Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am stumped on this one Redirect to http://delivererspywareinfect.in


  • This topic is locked This topic is locked
26 replies to this topic

#1 molitar

molitar

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 21 June 2012 - 02:26 AM

Here are the logs.. Firefox browser will mysteriously route to above page and report I am infected.

Attached Files

  • Attached File  Gmer.log   852bytes   2 downloads
  • Attached File  DDS.txt   34.42KB   4 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 22 June 2012 - 01:36 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 22 June 2012 - 02:58 AM

Hi Gringo,

Ok what is weird is this one seems to be quite intermittent. It will not happen for a while but I will make a click and get redirected.. The above website shows up and another that showed up on me was a webpage with a capture of the Windows Malware detection window which I do not use. So instead of clicking on window I will alt+end+task it as I know clicking on the window even the X can act as a button on them type of pages.

Previous scans before I resorted to asking for assistance here was Malwarebytes and KIS 2012 rootkit and full scan. Secondly I had tried Combofix and it made my computer unbootable so I restored back to a 3 week full image and got back up and going. I have now installed Rollback RX for times like that.. but that is the first time I ever had Combofix totally hose the boot up of Windows but I knew it could happen and had a semi-recent backup before running so I ran it.

I ran the two above as recommended in your 1-9 step by another person informing me to run steps 6-9 than post in this forum for assistance so I did. First attempt to run Security Check terminated after sitting at Terminated at Performing System Health Check. I started it a second time and it completed..

Attached Files


Edited by molitar, 22 June 2012 - 03:00 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 22 June 2012 - 03:12 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 22 June 2012 - 08:54 PM

Ok here is the paste.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 22-06-2012 21:40:47
Running from H:\
Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd [x]
HKLM\...\Run: [Cmaudio8768GX] C:\Windows\system\HsMgr.exe Envoke [200704 2008-07-11] ()
HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456 2012-04-01] (IvoSoft)
HKLM\...\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [4375320 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [shield] C:\Program Files\Shield\shieldtray.exe [3518800 2009-05-11] ()
HKU\malaac\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [328056 2010-11-28] (BitTorrent, Inc.)
HKU\malaac\...\Run: [3RVX] C:\Program Files\3RVX\3RVX.exe [159232 2008-10-13] (matt.malensek.net)
HKU\malaac\...\Run: [NuonSoft Wallpaper Cycler] "C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [4734008 2009-06-30] (NuonSoft)
HKU\malaac\...\Run: [Icon Remover] C:\Program Files\Icon Remover\IconRemover.exe /hideapp [742400 2008-03-25] (IconRemover.com)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\..\Interfaces\{4ED4E541-EE13-4C10-A463-34BE894D06C3}: [NameServer]192.168.1.1,4.2.2.1

