AA38ACF . 3971440 . . [6.1.7600.21163] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2010-09-13 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
[7] 2010-09-13 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\SysWOW64\d3d9.dll
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2012-04-26 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2012-02-28 . 8AFD61FB2D96C8229B7D8604F62FA692 . 673048 . . [8.00.7600.21158] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21158_none_1a67307d8bdc431b\iexplore.exe
[7] 2012-02-28 . 09F6A10AB424E2DE445153065FA076BF . 673048 . . [8.00.7600.16968] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16968_none_19d2eba472c68c00\iexplore.exe
[7] 2011-08-20 . 41FE5E37EFE0B587A688BA0E4FA41288 . 673024 . . [8.00.7600.16869] .. c:\windows\SoftwareDistribution\Download\1b61cd8911af4477d7a6738c4ca827b3\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[7] 2011-08-20 . FA623BE79902A7B49FF4F21117B63C83 . 673024 . . [8.00.7600.21033] .. c:\windows\SoftwareDistribution\Download\1b61cd8911af4477d7a6738c4ca827b3\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
.
[7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2012-03-06 . 0FB535B17A519134C5F9867841B019AF . 3902320 . . [6.1.7600.16973] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2012-03-06 . 0FB535B17A519134C5F9867841B019AF . 3902320 . . [6.1.7600.16973] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntoskrnl.exe
[7] 2012-03-06 . B83E403A94C4CB2D0576DD6945469D16 . 3915632 . . [6.1.7600.21163] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntoskrnl.exe
[7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-06-23 . 638A384E9968036D42BDBDE499A1C8B8 . 3911552 . . [6.1.7600.20994] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2010-09-13 . DD2ED3246F5F4E4B07F385A9520C3C7C . 3899280 . . [6.1.7600.16539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[7] 2010-09-13 . 466FD46F58768E56F7B841681014EFF1 . 3899784 . . [6.1.7600.20655] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b556d31-eeee-de44-19f4-13e37eb9ba64}"= "c:\program files (x86)\BucksBee Loyalty Plugin - Softonic\Helper.dll" [2012-03-29 361984]
.
[HKEY_CLASSES_ROOT\clsid\{6b556d31-eeee-de44-19f4-13e37eb9ba64}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{062DE63C-1398-9124-AD3C-2E5A12DCFE41}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Ben.Ben-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-15 932528]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2012-05-12 1477368]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17438856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 173384]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 483472]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 161064]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-26 75048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 330120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 237568]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000Core.job
- c:\users\Ben.Ben-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 06:56]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1513081266-76834840-2715694445-1000UA.job
- c:\users\Ben.Ben-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
IE: {{a8e3281a-999a-ab24-9566-42314ed92b6e} - c:\program files (x86)\BucksBee Loyalty Plugin - Softonic\ribbon_menu.hta
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ben.Ben-PC\AppData\Roaming\Mozilla\Firefox\Profiles\w1ouiplr.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Dell Game Console - c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\Uninstall.exe
AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-dell-main - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT071246 - c:\program files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT071265 - c:\program files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT071298 - c:\program files (x86)\WildTangent\Dell Games\Diner Dash\Uninstall.exe
AddRemove-WT071418 - c:\program files (x86)\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT071443 - c:\program files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe
AddRemove-WT071469 - c:\program files (x86)\WildTangent\Dell Games\Plants vs. Zombies\Uninstall.exe
AddRemove-WT071472 - c:\program files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe
AddRemove-WT071475 - c:\program files (x86)\WildTangent\Dell Games\Scrabble\Uninstall.exe
AddRemove-WT071478 - c:\program files (x86)\WildTangent\Dell Games\Yahtzee\Uninstall.exe
AddRemove-WT071797 - c:\program files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe
AddRemove-WT071815 - c:\program files (x86)\WildTangent\Dell Games\Monopoly\Uninstall.exe
AddRemove-WT071838 - c:\program files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe
AddRemove-WT071947 - c:\program files (x86)\WildTangent\Dell Games\Virtual Families\Uninstall.exe
AddRemove-WT071952 - c:\program files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Uninstall.exe
AddRemove-WT071953 - c:\program files (x86)\WildTangent\Dell Games\Peggle\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
.
**************************************************************************
.
Completion time: 2012-06-18 19:02:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 00:02
.
Pre-Run: 327,286,472,704 bytes free
Post-Run: 327,942,139,904 bytes free
.
- - End Of File - - C0B5CCAA5C564434C05D18ED96228E8C

#6 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 18 June 2012 - 09:11 PM

Here are also screenshots of what I was talking about and how it hops around.

http://i47.tinypic.com/xblcw2.png

http://i48.tinypic.com/1p9dao.png

http://i49.tinypic.com/281r8u8.png

Malware Bytes also notifies me that it blocks any action done by these programs.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 19 June 2012 - 08:07 AM

benyu332,

The screenshots were very helpful! :thumbup2:

However, by looking at those screenshots, I don't see that the CPU usage is high (it's only 16-17%). I do see some suspicious processes, though.