================================ Services (Whitelisted) ==================

3 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-12] (Acronis)
3 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2011-11-09] (AMD)
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [291840 2011-11-09] (Advanced Micro Devices, Inc.)
2 AVP; "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-04-24] (Kaspersky Lab ZAO)
3 BestSyncSvc; "C:\Program Files\BestSync 2012\BestSyncSvc.exe" [2793208 2012-01-03] (RiseFly Software)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 Futuremark SystemInfo Service; "C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [135584 2012-03-26] (Futuremark Corporation)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [295192 2011-09-27] (Logitech, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [503080 2010-05-04] (Nero AG)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 SHDSERV; C:\Program Files\Shield\shdserv.exe [221184 2009-05-11] ()
2 ShieldClientService; C:\Program Files\Shield\shieldclnt.exe [45056 2009-05-11] ()
3 SshSharedFolderService2; "C:\Program Files\SshSharedFoldersSetup\SshSharedFolderService2.exe" [8704 2011-07-11] (IIC Internet LLC)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
4 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2666880 2012-03-19] (TeamViewer GmbH)
2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-12] (The Within Network, LLC)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\DRIVERS\afcdp.sys [234752 2012-05-12] (Acronis)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8913920 2011-11-09] (Advanced Micro Devices, Inc.)
0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices)
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1569792 2011-03-30] (C-Media Inc)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-24] (DT Soft Ltd)
3 FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys [21592 2012-01-11] ()
0 fltsrv; C:\Windows\System32\DRIVERS\fltsrv.sys [80416 2012-05-12] (Acronis)
0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [58568 2011-08-04] (Paragon Software Group)
3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
2 HWiNFO32; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [20088 2010-09-29] (REALiX(tm))
0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2012-04-24] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [41240 2011-09-01] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-01] (Logitech, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [25912 2010-05-09] (Your Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-13] (Microsoft Corporation)
3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [7680 2010-10-19] (MSI)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
0 phylock; C:\Windows\System32\drivers\phylock.sys [26720 2012-03-13] (TeraByte, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2012-01-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2012-01-18] ()
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [193640 2010-06-17] (Realtek Semiconductor Corp.)
0 Shdbus; C:\Windows\System32\Drivers\Shdbus.sys [7376 2009-05-11] ()
0 Shield; C:\Windows\System32\Drivers\Shield.sys [104912 2009-05-11] ()
0 Shieldf; C:\Windows\System32\Drivers\Shieldf.sys [24912 2009-05-11] ()
0 Shieldm; C:\Windows\System32\Drivers\Shieldm.sys [32336 2009-05-11] ()
3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [121064 2011-05-12] (MCCI Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [77184 2010-11-20] (Microsoft Corporation)
3 TBIMount; C:\Windows\System32\drivers\tbimount.sys [87648 2010-12-01] (TeraByte, Inc.)
3 terminpt; C:\Windows\system32\drivers\terminpt.sys [25600 2010-11-20] (Microsoft Corporation)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [614592 2012-05-12] (Acronis)
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation)
1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-08-04] (Windows (R) 2000 DDK provider)
1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-08-04] (Paragon)
1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-08-04] (Paragon)
2 uxpatch; \??\C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-12] ()
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-05-12] (Acronis)
3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo.sys [x]
4 sptd; C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-20 16:45 - 2012-06-20 16:45 - 00000000 ____D C:\Windows\System32\configfix
2012-06-20 16:45 - 2012-06-20 16:45 - 00000000 ____D C:\Program Files\Shield
2012-06-20 16:45 - 2009-05-11 08:17 - 00104912 ____N () C:\Windows\System32\Drivers\Shield.sys
2012-06-20 16:45 - 2009-05-11 08:17 - 00032336 ____N () C:\Windows\System32\Drivers\Shieldm.sys
2012-06-20 16:45 - 2009-05-11 08:17 - 00024912 ____N () C:\Windows\System32\Drivers\Shieldf.sys
2012-06-20 16:45 - 2009-05-11 08:17 - 00007376 ____N () C:\Windows\System32\Drivers\Shdbus.sys
2012-06-20 16:45 - 2009-02-07 13:36 - 00004608 ____N (Windows (R) 2000 DDK provider) C:\Windows\System32\chkvdisk.exe
2012-06-20 13:30 - 2012-06-20 13:30 - 00000000 ____D C:\Users\All Users\TBIView
2012-06-20 13:30 - 2012-06-20 13:30 - 00000000 ____D C:\Program Files\TeraByte Unlimited
2012-06-20 13:30 - 2010-12-01 15:17 - 00087648 ____A (TeraByte, Inc.) C:\Windows\System32\Drivers\TBIMount.sys
2012-06-20 13:29 - 2012-03-13 14:49 - 00026720 ____A (TeraByte, Inc.) C:\Windows\System32\Drivers\phylock.sys
2012-06-20 13:29 - 2010-12-01 14:24 - 00084480 ____A C:\Windows\tbicd2hd.exe
2012-06-20 13:13 - 2012-06-20 13:19 - 00018596 ____A C:\Windows\2dfightermaker2nd20022.mid
2012-06-20 12:42 - 2012-06-20 12:42 - 00000000 ____D C:\Users\malaac\AppData\Local\{F7DCBE88-5386-4C11-B060-32EC110718D9}
2012-06-20 12:42 - 2012-06-20 12:42 - 00000000 ____D C:\Users\malaac\AppData\Local\{BB08595D-96D6-4D55-AFA8-C11705BDBA28}
2012-06-20 05:08 - 2012-06-20 05:08 - 00001148 ____A C:\Windows\System32\game.ini
2012-06-20 04:59 - 2012-06-20 05:11 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Nero
2012-06-20 04:59 - 2012-06-20 04:59 - 00000000 ____D C:\Users\malaac\AppData\Local\Nero
2012-06-20 04:37 - 2012-06-20 04:45 - 00000000 ____D C:\Program Files\Nero
2012-06-20 04:37 - 2012-06-20 04:39 - 00000000 ____D C:\Program Files\Common Files\Nero
2012-06-20 04:32 - 2012-06-20 14:08 - 00000056 ____A C:\Windows\kgt2k.INI
2012-06-19 22:09 - 2012-06-19 22:09 - 03293592 ____A C:\Windows\System32\AcronisTrueImage.msi.txt
2012-06-19 21:41 - 2012-06-19 21:41 - 00000000 ____D C:\Users\All Users\restore
2012-06-19 21:38 - 2012-06-19 21:38 - 00000000 ____D C:\Users\All Users\ftw
2012-06-19 18:12 - 2012-06-19 18:12 - 00000017 ____A C:\Users\malaac\AppData\Local\resmon.resmoncfg
2012-06-19 15:57 - 2012-06-19 15:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{D5962EAD-D027-4FB7-A1D1-23EF4CED48AC}
2012-06-19 15:57 - 2012-06-19 15:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{7A62A449-9103-473A-B9D1-B309FAF7712E}
2012-06-19 15:48 - 2012-06-17 23:09 - 00002070 ____A C:\Users\malaac\Desktop\Ultimate Defrag.lnk
2012-06-19 01:07 - 2012-06-19 01:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{E55B3227-737D-4135-9C3F-AD23E63C32CE}
2012-06-19 01:07 - 2012-06-19 01:07 - 00000000 ____D C:\Users\malaac\AppData\Local\{283F0BA3-FDE4-410E-A1BB-FF68C0758806}
2012-06-18 18:33 - 2012-06-18 18:33 - 00000250 ____A C:\user.js
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\YourFileDownloader
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\BabylonToolbar
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Babylon
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\All Users\Babylon
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Program Files\BabylonToolbar
2012-06-18 11:15 - 2012-06-18 11:15 - 264024965 ____A C:\_Defrag.log
2012-06-18 09:21 - 2012-06-18 09:21 - 00000000 ____D C:\Users\malaac\AppData\Local\{1E135858-45B6-4BB3-98EA-C1643E653E15}
2012-06-17 21:57 - 2012-06-17 21:57 - 00000000 ____D C:\Users\malaac\AppData\Roaming\sol-fa-soft
2012-06-17 18:54 - 2012-06-17 18:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{B1777B10-EB66-4893-9409-75B7E7D0EAFB}
2012-06-16 21:57 - 2012-06-16 21:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{AE083E68-102A-417E-A6B3-8F2E9E4B0C04}
2012-06-16 17:30 - 2012-06-16 17:30 - 00000000 ____D C:\Users\All Users\scripts
2012-06-16 16:34 - 2012-06-17 00:42 - 00001022 ____A C:\Windows\Tasks\Paragon Archive name arc_170612001811664.job
2012-06-16 16:15 - 2012-06-16 16:15 - 00000000 ____D C:\archive_db
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\launcher
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\explauncher
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\complexbackup
2012-06-16 13:24 - 2012-06-16 13:24 - 00000000 ____D C:\Users\All Users\ATI
2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Program Files\AMD APP
2012-06-16 11:45 - 2012-06-16 11:45 - 00000000 ____D C:\ATI
2012-06-16 11:25 - 2012-06-16 18:10 - 00000000 ____D C:\Program Files\EventGhost
2012-06-16 10:58 - 2012-06-16 10:58 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-06-16 10:48 - 2012-06-16 13:22 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-16 10:48 - 2012-06-16 10:48 - 00000000 ____D C:\Program Files\ATI
2012-06-16 10:31 - 2012-06-16 10:48 - 00000000 ____D C:\Windows\pss
2012-06-16 09:09 - 2011-08-04 13:32 - 00058568 ____A (Paragon Software Group) C:\Windows\System32\Drivers\hotcore3.sys
2012-06-16 09:08 - 2012-06-16 09:08 - 00000000 ____D C:\Program Files\Paragon Software
2012-06-16 08:00 - 2012-06-16 08:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{91EED608-E278-4CA7-9E15-5889320E7F75}
2012-06-15 22:48 - 2012-06-15 22:49 - 00000020 ____A C:\Users\malaac\defogger_reenable
2012-06-15 18:23 - 2012-06-15 18:23 - 00000000 ____D C:\Users\malaac\AppData\Local\{62B637B2-6AD6-4C9D-BD75-2EE467A314A0}
2012-06-15 17:46 - 2012-01-11 10:31 - 00021592 ____A C:\Windows\System32\Drivers\farmntio.sys
2012-06-15 17:45 - 2012-06-15 18:40 - 00000529 __RSH C:\Windows\System32\VFsRegister
2012-06-15 17:45 - 2012-06-15 18:40 - 00000000 ____D C:\Program Files\FarStone Total Recovery
2012-06-15 17:45 - 2012-06-15 17:46 - 00000000 ____D C:\Users\All Users\Farstone
2012-06-15 17:45 - 2012-06-15 17:45 - 00000000 ____A C:\Windows\System32\EFB.log
2012-06-15 17:45 - 2012-06-15 17:45 - 00000000 ____A C:\Windows\System32\DiskMgr.log
2012-06-15 16:25 - 2012-06-15 16:25 - 00000000 ____D C:\Users\All Users\Helios
2012-06-15 16:24 - 2012-06-15 16:24 - 00000000 ____D C:\Program Files\TextPad 6
2012-06-15 15:18 - 2012-06-15 15:18 - 00000042 ____A C:\Windows\System32\DuplicateFileCleaner.lie
2012-06-15 14:52 - 2012-06-15 14:52 - 00000000 ____D C:\Program Files\Desktop Restore
2012-06-15 14:19 - 2012-06-15 14:20 - 00001024 ____A C:\Windows\System32\AutoPartNt.let
2012-06-15 14:19 - 2012-06-15 14:19 - 02593120 ____A (Acronis) C:\Windows\System32\AutoPartNt.exe
2012-06-15 12:02 - 2012-06-15 12:03 - 00000000 ____D C:\Users\malaac\AppData\Local\{B5E5408D-BF6D-4955-BBD9-F1FBE9CB984B}
2012-06-11 12:33 - 2012-06-11 12:33 - 00095080 ____A (DiskTrix Inc) C:\Windows\System32\UDBDef.exe
2012-06-08 16:11 - 2012-06-08 16:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{228E5462-84D8-4862-AB53-CD77F28C4493}
2012-06-08 16:10 - 2012-06-08 16:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{F7D6F4E0-7907-4AA7-8D08-8088DCE34457}
2012-06-07 19:14 - 2012-06-07 19:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{62CA1EA4-81D3-4E47-B745-9DB341349AA6}
2012-06-07 19:13 - 2012-06-07 19:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{B0D94D69-BC9D-4E2E-8D8C-378DF0054186}
2012-06-07 19:00 - 2012-06-07 19:00 - 00000436 ____A C:\Users\malaac\.webaom
2012-06-07 18:11 - 2012-06-07 18:12 - 00000000 __SHD C:\Users\malaac\wc
2012-06-07 18:11 - 2012-06-07 18:12 - 00000000 __SHD C:\Users\malaac\AppData\Roaming\wyUpdate AU
2012-06-06 15:05 - 2012-06-06 15:05 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2012-06-06 15:04 - 2012-06-06 15:04 - 00000000 ____D C:\Users\malaac\AppData\Roaming\InstallShield
2012-06-06 14:44 - 2012-06-06 14:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{EBC160BA-B723-4450-9CAD-83DC9EAA6C28}
2012-06-06 14:44 - 2012-06-06 14:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{B8268A91-2F26-4F88-A91E-6FF21C62AC23}
2012-06-06 07:44 - 2012-06-06 07:44 - 00000000 ____D C:\Users\malaac\AppData\Local\LogMeIn
2012-06-05 21:51 - 2012-06-05 21:51 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ChemTable Software
2012-06-05 21:50 - 2012-06-05 22:00 - 00000000 ____D C:\Users\malaac\AppData\Local\AnVir
2012-06-05 21:50 - 2012-06-05 21:50 - 00000000 ____D C:\Users\malaac\AppData\Local\ChemTable Software
2012-06-05 21:10 - 2012-06-05 20:12 - 00001228 ____A C:\Users\malaac\Desktop\DomDomSoft Anime Downloader.lnk
2012-06-05 18:09 - 2012-06-05 18:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{E2DDF058-E040-44E8-AEEC-F4D800581B23}
2012-06-05 18:09 - 2012-06-05 18:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{A3D2ED97-0180-4A8D-AC4A-1ECEDD4B2782}
2012-06-04 18:02 - 2012-06-04 18:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{9038DC3B-2D6A-45C1-9029-9C2C5260FFD8}
2012-06-04 18:02 - 2012-06-04 18:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{60AF8AF8-9566-4D03-8596-5FC482D2F9F2}
2012-06-03 18:53 - 2012-06-03 18:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{EA4CEF9A-D636-4FF0-9F2D-E704EEC26906}
2012-06-03 18:53 - 2012-06-03 18:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{46CCD59B-CDED-45A7-9E5F-6F434260D3F5}
2012-06-03 06:10 - 2012-06-03 06:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{E63DFF13-3880-4F82-BB4E-11C40B7C93DB}
2012-06-03 06:09 - 2012-06-03 06:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{56C895ED-8ACF-45EA-B73A-1BA1E0974BEB}
2012-06-02 09:52 - 2012-06-02 09:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{9F6CEB12-E3E5-485B-B301-7847723A204D}
2012-06-02 09:52 - 2012-06-02 09:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{429FBC0E-C1F9-4058-9C69-6F4E3EF993F5}
2012-06-01 05:54 - 2012-06-01 05:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{37E9B342-77F5-4DE9-BB02-D3E2B0E3EFEA}
2012-06-01 05:54 - 2012-06-01 05:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{0E8BC82E-F216-4E12-887F-F57192EBDBC7}
2012-05-31 17:52 - 2012-05-31 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{A2A1F1B2-6322-48C1-81DF-B2EF7A8C8B80}
2012-05-31 17:51 - 2012-05-31 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{A8DFD46B-A5C5-4571-8079-E5E44FE19AB6}
2012-05-30 23:54 - 2012-05-30 23:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{AB791FC7-F49A-44B8-8D50-CEF384254EFB}
2012-05-30 23:54 - 2012-05-30 23:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{9FBD2A0D-CD9B-4D4E-9C37-EB26864DCAE8}
2012-05-30 07:40 - 2012-05-30 07:40 - 00000000 ____D C:\Users\malaac\AppData\Local\{5D922DDB-8524-4612-B20A-C53C4151FB15}
2012-05-30 07:40 - 2012-05-30 07:40 - 00000000 ____D C:\Users\malaac\AppData\Local\{38E69E31-3815-4054-B3EB-15B69AD3AA49}
2012-05-29 17:00 - 2012-05-29 17:01 - 00000000 ____D C:\Users\malaac\AppData\Local\{9DF66D3E-2950-4B0F-8CAD-4321D6944F5D}
2012-05-29 17:00 - 2012-05-29 17:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{AB23A6FF-F35E-4E8A-AF1F-DCCB745B57D4}
2012-05-29 04:53 - 2012-05-29 04:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{32BBF458-B5DF-495C-B54E-5EDCF5E1490B}
2012-05-29 04:53 - 2012-05-29 04:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{0F1138E7-6F66-4CBE-BE1E-36F4911FF9CD}
2012-05-28 21:53 - 2012-05-28 21:57 - 00000000 ____D C:\Users\malaac\AppData\Local\???????????
2012-05-28 19:07 - 2012-05-28 21:27 - 00007680 ____A C:\Users\malaac\Untitled.fsl
2012-05-28 08:24 - 2012-05-28 08:24 - 00000000 ____D C:\Users\malaac\AppData\Local\{41D39EF1-CE8B-4F47-AA84-3016475035CA}
2012-05-28 08:23 - 2012-05-28 08:24 - 00000000 ____D C:\Users\malaac\AppData\Local\{415C80E9-B987-437D-B01C-C932D6F42FA5}
2012-05-27 18:46 - 2012-05-28 21:27 - 00000036 ____A C:\Users\malaac\Untitled.fsf
2012-05-27 18:46 - 2012-05-28 21:27 - 00000032 ____A C:\Users\malaac\Untitled.fss
2012-05-27 18:46 - 2012-05-27 18:46 - 00000858 ____A C:\Users\malaac\Untitled.fsf~
2012-05-27 18:25 - 2012-05-27 18:25 - 00000000 ____D C:\Program Files\BestSync 2012
2012-05-27 17:45 - 2012-05-27 17:46 - 00000000 ____D C:\Users\malaac\AppData\Local\{3EAE7071-8170-4B9D-963C-875FE5BA756C}
2012-05-27 17:45 - 2012-05-27 17:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{74C4DEAE-94C3-4FC7-8D97-CAC4FDC5DC97}
2012-05-27 01:22 - 2012-05-27 01:23 - 00000000 ____D C:\Users\malaac\AppData\Local\{938BC177-2F20-4C34-BE56-8EDCA82386CD}
2012-05-27 01:22 - 2012-05-27 01:22 - 00000000 ____D C:\Users\malaac\AppData\Local\{CD1AF868-29ED-40C3-837A-4FCD799BF55A}
2012-05-26 22:16 - 2012-05-26 22:26 - 00000000 ____D C:\Users\All Users.WINDOWS\Application Data\RFA_Backups
2012-05-26 10:28 - 2012-05-26 10:28 - 00000000 ____D C:\Users\malaac\AppData\Local\{D0261E39-FF3E-49E5-8E22-758BBD157193}
2012-05-26 10:28 - 2012-05-26 10:28 - 00000000 ____D C:\Users\malaac\AppData\Local\{15DDA562-0427-4CF8-B219-EAE16488CF40}
2012-05-25 20:45 - 2012-05-25 20:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{28BE4936-6E98-4CCA-8AB2-C5532FA0F40E}
2012-05-25 20:44 - 2012-05-25 20:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{25693234-90C5-4BA9-9D1B-00B507FCB750}
2012-05-25 08:32 - 2012-05-25 08:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{7A553CC4-A4D1-4877-8EFC-61E78F8BBDD0}
2012-05-25 08:32 - 2012-05-25 08:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{089F7DC9-1FFA-4FB3-A14B-7D451ACBEAC9}
2012-05-24 19:43 - 2012-05-24 19:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{11BAFB3C-1724-4334-B2F5-92ED59C8F461}
2012-05-24 19:43 - 2012-05-24 19:43 - 00000000 ____D C:\Users\malaac\AppData\Local\{C4E4A911-A2C1-40C5-89E5-E012B611CE64}
2012-05-24 04:46 - 2012-05-24 04:46 - 00000000 ____D C:\Users\malaac\AppData\Local\{A2284A3A-8FE2-4AF7-A47D-39039878B96B}
2012-05-24 04:45 - 2012-05-24 04:46 - 00000000 ____D C:\Users\malaac\AppData\Local\{0C5354BF-5993-47CA-A1AA-34F13B387418}
2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Users\All Users\Sync App Settings
2012-05-23 20:29 - 2012-05-27 18:06 - 00000000 ____D C:\Program Files\Allway Sync
2012-05-23 19:23 - 2012-06-20 17:13 - 00000350 ____A C:\Windows\Tasks\MyBackup.job
2012-05-23 18:59 - 2012-05-25 17:07 - 00000000 ____D C:\Program Files\DeltaCopy
2012-05-23 18:59 - 2012-05-23 18:59 - 00000000 ____D C:\Windows\Downloaded Installations
2012-05-23 12:34 - 2012-05-23 12:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{9CE74DE6-37C8-42BF-9E89-91C583378F8F}
2012-05-23 12:34 - 2012-05-23 12:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{449808EC-528C-4948-B24D-8E4ED3C228C9}