SystemLook
Please download Systemlook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    xtuw.exe
    brs.exe
    gawyda.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2012 - 01:36 PM

Here are the logs for System Look:

ook 30.07.11 by jpshortstuff
Log created at 13:33 on 19/06/2012 by Ben
Administrator - Elevation successful

========== filefind ==========

Searching for "xtuw.exe"
No files found.

Searching for "brs.exe"
C:\Program Files (x86)\CyberLink\Shared files\brs.exe --a---- 75048 bytes [16:51 13/09/2010] [10:10 26/04/2010] AC9B4D950943A3C173F8657BD08BF325

Searching for "gawyda.exe"
C:\gawyda.exe -r-hs-- 103140 bytes [23:35 18/06/2012] [23:35 18/06/2012] 6B720F4F8C3901818BBAB26D115299C6

-= EOF =-

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 19 June 2012 - 01:42 PM

benyu332,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=139 and upload this file there:

C:\gawyda.exe
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2012 - 01:47 PM

Just did that, and couldn't find it :(

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 19 June 2012 - 01:57 PM

Let's try it a different way...

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic457061.html

Collect::[139]
C:\gawyda.exe

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

If prompted to update Combofix, please click Yes to allow it to update.

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2012 - 03:04 PM

Hey Jason,

I ran ComboFix with the attached CFScript.txt and all was fine until the log generation. After it rebooted, MalwareBytes re-enabled its protection and detected a potential backdoor.agent:

http://i50.tinypic.com/34s2uk3.png

There were several others that I quarantined coming from that same folder, one of them being CITS.exe.

Were these the files required to create the logs? Because a log was not generated afterwards.

#13 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 June 2012 - 03:27 PM

Oh and gawyda.exe showed up just now, so I went ahead and submitted it for analysis!

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 19 June 2012 - 04:10 PM

benyu332,

I'm afraid I have very bad news.

The gawyda.exe file is Win32/Sality, a dangerous polymorphic file infector which infects .exe, .scr files, creates a peer-to-peer (P2P) botnet that compromises your computer, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why?

As an entry-point obscuring (EPO) polymorphic file infector, the virus gains control of the host body by overwriting the file with complex and encrypted code instructions. The goal of the complex code is to make analysis more difficult for researchers to see the real purpose and functionality implemented in the code...Infected files will have their original, initial instructions overwritten by complex code instructions with the encrypted viral code body located in the last section of the file.

Symantec's Assessment of Win/32Sality

As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus

Sality is commonly spread via a flash drive (usb, pen, thumb, jump) where it can infect executable files on local, removable and remote shared drives. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

Since Win32.Sality is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly.


If you would like to continue, please follow the steps below, but I cannot promise you that we will completely remove all traces of this file infector.


Kaspersky's SalityKiller
  • Download and extract SalityKiller.zip to your C drive, C:\
  • Hold down the Windows key, and press the R key.
  • In the run window that opens, type the following, and press Enter.

    C:\SalityKiller.exe -l salitylog.txt
  • Restart your computer after it is finished (even if not prompted.)
  • Download and extract Sality_Regkeys.zip
  • Double click on the Disable_autorun.reg file that was just extracted. Click Yes when prompted to add the information to the registry.
  • Double click on the SafebootWin7.reg file that was just extracted. Click Yes when prompted to add the information to the registry.


In your next reply, please include:
  • SalityKiller log (located at C:\salitylog.txt)
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 benyu332

benyu332
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 June 2012 - 01:19 PM

Hey Jason! I cannot thank you enough. I've run the scan, and turns out it has infected nearly every single application from A-Z. This is going to take a while, but I will try to keep you updated ASAP. I ran the scan overnight, but it seemed to have "bluescreened" and restarted. I'm going to run it again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users