============ 3 Months Modified Files and Folders ===============

2012-06-20 17:16 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\uTorrent
2012-06-20 17:13 - 2012-05-23 19:23 - 00000350 ____A C:\Windows\Tasks\MyBackup.job
2012-06-20 17:13 - 2012-05-05 15:08 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-20 17:13 - 2012-04-20 19:01 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-20 17:00 - 2012-04-24 05:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-20 16:58 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-20 16:58 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-20 16:45 - 2012-06-20 16:45 - 00000000 ____D C:\Windows\System32\configfix
2012-06-20 16:45 - 2012-06-20 16:45 - 00000000 ____D C:\Program Files\Shield
2012-06-20 16:19 - 2012-05-05 15:08 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-20 14:08 - 2012-06-20 04:32 - 00000056 ____A C:\Windows\kgt2k.INI
2012-06-20 13:30 - 2012-06-20 13:30 - 00000000 ____D C:\Users\All Users\TBIView
2012-06-20 13:30 - 2012-06-20 13:30 - 00000000 ____D C:\Program Files\TeraByte Unlimited
2012-06-20 13:19 - 2012-06-20 13:13 - 00018596 ____A C:\Windows\2dfightermaker2nd20022.mid
2012-06-20 13:10 - 2012-04-24 12:46 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2012-06-20 13:04 - 2010-05-07 06:18 - 00000000 ____D C:\Program Files\Trillian
2012-06-20 12:42 - 2012-06-20 12:42 - 00000000 ____D C:\Users\malaac\AppData\Local\{F7DCBE88-5386-4C11-B060-32EC110718D9}
2012-06-20 12:42 - 2012-06-20 12:42 - 00000000 ____D C:\Users\malaac\AppData\Local\{BB08595D-96D6-4D55-AFA8-C11705BDBA28}
2012-06-20 12:42 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Windows Live
2012-06-20 05:12 - 2012-04-24 12:21 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DAEMON Tools Lite
2012-06-20 05:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-06-20 05:11 - 2012-06-20 04:59 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Nero
2012-06-20 05:08 - 2012-06-20 05:08 - 00001148 ____A C:\Windows\System32\game.ini
2012-06-20 04:59 - 2012-06-20 04:59 - 00000000 ____D C:\Users\malaac\AppData\Local\Nero
2012-06-20 04:45 - 2012-06-20 04:37 - 00000000 ____D C:\Program Files\Nero
2012-06-20 04:45 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Nero
2012-06-20 04:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Cursors
2012-06-20 04:39 - 2012-06-20 04:37 - 00000000 ____D C:\Program Files\Common Files\Nero
2012-06-20 04:29 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 22:09 - 2012-06-19 22:09 - 03293592 ____A C:\Windows\System32\AcronisTrueImage.msi.txt
2012-06-19 22:09 - 2012-04-23 19:31 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-06-19 21:41 - 2012-06-19 21:41 - 00000000 ____D C:\Users\All Users\restore
2012-06-19 21:38 - 2012-06-19 21:38 - 00000000 ____D C:\Users\All Users\ftw
2012-06-19 19:13 - 2010-05-10 17:49 - 00000000 ____D C:\Program Files\Hard Disk Sentinel
2012-06-19 18:12 - 2012-06-19 18:12 - 00000017 ____A C:\Users\malaac\AppData\Local\resmon.resmoncfg
2012-06-19 17:44 - 2010-11-20 13:01 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-19 15:57 - 2012-06-19 15:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{D5962EAD-D027-4FB7-A1D1-23EF4CED48AC}
2012-06-19 15:57 - 2012-06-19 15:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{7A62A449-9103-473A-B9D1-B309FAF7712E}
2012-06-19 01:08 - 2012-06-19 01:07 - 00000000 ____D C:\Users\malaac\AppData\Local\{E55B3227-737D-4135-9C3F-AD23E63C32CE}
2012-06-19 01:07 - 2012-06-19 01:07 - 00000000 ____D C:\Users\malaac\AppData\Local\{283F0BA3-FDE4-410E-A1BB-FF68C0758806}
2012-06-18 18:33 - 2012-06-18 18:33 - 00000250 ____A C:\user.js
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\YourFileDownloader
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\BabylonToolbar
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Babylon
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Users\All Users\Babylon
2012-06-18 18:33 - 2012-06-18 18:33 - 00000000 ____D C:\Program Files\BabylonToolbar
2012-06-18 11:15 - 2012-06-18 11:15 - 264024965 ____A C:\_Defrag.log
2012-06-18 09:43 - 2012-04-23 23:20 - 00002283 ____A C:\Users\malaac\Desktop\Notes.txt
2012-06-18 09:21 - 2012-06-18 09:21 - 00000000 ____D C:\Users\malaac\AppData\Local\{1E135858-45B6-4BB3-98EA-C1643E653E15}
2012-06-17 23:09 - 2012-06-19 15:48 - 00002070 ____A C:\Users\malaac\Desktop\Ultimate Defrag.lnk
2012-06-17 23:09 - 2010-05-08 08:24 - 00000000 ____D C:\Program Files\DiskTrix
2012-06-17 23:09 - 2009-07-13 18:04 - 00000857 ____A C:\Windows\win.ini
2012-06-17 21:57 - 2012-06-17 21:57 - 00000000 ____D C:\Users\malaac\AppData\Roaming\sol-fa-soft
2012-06-17 18:54 - 2012-06-17 18:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{B1777B10-EB66-4893-9409-75B7E7D0EAFB}
2012-06-17 00:42 - 2012-06-16 16:34 - 00001022 ____A C:\Windows\Tasks\Paragon Archive name arc_170612001811664.job
2012-06-16 21:57 - 2012-06-16 21:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{AE083E68-102A-417E-A6B3-8F2E9E4B0C04}
2012-06-16 18:10 - 2012-06-16 11:25 - 00000000 ____D C:\Program Files\EventGhost
2012-06-16 18:02 - 2012-04-21 05:02 - 00000000 ____D C:\Downloaded
2012-06-16 17:30 - 2012-06-16 17:30 - 00000000 ____D C:\Users\All Users\scripts
2012-06-16 16:15 - 2012-06-16 16:15 - 00000000 ____D C:\archive_db
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\launcher
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\explauncher
2012-06-16 16:11 - 2012-06-16 16:11 - 00000000 ____D C:\Users\All Users\complexbackup
2012-06-16 13:24 - 2012-06-16 13:24 - 00000000 ____D C:\Users\All Users\ATI
2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-06-16 13:22 - 2012-06-16 13:22 - 00000000 ____D C:\Program Files\AMD APP
2012-06-16 13:22 - 2012-06-16 10:48 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-16 13:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-16 11:45 - 2012-06-16 11:45 - 00000000 ____D C:\ATI
2012-06-16 11:19 - 2011-05-27 22:21 - 00000000 ____D C:\Program Files\EventGhost2
2012-06-16 10:58 - 2012-06-16 10:58 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-06-16 10:55 - 2012-04-25 12:22 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ATI
2012-06-16 10:55 - 2012-04-23 19:18 - 00000000 ____D C:\Users\malaac\AppData\Local\ATI
2012-06-16 10:49 - 2012-04-23 19:04 - 00000000 ____D C:\Users\All Users\AMD
2012-06-16 10:48 - 2012-06-16 10:48 - 00000000 ____D C:\Program Files\ATI
2012-06-16 10:48 - 2012-06-16 10:31 - 00000000 ____D C:\Windows\pss
2012-06-16 10:44 - 2010-06-26 14:02 - 00000000 ____D C:\Program Files\DriverCleanerDotNET
2012-06-16 10:28 - 2011-05-21 16:54 - 00000295 ___SH C:\boot.ini
2012-06-16 09:52 - 2010-05-06 18:19 - 00000000 ____D C:\Dos
2012-06-16 09:48 - 2012-04-21 18:45 - 00000000 ___RD C:\bootwiz
2012-06-16 09:08 - 2012-06-16 09:08 - 00000000 ____D C:\Program Files\Paragon Software
2012-06-16 08:57 - 2012-05-17 20:07 - 00000260 ____A C:\Windows\System32\cmdVBS.vbs
2012-06-16 08:57 - 2012-05-17 20:07 - 00000256 ____A C:\Windows\System32\MSIevent.bat
2012-06-16 08:00 - 2012-06-16 08:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{91EED608-E278-4CA7-9E15-5889320E7F75}
2012-06-15 22:49 - 2012-06-15 22:48 - 00000020 ____A C:\Users\malaac\defogger_reenable
2012-06-15 22:48 - 2012-04-23 18:54 - 00000000 ____D C:\users\malaac
2012-06-15 19:04 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Downloaded Installations
2012-06-15 18:40 - 2012-06-15 17:45 - 00000529 __RSH C:\Windows\System32\VFsRegister
2012-06-15 18:40 - 2012-06-15 17:45 - 00000000 ____D C:\Program Files\FarStone Total Recovery
2012-06-15 18:23 - 2012-06-15 18:23 - 00000000 ____D C:\Users\malaac\AppData\Local\{62B637B2-6AD6-4C9D-BD75-2EE467A314A0}
2012-06-15 18:23 - 2012-05-13 19:23 - 00002488 ____A C:\Users\malaac\Desktop\Warranty.txt
2012-06-15 17:46 - 2012-06-15 17:45 - 00000000 ____D C:\Users\All Users\Farstone
2012-06-15 17:45 - 2012-06-15 17:45 - 00000000 ____A C:\Windows\System32\EFB.log
2012-06-15 17:45 - 2012-06-15 17:45 - 00000000 ____A C:\Windows\System32\DiskMgr.log
2012-06-15 17:45 - 2010-05-06 03:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-06-15 16:33 - 2010-05-14 13:24 - 00000000 ____D C:\Program Files\UnH Solutions
2012-06-15 16:25 - 2012-06-15 16:25 - 00000000 ____D C:\Users\All Users\Helios
2012-06-15 16:24 - 2012-06-15 16:24 - 00000000 ____D C:\Program Files\TextPad 6
2012-06-15 15:18 - 2012-06-15 15:18 - 00000042 ____A C:\Windows\System32\DuplicateFileCleaner.lie
2012-06-15 15:18 - 2012-03-29 13:29 - 00000000 ____D C:\Program Files\APC
2012-06-15 14:52 - 2012-06-15 14:52 - 00000000 ____D C:\Program Files\Desktop Restore
2012-06-15 14:36 - 2012-04-23 19:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Bandizip
2012-06-15 14:20 - 2012-06-15 14:19 - 00001024 ____A C:\Windows\System32\AutoPartNt.let
2012-06-15 14:19 - 2012-06-15 14:19 - 02593120 ____A (Acronis) C:\Windows\System32\AutoPartNt.exe
2012-06-15 14:19 - 2012-05-05 15:08 - 00000000 ____D C:\Program Files\Google
2012-06-15 13:58 - 2012-04-24 12:36 - 00000000 ____D C:\Program Files\AllToAVI
2012-06-15 13:58 - 2011-02-15 20:56 - 00000000 ____D C:\Program Files\FlashFXP 4
2012-06-15 12:33 - 2010-12-11 20:35 - 00000000 RASHD C:\cmdcons
2012-06-15 12:03 - 2012-06-15 12:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{B5E5408D-BF6D-4955-BBD9-F1FBE9CB984B}
2012-06-15 12:01 - 2012-05-17 19:19 - 00000000 ____D C:\Users\All Users\CrashPlan
2012-06-11 12:33 - 2012-06-11 12:33 - 00095080 ____A (DiskTrix Inc) C:\Windows\System32\UDBDef.exe
2012-06-08 16:11 - 2012-06-08 16:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{228E5462-84D8-4862-AB53-CD77F28C4493}
2012-06-08 16:11 - 2012-06-08 16:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{F7D6F4E0-7907-4AA7-8D08-8088DCE34457}
2012-06-07 19:14 - 2012-06-07 19:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{62CA1EA4-81D3-4E47-B745-9DB341349AA6}
2012-06-07 19:14 - 2012-06-07 19:13 - 00000000 ____D C:\Users\malaac\AppData\Local\{B0D94D69-BC9D-4E2E-8D8C-378DF0054186}
2012-06-07 19:00 - 2012-06-07 19:00 - 00000436 ____A C:\Users\malaac\.webaom
2012-06-07 18:12 - 2012-06-07 18:11 - 00000000 __SHD C:\Users\malaac\wc
2012-06-07 18:12 - 2012-06-07 18:11 - 00000000 __SHD C:\Users\malaac\AppData\Roaming\wyUpdate AU
2012-06-06 15:10 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ControlCenter4
2012-06-06 15:05 - 2012-06-06 15:05 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2012-06-06 15:04 - 2012-06-06 15:04 - 00000000 ____D C:\Users\malaac\AppData\Roaming\InstallShield
2012-06-06 14:45 - 2012-06-06 14:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{EBC160BA-B723-4450-9CAD-83DC9EAA6C28}
2012-06-06 14:44 - 2012-06-06 14:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{B8268A91-2F26-4F88-A91E-6FF21C62AC23}
2012-06-06 07:44 - 2012-06-06 07:44 - 00000000 ____D C:\Users\malaac\AppData\Local\LogMeIn
2012-06-05 22:00 - 2012-06-05 21:50 - 00000000 ____D C:\Users\malaac\AppData\Local\AnVir
2012-06-05 21:51 - 2012-06-05 21:51 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ChemTable Software
2012-06-05 21:50 - 2012-06-05 21:50 - 00000000 ____D C:\Users\malaac\AppData\Local\ChemTable Software
2012-06-05 20:12 - 2012-06-05 21:10 - 00001228 ____A C:\Users\malaac\Desktop\DomDomSoft Anime Downloader.lnk
2012-06-05 18:09 - 2012-06-05 18:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{E2DDF058-E040-44E8-AEEC-F4D800581B23}
2012-06-05 18:09 - 2012-06-05 18:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{A3D2ED97-0180-4A8D-AC4A-1ECEDD4B2782}
2012-06-04 18:02 - 2012-06-04 18:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{9038DC3B-2D6A-45C1-9029-9C2C5260FFD8}
2012-06-04 18:02 - 2012-06-04 18:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{60AF8AF8-9566-4D03-8596-5FC482D2F9F2}
2012-06-03 18:53 - 2012-06-03 18:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{EA4CEF9A-D636-4FF0-9F2D-E704EEC26906}
2012-06-03 18:53 - 2012-06-03 18:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{46CCD59B-CDED-45A7-9E5F-6F434260D3F5}
2012-06-03 06:10 - 2012-06-03 06:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{E63DFF13-3880-4F82-BB4E-11C40B7C93DB}
2012-06-03 06:10 - 2012-06-03 06:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{56C895ED-8ACF-45EA-B73A-1BA1E0974BEB}
2012-06-02 09:52 - 2012-06-02 09:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{9F6CEB12-E3E5-485B-B301-7847723A204D}
2012-06-02 09:52 - 2012-06-02 09:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{429FBC0E-C1F9-4058-9C69-6F4E3EF993F5}
2012-06-02 06:24 - 2012-04-23 23:21 - 00000000 ____D C:\Users\malaac\Logitech
2012-06-01 05:54 - 2012-06-01 05:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{37E9B342-77F5-4DE9-BB02-D3E2B0E3EFEA}
2012-06-01 05:54 - 2012-06-01 05:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{0E8BC82E-F216-4E12-887F-F57192EBDBC7}
2012-05-31 17:52 - 2012-05-31 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{A2A1F1B2-6322-48C1-81DF-B2EF7A8C8B80}
2012-05-31 17:52 - 2012-05-31 17:51 - 00000000 ____D C:\Users\malaac\AppData\Local\{A8DFD46B-A5C5-4571-8079-E5E44FE19AB6}
2012-05-30 23:54 - 2012-05-30 23:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{AB791FC7-F49A-44B8-8D50-CEF384254EFB}
2012-05-30 23:54 - 2012-05-30 23:54 - 00000000 ____D C:\Users\malaac\AppData\Local\{9FBD2A0D-CD9B-4D4E-9C37-EB26864DCAE8}
2012-05-30 07:40 - 2012-05-30 07:40 - 00000000 ____D C:\Users\malaac\AppData\Local\{5D922DDB-8524-4612-B20A-C53C4151FB15}
2012-05-30 07:40 - 2012-05-30 07:40 - 00000000 ____D C:\Users\malaac\AppData\Local\{38E69E31-3815-4054-B3EB-15B69AD3AA49}
2012-05-29 17:01 - 2012-05-29 17:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{9DF66D3E-2950-4B0F-8CAD-4321D6944F5D}
2012-05-29 17:00 - 2012-05-29 17:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{AB23A6FF-F35E-4E8A-AF1F-DCCB745B57D4}
2012-05-29 04:53 - 2012-05-29 04:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{32BBF458-B5DF-495C-B54E-5EDCF5E1490B}
2012-05-29 04:53 - 2012-05-29 04:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{0F1138E7-6F66-4CBE-BE1E-36F4911FF9CD}
2012-05-28 21:57 - 2012-05-28 21:53 - 00000000 ____D C:\Users\malaac\AppData\Local\???????????
2012-05-28 21:27 - 2012-05-28 19:07 - 00007680 ____A C:\Users\malaac\Untitled.fsl
2012-05-28 21:27 - 2012-05-27 18:46 - 00000036 ____A C:\Users\malaac\Untitled.fsf
2012-05-28 21:27 - 2012-05-27 18:46 - 00000032 ____A C:\Users\malaac\Untitled.fss
2012-05-28 08:24 - 2012-05-28 08:24 - 00000000 ____D C:\Users\malaac\AppData\Local\{41D39EF1-CE8B-4F47-AA84-3016475035CA}
2012-05-28 08:24 - 2012-05-28 08:23 - 00000000 ____D C:\Users\malaac\AppData\Local\{415C80E9-B987-437D-B01C-C932D6F42FA5}
2012-05-28 02:03 - 2010-05-14 12:39 - 00000000 ____D C:\Program Files\JDownloader
2012-05-27 18:46 - 2012-05-27 18:46 - 00000858 ____A C:\Users\malaac\Untitled.fsf~
2012-05-27 18:25 - 2012-05-27 18:25 - 00000000 ____D C:\Program Files\BestSync 2012
2012-05-27 18:25 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\RiseFly
2012-05-27 18:25 - 2011-03-25 23:30 - 00000000 ____D C:\Users\All Users\RiseFly
2012-05-27 18:06 - 2012-05-23 20:29 - 00000000 ____D C:\Program Files\Allway Sync
2012-05-27 17:46 - 2012-05-27 17:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{3EAE7071-8170-4B9D-963C-875FE5BA756C}
2012-05-27 17:45 - 2012-05-27 17:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{74C4DEAE-94C3-4FC7-8D97-CAC4FDC5DC97}
2012-05-27 17:05 - 2011-03-19 10:56 - 00000000 ____D C:\Program Files\CCleaner
2012-05-27 16:31 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\GoodSync
2012-05-27 16:27 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\GoodSync
2012-05-27 01:23 - 2012-05-27 01:22 - 00000000 ____D C:\Users\malaac\AppData\Local\{938BC177-2F20-4C34-BE56-8EDCA82386CD}
2012-05-27 01:22 - 2012-05-27 01:22 - 00000000 ____D C:\Users\malaac\AppData\Local\{CD1AF868-29ED-40C3-837A-4FCD799BF55A}
2012-05-26 22:26 - 2012-05-26 22:16 - 00000000 ____D C:\Users\All Users.WINDOWS\Application Data\RFA_Backups
2012-05-26 10:28 - 2012-05-26 10:28 - 00000000 ____D C:\Users\malaac\AppData\Local\{D0261E39-FF3E-49E5-8E22-758BBD157193}
2012-05-26 10:28 - 2012-05-26 10:28 - 00000000 ____D C:\Users\malaac\AppData\Local\{15DDA562-0427-4CF8-B219-EAE16488CF40}
2012-05-25 20:45 - 2012-05-25 20:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{28BE4936-6E98-4CCA-8AB2-C5532FA0F40E}
2012-05-25 20:45 - 2012-05-25 20:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{25693234-90C5-4BA9-9D1B-00B507FCB750}
2012-05-25 17:07 - 2012-05-23 18:59 - 00000000 ____D C:\Program Files\DeltaCopy
2012-05-25 16:55 - 2012-04-23 19:05 - 00001036 ____A C:\Windows\Cmicnfg3.ini.imi
2012-05-25 08:32 - 2012-05-25 08:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{7A553CC4-A4D1-4877-8EFC-61E78F8BBDD0}
2012-05-25 08:32 - 2012-05-25 08:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{089F7DC9-1FFA-4FB3-A14B-7D451ACBEAC9}
2012-05-24 19:44 - 2012-05-24 19:43 - 00000000 ____D C:\Users\malaac\AppData\Local\{11BAFB3C-1724-4334-B2F5-92ED59C8F461}
2012-05-24 19:43 - 2012-05-24 19:43 - 00000000 ____D C:\Users\malaac\AppData\Local\{C4E4A911-A2C1-40C5-89E5-E012B611CE64}
2012-05-24 04:46 - 2012-05-24 04:46 - 00000000 ____D C:\Users\malaac\AppData\Local\{A2284A3A-8FE2-4AF7-A47D-39039878B96B}
2012-05-24 04:46 - 2012-05-24 04:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{0C5354BF-5993-47CA-A1AA-34F13B387418}
2012-05-23 20:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Registration
2012-05-23 20:37 - 2012-04-23 18:55 - 00021796 ____A C:\Windows\System32\emptyregdb.dat
2012-05-23 20:30 - 2012-05-23 20:30 - 00000000 ____D C:\Users\All Users\Sync App Settings
2012-05-23 18:59 - 2012-05-23 18:59 - 00000000 ____D C:\Windows\Downloaded Installations
2012-05-23 12:34 - 2012-05-23 12:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{9CE74DE6-37C8-42BF-9E89-91C583378F8F}
2012-05-23 12:34 - 2012-05-23 12:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{449808EC-528C-4948-B24D-8E4ED3C228C9}
2012-05-22 18:34 - 2012-05-22 18:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{DA47292F-8821-432B-A61F-F87CD185340A}
2012-05-22 18:34 - 2012-05-22 18:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{6F7AA822-CA9D-47AD-81E6-8630220F5624}
2012-05-21 20:15 - 2012-05-21 20:15 - 00000000 ____D C:\Users\malaac\AppData\Local\{AAEDCAEA-2A99-4815-BFA1-A7E14D2E9497}
2012-05-21 20:15 - 2012-05-21 20:15 - 00000000 ____D C:\Users\malaac\AppData\Local\{82801194-ED32-44AE-8E7D-89B5F072B0AB}
2012-05-20 21:48 - 2012-05-20 21:48 - 00000000 ____D C:\Users\malaac\AppData\Local\{7D0012A4-58E8-4C82-8203-87E217AD6ABE}
2012-05-20 21:48 - 2012-05-20 21:47 - 00000000 ____D C:\Users\malaac\AppData\Local\{F4A874E9-44F6-4264-A400-A3B6B6B85A45}
2012-05-20 20:52 - 2012-04-23 23:08 - 00000000 ____D C:\Users\malaac\AppData\Local\ACD Systems
2012-05-20 09:29 - 2012-05-20 09:29 - 00000000 ____D C:\Users\malaac\AppData\Local\{687B3D4D-3209-4BC7-B308-7A3942AC6AA5}
2012-05-20 09:29 - 2012-05-20 09:29 - 00000000 ____D C:\Users\malaac\AppData\Local\{4F458B94-DB24-4E5F-988C-301144C44A83}
2012-05-19 19:58 - 2012-05-19 19:58 - 00000000 ____D C:\Users\malaac\AppData\Local\{A3C56E20-0847-492F-8A9C-78CEEDBEF6A9}
2012-05-19 19:58 - 2012-05-19 19:58 - 00000000 ____D C:\Users\malaac\AppData\Local\{7EF3220E-6A4C-45BA-9643-39BAC157E59D}
2012-05-19 06:50 - 2012-05-19 06:50 - 00000000 ____D C:\Users\malaac\AppData\Local\{F8A54AF1-4152-49EE-B0EE-7463005ABA4F}
2012-05-19 06:50 - 2012-05-19 06:50 - 00000000 ____D C:\Users\malaac\AppData\Local\{40E4C045-1A9D-4619-B21C-789A488AFBDC}
2012-05-19 00:31 - 2012-05-19 00:31 - 00000000 ____D C:\Users\malaac\AppData\Local\{D8071BD3-8702-40C3-BA04-5BDFFC021DE2}
2012-05-19 00:31 - 2012-05-19 00:31 - 00000000 ____D C:\Users\malaac\AppData\Local\{5883A609-8D98-4903-9A67-D5F6CB0D743E}
2012-05-18 06:44 - 2012-05-18 06:44 - 00000000 ____D C:\Users\malaac\AppData\Local\{893B8FD1-34C2-457B-8013-4633C397884B}
2012-05-18 06:44 - 2012-05-18 06:43 - 00000000 ____D C:\Users\malaac\AppData\Local\{27FACDF8-E4F5-4EDC-A7DB-983F88106FA7}
2012-05-17 22:08 - 2012-05-17 22:08 - 00102248 ____A C:\Users\malaac\GoToAssistDownloadHelper.exe
2012-05-17 19:19 - 2012-05-17 19:19 - 00000000 ____D C:\Users\malaac\AppData\Roaming\CrashPlan
2012-05-17 18:01 - 2012-05-17 18:01 - 00000000 ____D C:\Users\malaac\AppData\Local\{F00C9413-834D-48C9-989E-370822FC37FA}
2012-05-17 18:01 - 2012-05-17 18:00 - 00000000 ____D C:\Users\malaac\AppData\Local\{CB0C87A9-EC40-4579-9304-F8C0D94BFF2D}
2012-05-16 19:11 - 2012-05-16 19:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{E051035D-E55C-4619-9600-49797ECB73F9}
2012-05-16 19:11 - 2012-05-16 19:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{61AB3AEF-1100-482E-89B5-7F546556AD3E}
2012-05-16 06:03 - 2012-05-16 06:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{758BFAD6-75FD-467B-9768-1071601A76EC}
2012-05-16 06:02 - 2012-05-16 06:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{8DADA8F2-3B8D-4BCD-85C5-D657584C53B2}
2012-05-15 16:37 - 2012-05-15 16:37 - 00000000 ____D C:\Users\malaac\AppData\Local\{8711E3D4-8313-4321-BD0B-4FC27A374C2B}
2012-05-15 16:37 - 2012-05-15 16:36 - 00000000 ____D C:\Users\malaac\AppData\Local\{6FB94D53-6E05-423A-AC81-26BED238D25A}
2012-05-15 16:34 - 2010-05-14 13:50 - 00000000 ___AD C:\Program Files\Altap Salamander 2.5
2012-05-14 18:55 - 2012-04-26 23:32 - 00000125 ____A C:\Windows\FlashDecompiler.INI
2012-05-14 18:53 - 2012-04-24 12:20 - 00000600 ____A C:\Users\malaac\AppData\Roaming\winscp.rnd
2012-05-14 17:52 - 2012-05-14 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{D4A5A68A-0C43-4847-9F41-2A5F8671765E}
2012-05-14 17:52 - 2012-05-14 17:51 - 00000000 ____D C:\Users\malaac\AppData\Local\{E15E9BD2-2A51-41EC-9DDB-73BF7FF67482}
2012-05-13 19:29 - 2012-05-13 19:29 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Hard Disk Sentinel
2012-05-13 19:11 - 2012-05-13 19:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{D1086BA6-A169-4646-8F52-2BF0CFE8C367}
2012-05-13 19:10 - 2012-05-13 19:10 - 00000000 ____D C:\Users\malaac\AppData\Local\{F8713B3D-7ABA-49D2-A56F-155EED1CC797}
2012-05-13 19:02 - 2012-04-24 13:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-13 06:10 - 2012-04-23 22:58 - 00000000 ____D C:\Windows\Minidump
2012-05-13 06:10 - 2012-04-20 13:43 - 00189415 ____N C:\Windows\Minidump\051312-48375-01.dmp
2012-05-13 05:51 - 2012-05-13 05:51 - 00000000 ____D C:\Program Files\DomDomSoft Anime Downloader
2012-05-12 22:00 - 2010-05-08 08:39 - 00000000 ____D C:\Program Files\Beyond Compare 3
2012-05-12 22:00 - 2010-05-06 19:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-05-12 21:14 - 2012-05-12 21:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{F27F9CF1-F78A-405D-B1B1-AA0D649D0B8B}
2012-05-12 21:14 - 2012-05-12 21:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{AA106601-2B11-47E1-BAD3-E945BAE0F9E4}
2012-05-12 16:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-05-12 16:09 - 2012-05-12 16:09 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-05-12 16:09 - 2012-05-12 16:09 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-05-12 16:09 - 2012-05-12 16:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-05-12 16:09 - 2012-05-12 16:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-05-12 16:09 - 2012-05-12 16:09 - 00000000 ____D C:\Users\malaac\AppData\Roaming\E65D0C68-F4BA-433A-9AF3-940A998254A7
2012-05-12 16:09 - 2012-05-12 16:09 - 00000000 ____D C:\Users\malaac\AppData\Roaming\87A753C6-3BA4-4425-9E10-BAE7DCA26CB4
2012-05-12 16:09 - 2012-05-12 16:09 - 00000000 ____D C:\Users\malaac\AppData\Roaming\22561D9E-2512-42E1-B63D-712FF46CE897
2012-05-12 16:09 - 2012-04-23 19:31 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-05-12 16:09 - 2012-04-23 19:31 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-05-12 16:07 - 2012-05-12 15:55 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ImgBurn
2012-05-12 16:04 - 2011-04-07 17:22 - 00000000 ____D C:\Users\All Users\Acronis
2012-05-12 08:19 - 2012-05-12 08:19 - 00000000 ____D C:\Users\malaac\AppData\Local\{CCD9C5D5-B74B-4E8B-A3DD-608A2F5D8804}
2012-05-12 08:19 - 2012-05-12 08:18 - 00000000 ____D C:\Users\malaac\AppData\Local\{B5B077F1-C29C-4656-96E8-32E493F8A808}
2012-05-11 13:24 - 2012-04-25 13:42 - 00108824 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-05-11 09:50 - 2012-05-11 09:49 - 00000000 ____D C:\Users\malaac\AppData\Local\{37FBE01B-0290-4BDE-BBE9-B106D762C3D1}
2012-05-11 09:49 - 2012-05-11 09:49 - 00000000 ____D C:\Users\malaac\AppData\Local\{A664D25D-C305-48DB-835B-095D92313958}
2012-05-10 21:05 - 2012-05-10 21:05 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Server Edition 7.1
2012-05-10 16:52 - 2012-05-10 16:52 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
2012-05-10 14:14 - 2012-05-10 14:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{A853953B-D5D5-423A-8621-AEA8625E830C}
2012-05-10 14:14 - 2012-05-10 14:14 - 00000000 ____D C:\Users\malaac\AppData\Local\{3677F6FE-ED74-44D3-AA7A-B7B0C44330B9}
2012-05-10 07:35 - 2012-04-23 23:20 - 00000000 ____D C:\Users\malaac\.android
2012-05-10 07:34 - 2012-05-10 07:34 - 00000000 ____D C:\Program Files\Android
2012-05-10 00:32 - 2012-05-10 00:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{94EBFACF-FD6B-4949-B43C-C0668555F98F}
2012-05-10 00:32 - 2012-05-10 00:32 - 00000000 ____D C:\Users\malaac\AppData\Local\{13C130CF-8C47-4970-B51C-54EEB87BB770}
2012-05-09 21:35 - 2012-05-09 21:35 - 00000000 ____D C:\Users\malaac\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-05-09 21:34 - 2012-04-24 17:31 - 00000000 ____D C:\Users\malaac\AppData\Roaming\HTC
2012-05-09 21:34 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Htc
2012-05-09 09:43 - 2012-05-09 09:43 - 00000257 ____A C:\Users\malaac\doujins.efsp
2012-05-09 07:16 - 2012-05-09 07:16 - 00000000 ____D C:\Users\malaac\AppData\Local\{AF07F69E-3965-48A4-9449-E712DA3D55C3}
2012-05-09 07:16 - 2012-05-09 07:16 - 00000000 ____D C:\Users\malaac\AppData\Local\{6B4F5544-220D-4452-A9FC-DD79779E3BD0}
2012-05-08 18:09 - 2012-05-08 18:09 - 00000000 ____D C:\Users\malaac\AppData\Local\{DB3065E8-96CE-47E1-ADE7-6E7BB6EFCB17}
2012-05-08 18:09 - 2012-05-08 18:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{09489009-F63C-4C8B-9748-144DB26C71A3}
2012-05-08 04:53 - 2012-05-08 04:53 - 00000000 ____D C:\Users\malaac\AppData\Local\{9C6ECB0E-CB68-4364-88BE-EDED4F7CD956}
2012-05-08 04:53 - 2012-05-08 04:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{F9F3A479-8D6A-49AF-A8E5-E28447F456FB}
2012-05-07 20:44 - 2012-05-07 20:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2012-05-07 17:06 - 2011-01-20 09:09 - 00000000 ____D C:\Tmp
2012-05-07 16:32 - 2012-05-07 16:31 - 00000000 ____D C:\Users\malaac\AppData\Local\{4951EAE1-2CED-4964-B011-59ACA4F02D9F}
2012-05-07 16:31 - 2012-05-07 16:31 - 00000000 ____D C:\Users\malaac\AppData\Local\{CBBC11C4-9AB6-45AA-B7E2-0397DEDF8430}
2012-05-06 18:57 - 2012-05-06 18:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{FE97C6D5-0273-4851-B074-26A46B8C2689}
2012-05-06 18:57 - 2012-05-06 18:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{39770F22-28B5-4CB5-84DA-0D25ECD8D83A}
2012-05-05 22:05 - 2010-07-10 07:21 - 00000000 ____D C:\Program Files\Flash Renamer
2012-05-05 21:59 - 2012-04-23 23:11 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Adobe
2012-05-05 21:59 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Adobe
2012-05-05 15:26 - 2012-05-05 15:26 - 00000000 ____D C:\Users\malaac\AppData\Local\{7FC8891D-9013-4231-9D5C-A89D46DC4F44}
2012-05-05 15:26 - 2012-05-05 15:25 - 00000000 ____D C:\Users\malaac\AppData\Local\{A3927508-6377-4173-97A3-4E1E2DDD6E52}
2012-05-05 15:15 - 2012-05-05 15:15 - 00000970 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-05 15:11 - 2012-05-05 14:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-05 15:08 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Google
2012-05-05 15:03 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\WindSolutions
2012-05-05 14:47 - 2011-06-10 16:21 - 00000000 ____D C:\Users\All Users\WindSolutions
2012-05-05 14:39 - 2012-05-05 14:08 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Apple Computer
2012-05-05 14:31 - 2012-05-05 14:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Apple Computer
2012-05-05 14:31 - 2012-05-05 14:30 - 00000000 ____D C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-05 14:30 - 2012-05-05 14:30 - 00000000 ____D C:\Users\malaac\AppData\Local\Apple
2012-05-05 14:30 - 2012-05-05 14:30 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-05 14:30 - 2012-05-05 14:30 - 00000000 ____D C:\Program Files\Bonjour
2012-05-05 14:30 - 2012-05-05 14:30 - 00000000 ____D C:\Program Files\Apple Software Update
2012-05-05 13:59 - 2012-05-05 13:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-05 02:00 - 2012-04-24 05:36 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-05 02:00 - 2012-04-24 05:36 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-05 01:59 - 2012-05-05 01:58 - 00000000 ____D C:\Users\All Users\SSHSharedFolder
2012-05-04 23:11 - 2012-05-04 23:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{EEB2C522-401D-451A-8780-54A97E8D8223}
2012-05-04 23:11 - 2012-05-04 23:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{D29CCD94-94DA-4DE8-BA41-20DFB1C4ECA4}
2012-05-04 08:23 - 2012-05-04 08:22 - 00000000 ____D C:\Users\malaac\AppData\Local\{CBAEA16F-97D0-4166-A8EE-9E901812582D}
2012-05-04 08:22 - 2012-05-04 08:22 - 00000000 ____D C:\Users\malaac\AppData\Local\{3C1FB373-F89B-4995-AEB2-8B3B5DD03C26}
2012-05-03 20:35 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\vlc
2012-05-03 18:19 - 2012-05-03 18:19 - 00000000 ____D C:\Users\malaac\AppData\Local\{AA1C580E-487F-4087-A104-80D302B0601B}
2012-05-03 18:19 - 2012-05-03 18:19 - 00000000 ____D C:\Users\malaac\AppData\Local\{51F2B1FD-03A2-4C63-A022-7606F1C7EE43}
2012-05-02 22:08 - 2012-05-02 22:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{7996AAF4-AE84-4207-A6C5-317331112336}
2012-05-02 22:08 - 2012-05-02 22:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{4C03A30E-BBF3-49A1-ABFA-DED597990EF8}
2012-05-02 11:28 - 2012-05-02 11:28 - 00000000 ____D C:\Windows\System32\Runningman
2012-05-02 08:09 - 2012-05-02 08:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{D064E2CF-572F-4709-95FE-1DF410782893}
2012-05-02 08:08 - 2012-05-02 08:08 - 00000000 ____D C:\Users\malaac\AppData\Local\{97264889-8DDE-4B70-87BC-8C9D53DB914A}
2012-05-01 14:34 - 2012-05-01 14:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{CA203802-B664-4772-8C9E-C10CDEF78BD8}
2012-05-01 14:34 - 2012-05-01 14:34 - 00000000 ____D C:\Users\malaac\AppData\Local\{AD967191-9D7D-401C-A46D-3E679F7D651A}
2012-04-30 17:52 - 2012-04-30 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{EF63CBA9-75E8-4C5A-ADAD-A496B96F7BD3}
2012-04-30 17:52 - 2012-04-30 17:52 - 00000000 ____D C:\Users\malaac\AppData\Local\{AF413360-516C-4F37-B281-0B3CEF64D1D3}
2012-04-29 17:57 - 2012-04-29 17:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{D7743D2A-6D62-4F32-99CB-9CF06FA1FBE0}
2012-04-29 17:57 - 2012-04-29 17:57 - 00000000 ____D C:\Users\malaac\AppData\Local\{36B1C9D7-1191-43E7-B47D-2F21E4067EAF}
2012-04-29 05:13 - 2012-04-29 05:13 - 00000000 ____D C:\Users\malaac\AppData\Local\{0681ADC7-820A-4FC0-B7B8-A1C20392D001}
2012-04-29 05:13 - 2012-04-29 05:12 - 00000000 ____D C:\Users\malaac\AppData\Local\{24A2BB61-0CF9-4F5F-A317-D0F984784D9A}
2012-04-28 21:18 - 2012-04-28 21:18 - 00000000 ____D C:\Users\malaac\AppData\Roaming\WinRAR
2012-04-28 16:47 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FTPRush
2012-04-28 16:34 - 2012-04-28 16:33 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Acronis
2012-04-28 15:13 - 2012-04-28 15:13 - 00000000 ____D C:\Users\malaac\AppData\Local\{B79AB4DD-C5C4-4EE4-9A57-A0C44D489B8C}
2012-04-28 15:13 - 2012-04-28 15:13 - 00000000 ____D C:\Users\malaac\AppData\Local\{ABA942CA-26E2-4917-86A8-5283704E9612}
2012-04-28 05:20 - 2012-04-28 05:20 - 00290569 __RSH C:\JWDRN
2012-04-28 05:20 - 2011-05-22 02:47 - 00000020 __RSH C:\win7.ld
2012-04-27 23:11 - 2012-04-27 23:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{D3C894A8-04D4-490E-B6BF-94C6F64F54C3}
2012-04-27 23:11 - 2012-04-27 23:11 - 00000000 ____D C:\Users\malaac\AppData\Local\{8B50B8A8-72A6-4C5D-B44D-F197F84D5B3E}
2012-04-27 22:00 - 2012-04-27 21:57 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2012-04-27 21:59 - 2012-04-27 21:59 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-04-27 21:59 - 2012-04-27 21:57 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2012-04-27 21:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\LogiShrd
2012-04-27 21:55 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Logitech
2012-04-27 10:29 - 2012-04-27 10:06 - 00000000 ____D C:\Program Files\Flash Decompiler Gold
2012-04-27 10:21 - 2012-04-27 10:21 - 00000000 ____D C:\Users\malaac\AppData\Local\SourceTec
2012-04-27 09:50 - 2012-04-27 09:48 - 00000090 ____A C:\Users\malaac\mm.cfg
2012-04-27 09:48 - 2012-04-27 09:48 - 00000000 ____D C:\Users\malaac\AppData\Local\FlashDevelop.old
2012-04-27 09:48 - 2012-04-27 09:48 - 00000000 ____D C:\Users\malaac\AppData\Local\FlashDevelop
2012-04-27 09:01 - 2012-04-27 09:01 - 00001012 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-27 08:59 - 2012-04-27 08:59 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-27 08:59 - 2012-04-27 08:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-04-27 07:02 - 2012-04-27 07:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{294BFAEC-9549-4037-97EF-CEB3B6188A0C}
2012-04-27 07:02 - 2012-04-27 07:02 - 00000000 ____D C:\Users\malaac\AppData\Local\{11C4AFE9-7748-4D2C-B933-29103196A45A}
2012-04-27 01:39 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-27 01:37 - 2012-04-24 10:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-27 01:37 - 2010-05-10 20:47 - 00000000 ____D C:\Program Files\Adobe
2012-04-27 01:35 - 2011-03-14 18:30 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-27 01:14 - 2012-04-27 01:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Openworld Learning
2012-04-27 01:13 - 2012-04-27 01:13 - 00000000 ____D C:\Program Files\Openworld
2012-04-27 00:53 - 2012-04-26 23:46 - 00000000 ____D C:\Program Files\Common Files\SourceTec
2012-04-27 00:53 - 2010-05-14 13:19 - 00000000 ____D C:\Program Files\SourceTec
2012-04-27 00:41 - 2012-04-27 00:41 - 00010960 ____A C:\Windows\System32\jupdate-1.5.0_21-b01.log
2012-04-27 00:41 - 2012-04-27 00:41 - 00000000 ____D C:\Users\malaac\AppData\Local\Sun
2012-04-27 00:41 - 2012-04-23 19:50 - 00000000 ____D C:\Program Files\Common Files\Java
2012-04-27 00:41 - 2010-05-06 03:56 - 00000000 ____D C:\Program Files\Java
2012-04-26 23:32 - 2011-08-29 22:06 - 00000000 ____D C:\Program Files\ELTIMA Software
2012-04-26 18:20 - 2012-04-26 18:20 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Malwarebytes
2012-04-26 18:12 - 2012-04-26 18:12 - 00000000 ____D C:\Users\malaac\AppData\Local\{B6345EE5-9A8D-460F-B2E1-89C578FB8698}
2012-04-26 18:12 - 2012-04-26 18:12 - 00000000 ____D C:\Users\malaac\AppData\Local\{853263B3-5D46-4B0D-8E5C-06F0F3863B6C}
2012-04-26 18:12 - 2012-04-26 18:12 - 00000000 ____D C:\Users\malaac\AppData\Local\{13BB7B71-4DF8-4A84-8E33-1706B16E4EC3}
2012-04-26 10:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-04-26 09:40 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-04-26 09:36 - 2012-04-23 23:55 - 00000000 ____D C:\Windows\System32\appmgmt
2012-04-26 07:30 - 2012-04-26 07:30 - 00000000 ____D C:\Windows\Sun
2012-04-26 05:55 - 2012-04-26 05:55 - 00000000 ____D C:\Users\malaac\AppData\Local\{EC738BC5-7FF6-426C-A036-BD34F2141828}
2012-04-26 05:55 - 2012-04-26 05:55 - 00000000 ____D C:\Users\malaac\AppData\Local\{25E2C4C2-7E91-4307-95B2-4D0E49310F11}
2012-04-25 16:45 - 2012-04-25 16:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{57CFEB0E-6C1B-4D8C-8917-2B61971886EE}
2012-04-25 16:45 - 2012-04-25 16:45 - 00000000 ____D C:\Users\malaac\AppData\Local\{3C2F62F1-9F4F-4019-92B8-30B44277CEF1}
2012-04-25 16:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-04-25 13:34 - 2012-04-25 13:34 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-04-25 13:29 - 2012-04-25 07:24 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-04-25 13:24 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-04-25 13:22 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-25 13:16 - 2012-04-25 13:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-25 13:16 - 2012-04-25 13:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-25 12:56 - 2012-04-25 12:56 - 00000000 ____D C:\Users\malaac\AppData\Roaming\SYSTRAN
2012-04-25 12:56 - 2012-04-25 12:56 - 00000000 ____D C:\Users\malaac\AppData\Local\SYSTRAN
2012-04-25 12:56 - 2012-04-25 12:56 - 00000000 ____D C:\Users\malaac\AppData\Local\Deployment
2012-04-25 12:56 - 2012-04-25 12:56 - 00000000 ____D C:\Users\All Users\SYSTRAN
2012-04-25 12:56 - 2012-04-23 22:55 - 00000000 ____D C:\Users\malaac\AppData\Local\Apps\2.0
2012-04-25 12:54 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\RenPy
2012-04-25 12:52 - 2011-05-18 15:55 - 00000000 ____D C:\Program Files\RefreshPC
2012-04-25 12:46 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\MultiPar
2012-04-25 12:25 - 2012-04-23 23:55 - 13923704 ____A (Schneider Electric) C:\Users\malaac\PCPE Setup.exe
2012-04-25 12:25 - 2012-04-23 23:55 - 13338112 ____A C:\Users\malaac\PCPE_3.0.1.msi
2012-04-25 12:25 - 2012-04-23 23:55 - 01079808 ____A (Microsoft Corporation) C:\Users\malaac\mfc80u.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00626688 ____A (Microsoft Corporation) C:\Users\malaac\msvcr80.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021880 ____A (Schneider Electric) C:\Users\malaac\grm_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021880 ____A (Schneider Electric) C:\Users\malaac\fr_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021368 ____A (Schneider Electric) C:\Users\malaac\pt_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021368 ____A (Schneider Electric) C:\Users\malaac\it_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021368 ____A (Schneider Electric) C:\Users\malaac\es_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00021368 ____A (Schneider Electric) C:\Users\malaac\en_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00020856 ____A (Schneider Electric) C:\Users\malaac\ru_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00020344 ____A (Schneider Electric) C:\Users\malaac\jp_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00019832 ____A (Schneider Electric) C:\Users\malaac\zh_res.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00018808 ____A C:\Users\malaac\ResourceReader.dll
2012-04-25 12:25 - 2012-04-23 23:55 - 00000550 ____A C:\Users\malaac\Microsoft.VC80.MFC.manifest
2012-04-25 12:25 - 2012-04-23 23:55 - 00000522 ____A C:\Users\malaac\Microsoft.VC80.CRT.manifest
2012-04-25 12:25 - 2012-04-23 23:55 - 00000066 ____A C:\Users\malaac\dotnetfolder.txt
2012-04-25 12:22 - 2011-07-15 13:48 - 00000000 ____D C:\Users\All Users\EventGhost
2012-04-25 12:17 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Mozilla
2012-04-25 12:00 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Trillian
2012-04-25 12:00 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Subversion
2012-04-25 12:00 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Sprite Software
2012-04-25 12:00 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\NVIDIA
2012-04-25 12:00 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\HandBrake
2012-04-25 12:00 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\eMule
2012-04-25 12:00 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DivX
2012-04-25 12:00 - 2012-04-23 18:53 - 00000000 ____D C:\users\molitar
2012-04-25 11:59 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\VMware
2012-04-25 11:59 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\simias
2012-04-25 11:59 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\GEO Spider
2012-04-25 11:59 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\eMule
2012-04-25 11:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\VMware
2012-04-25 11:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Real
2012-04-25 11:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\NCH Swift Sound
2012-04-25 11:59 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2012-04-25 11:58 - 2011-12-24 11:05 - 00000000 ____D C:\Program Files\Steam
2012-04-25 11:58 - 2011-08-24 22:11 - 00000000 ____D C:\Program Files\Verizon
2012-04-25 11:58 - 2011-07-20 19:24 - 00000000 ____D C:\Users\All Users\Freemake
2012-04-25 11:58 - 2011-03-31 19:10 - 00000000 ____D C:\Program Files\WinBuilder
2012-04-25 11:58 - 2010-08-22 14:12 - 00000000 ____D C:\Program Files\VisualRoute
2012-04-25 11:58 - 2010-05-14 07:48 - 00000000 ____D C:\Program Files\Sub Station Alpha v4.08
2012-04-25 11:57 - 2012-04-05 17:45 - 00000000 ____D C:\OS_image
2012-04-25 11:57 - 2012-01-05 12:40 - 00000000 ____D C:\Program Files\Brother
2012-04-25 11:57 - 2011-03-21 18:08 - 00000000 ____D C:\Program Files\Avi2Dvd
2012-04-25 11:57 - 2011-02-26 18:14 - 00000000 ____D C:\DPs Base
2012-04-25 11:57 - 2011-02-19 20:02 - 00000000 ____D C:\Program Files\ImgBurn
2012-04-25 11:57 - 2010-09-28 19:47 - 00000000 ____D C:\Program Files\IsoBuster
2012-04-25 11:57 - 2010-09-24 07:05 - 00000000 ____D C:\Program Files\ColorHCFR
2012-04-25 11:57 - 2010-09-03 14:52 - 00000000 ____D C:\Program Files\Driver Checker
2012-04-25 11:57 - 2010-05-14 12:28 - 00000000 ____D C:\Program Files\eMule
2012-04-25 11:57 - 2010-05-07 12:27 - 00000000 ____D C:\Program Files\DAMN NFO Viewer
2012-04-25 11:45 - 2012-04-25 11:45 - 00000000 ____D C:\Users\malaac\AppData\Local\Remove_Empty_Directories
2012-04-25 11:45 - 2012-04-25 11:45 - 00000000 ____D C:\Program Files\Remove Empty Directories
2012-04-25 11:36 - 2012-04-25 11:35 - 00002665 ____A C:\Users\Public\Documents\Global.sw2
2012-04-25 11:35 - 2012-04-25 11:35 - 00000000 ___AH C:\Windows\SwSys2.bmp
2012-04-25 11:35 - 2012-04-25 11:35 - 00000000 ___AH C:\Windows\SwSys1.bmp
2012-04-25 11:35 - 2012-04-25 11:35 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2012-04-25 11:06 - 2011-05-25 20:00 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2012-04-25 09:47 - 2012-04-25 09:43 - 00000000 ____D C:\Program Files\Common Files\Enterbrain
2012-04-25 08:56 - 2012-04-21 20:26 - 00000000 ____D C:\Program Files\Eushully
2012-04-25 08:51 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Eushully
2012-04-25 07:37 - 2012-04-25 07:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-04-25 07:37 - 2010-11-20 16:46 - 00000000 ____D C:\Windows\ShellNew
2012-04-25 07:37 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\MSBuild
2012-04-25 07:29 - 2012-04-25 07:29 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2012-04-25 07:29 - 2012-04-25 07:24 - 00000000 ____D C:\Program Files\Microsoft Office
2012-04-25 07:26 - 2012-02-09 15:30 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2012-04-25 07:24 - 2012-04-25 07:24 - 00000000 __RHD C:\MSOCache
2012-04-25 07:17 - 2010-05-30 19:55 - 00000000 ____D C:\Program Files\Windows Installer Clean Up
2012-04-24 19:15 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Miranda
2012-04-24 17:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-04-24 17:55 - 2012-04-24 17:55 - 00000000 ____D C:\Windows\System32\Adobe
2012-04-24 17:53 - 2012-04-24 17:53 - 00001009 ____A C:\Users\molitar\Desktop\Flash Movie Player.lnk
2012-04-24 17:49 - 2012-04-24 17:49 - 00000000 ____D C:\Users\malaac\vw
2012-04-24 17:49 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FlashFXP
2012-04-24 17:48 - 2011-12-24 10:03 - 00000000 ____D C:\Program Files\PeerBlock
2012-04-24 17:47 - 2011-12-01 16:51 - 00000000 ____D C:\Program Files\Content Manager
2012-04-24 17:34 - 2012-04-24 17:30 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-04-24 17:30 - 2012-04-24 17:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-24 17:30 - 2012-04-24 17:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-24 17:30 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\VistaStyleBuilder
2012-04-24 16:39 - 2012-02-09 13:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-24 16:21 - 2012-04-24 16:21 - 00000000 ____D C:\Program Files\Common Files\ACD Systems
2012-04-24 16:17 - 2012-04-24 16:08 - 00000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2012-04-24 15:49 - 2011-05-07 02:11 - 00000000 ____D C:\Program Files\Wakfu
2012-04-24 15:34 - 2012-04-24 15:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-04-24 15:31 - 2012-04-24 15:31 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-04-24 15:31 - 2012-04-24 12:22 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2012-04-24 14:40 - 2010-08-07 10:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-04-24 13:16 - 2012-02-09 10:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-24 13:16 - 2010-05-14 13:34 - 00000000 ____D C:\Program Files\Futuremark
2012-04-24 13:05 - 2012-04-24 13:05 - 00000000 ____D C:\Program Files\Common Files\Futuremark Shared
2012-04-24 13:05 - 2012-04-23 19:06 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-04-24 13:05 - 2012-04-23 19:06 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-04-24 12:58 - 2012-04-23 19:06 - 00000000 ____D C:\Program Files\OpenAL
2012-04-24 12:56 - 2012-04-24 12:56 - 00000000 ____D C:\Program Files\Common Files\ADRIFT
2012-04-24 12:56 - 2012-01-02 18:24 - 00000000 ____D C:\Program Files\ADRIFT 5.0
2012-04-24 12:47 - 2011-07-20 22:22 - 00000000 ____D C:\Program Files\eRightSoft
2012-04-24 12:38 - 2012-04-24 12:37 - 00001057 ____A C:\Users\malaac\AppData\Roaming\vso_ts_preview.xml
2012-04-24 12:38 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DVD Flick
2012-04-24 12:38 - 2011-03-21 20:36 - 00000000 ____D C:\Program Files\DVD Flick
2012-04-24 12:36 - 2012-04-24 12:36 - 00000980 ____A C:\Users\molitar\Desktop\AllToAVI.lnk
2012-04-24 12:34 - 2010-05-06 20:13 - 00000000 ____D C:\Program Files\Combined Community Codec Pack
2012-04-24 12:33 - 2012-04-24 12:32 - 00000000 ____D C:\Windows\System32\directx
2012-04-24 12:28 - 2010-09-28 18:54 - 00000000 ____D C:\Program Files\DIY DataRecovery CHK-Mate
2012-04-24 12:22 - 2012-04-24 12:22 - 00428088 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-04-24 12:18 - 2012-04-23 23:30 - 00000000 ____D C:\Users\malaac\AppData\Local\Microsoft_Corporation
2012-04-24 12:13 - 2012-04-24 00:01 - 00793600 ____A C:\Windows\{F0B038F4-8DE1-11E1-ABDD-6C626D7151E6}
2012-04-24 12:04 - 2011-04-04 17:48 - 00000000 ____D C:\Program Files\Renesas Electronics
2012-04-24 11:40 - 2012-04-24 11:40 - 00000063 ____A C:\Users\malaac\AppData\Roaming\22.cmd
2012-04-24 11:40 - 2011-04-15 17:48 - 00000000 ____D C:\Program Files\nLite
2012-04-24 11:27 - 2012-04-24 11:27 - 00000017 ____A C:\Users\malaac\tooldate.bsk
2012-04-24 10:42 - 2012-04-24 10:41 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Device Doctor
2012-04-24 10:41 - 2011-06-02 06:21 - 00000000 ____D C:\Program Files\Device Doctor
2012-04-24 05:36 - 2012-04-24 05:36 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-24 05:32 - 2010-05-07 10:21 - 00000000 ____D C:\Program Files\Windows Live
2012-04-24 05:30 - 2012-04-24 05:30 - 00000000 ____D C:\Windows\PCHEALTH
2012-04-24 05:20 - 2012-04-24 05:20 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2012-04-24 01:16 - 2012-04-22 01:18 - 00008192 _RASH C:\BOOTSECT.BAK
2012-04-24 01:16 - 2011-05-21 16:54 - 00000295 _RASH C:\Boot.ini.saved
2012-04-24 01:16 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-24 01:16 - 2009-07-13 20:52 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-24 00:38 - 2012-04-24 00:14 - 00115369 ____A C:\Windows\System32\Drivers\klin.dat
2012-04-24 00:38 - 2012-04-24 00:14 - 00097961 ____A C:\Windows\System32\Drivers\klick.dat
2012-04-24 00:37 - 2009-07-13 20:46 - 00116385 ____A C:\Windows\System32\license.rtf
2012-04-24 00:34 - 2012-04-24 00:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-24 00:32 - 2010-11-20 16:46 - 00000000 ____D C:\Windows\CSC
2012-04-24 00:17 - 2012-04-24 00:17 - 00017408 ____A C:\Users\malaac\AppData\Local\WebpageIcons.db
2012-04-24 00:13 - 2012-04-24 00:13 - 00570160 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-04-24 00:13 - 2012-02-09 13:04 - 00000000 ____D C:\Program Files\Kaspersky Lab
2012-04-23 23:56 - 2012-04-23 23:56 - 00000000 ____D C:\Windows\System32\sda
2012-04-23 23:52 - 2010-05-28 04:13 - 00000000 ____D C:\Program Files\UPHClean
2012-04-23 23:47 - 2012-04-23 23:06 - 00834560 ____A C:\Windows\{E4724BC1-8DDA-11E1-9696-6C626D7151E6}
2012-04-23 23:47 - 2010-05-07 12:21 - 00000000 ____D C:\Program Files\efs
2012-04-23 23:34 - 2012-04-23 23:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Windows Live Writer
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\WBFSManager
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\VS Revo Group
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\SupportSoft
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Stardock
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Skyrim
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\PassMark
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\OutWit
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\Orekaria
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\O&O
2012-04-23 23:31 - 2012-04-23 23:31 - 00000000 ____D C:\Users\malaac\AppData\Local\NewSoft
2012-04-23 23:31 - 2012-04-23 23:30 - 00000000 ____D C:\Users\malaac\AppData\Local\Mozilla
2012-04-23 23:31 - 2012-04-23 19:00 - 00000000 ____D C:\Users\malaac\AppData\Local\VirtualStore
2012-04-23 23:30 - 2012-04-23 23:30 - 00000000 ____D C:\Users\malaac\AppData\Local\Microsoft Games
2012-04-23 23:30 - 2012-04-23 23:30 - 00000000 ____D C:\Users\malaac\AppData\Local\Microsoft Corporation
2012-04-23 23:21 - 2012-04-23 23:21 - 00000000 ____D C:\Users\malaac\Photoshop
2012-04-23 23:21 - 2012-04-23 23:21 - 00000000 ____D C:\Users\malaac\highlights
2012-04-23 23:21 - 2012-04-23 23:21 - 00000000 ____D C:\Users\malaac\Firefox
2012-04-23 23:21 - 2012-04-23 23:21 - 00000000 ____D C:\Users\malaac\dsc
2012-04-23 23:20 - 2012-04-23 23:20 - 00000000 ____D C:\Users\malaac\.TraceRoute
2012-04-23 23:17 - 2012-04-24 01:16 - 00000000 ____D C:\Windows\Panther
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\www.shadowexplorer.com
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Windows Live Writer
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\VMware
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Vistanita
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Uniblue
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\TortoiseSVN
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\TECH GIAN
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\TeamViewer
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Talkback
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Sun
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Software Defender
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\SmartFTP
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ShiningStar
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\RollingStar
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Reallusion
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Real
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\r2 Studios
2012-04-23 23:15 - 2012-04-23 23:15 - 00000000 ____D C:\Users\malaac\AppData\Roaming\OutWit
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\OfficeRecovery
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\NuonSoft
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Novosoft
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Nitroplus
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Nitro PDF
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\NetDrive
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\NCH Swift Sound
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\NCH Software
2012-04-23 23:14 - 2012-04-23 23:14 - 00000000 ____D C:\Users\malaac\AppData\Roaming\MySQL
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\MotioninJoy
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Macromedia
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Logishrd
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\LockHunter
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Leadertech
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Key Metric Software
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Jumping Bytes
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Ipswitch
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\InfinaDyne
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\IGN_DLM
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Icon Remover
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Helios
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\HD Tune Pro
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\GetRightToGo
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Fujitsu
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Foxit Software
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FontCreator
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FLVPlayer4Free
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FLEXnet
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FileZilla
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\FastStone
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\EnMasse
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ElementalsTheMagicKey
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DVDFab
2012-04-23 23:13 - 2012-04-23 23:13 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Downloaded Installations
2012-04-23 23:13 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DlinkViewCam
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ___RD C:\Users\malaac\AppData\Roaming\Brother
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DeviceDoctorSoftware
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Design-Lib.Com
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\DAEMON Tools Pro
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Conceiva
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\AnvSoft
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\aignes
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Aegisub
2012-04-23 23:12 - 2012-04-23 23:12 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Adobe Mini Bridge CS5
2012-04-23 23:11 - 2012-04-23 23:11 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Actual Tools
2012-04-23 23:11 - 2012-04-23 23:11 - 00000000 ____D C:\Users\malaac\AppData\Roaming\ACD Systems
2012-04-23 23:11 - 2012-04-23 23:01 - 00000000 ____D C:\Users\malaac\AppData\Roaming\EventGhost
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\matt.malensek.net
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\MangaReader
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Logitech
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\LogiShrd
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Locktime
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Livedrive
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\IsolatedStorage
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Innovative Solutions
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Incomedia
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\HandBrake
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\GUG
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Futuremark_Corporation
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Fujitsu
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\FontCreator
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\EnterpriseDT
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Endless Slideshow Screensaver
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\doubleTwist Corporation
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\DDMSettings
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\CORPUS_CORPORATION
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Cooliris
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Citrix
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Captcha_Brotherhood
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Ashisoft
2012-04-23 23:09 - 2012-04-23 23:09 - 00000000 ____D C:\Users\malaac\AppData\Local\Apps\OfficeRecovery
2012-04-23 23:08 - 2012-04-23 23:08 - 00000000 ____D C:\Users\malaac\AppData\Local\2BrightSparks
2012-04-23 22:56 - 2012-04-20 19:01 - 00000000 ____D C:\Users\All Users\RFA_Backups
2012-04-23 22:56 - 2012-02-10 09:04 - 00000000 ____D C:\Users\All Users\TERA
2012-04-23 22:56 - 2011-03-22 05:23 - 00000000 ____D C:\Users\All Users\vsosdk
2012-04-23 22:56 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\WinZip
2012-04-23 22:56 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\PSC
2012-04-23 22:56 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\PhotoME
2012-04-23 22:56 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\ONScripter-15cd1
2012-04-23 22:56 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\NOS
2012-04-23 22:55 - 2012-04-23 19:47 - 00846848 ____A C:\Windows\{001A2A49-8DBC-11E1-99F1-6C626D7151E6}
2012-04-23 21:00 - 2012-03-21 09:02 - 00000000 ____D C:\Users\All Users\WorldWindData
2012-04-23 21:00 - 2012-02-16 23:27 - 00000000 ____D C:\Users\All Users\SupportSoft
2012-04-23 21:00 - 2011-08-18 12:50 - 00000000 ____D C:\Users\All Users\Nuance
2012-04-23 21:00 - 2011-08-18 12:49 - 00000000 ____D C:\Users\All Users\zeon
2012-04-23 21:00 - 2011-07-05 18:48 - 00000000 ____D C:\Users\All Users\PassMark
2012-04-23 21:00 - 2011-03-19 15:03 - 00000000 ____D C:\Users\All Users\Softland
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Sun
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\RL Vision
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Registry First Aid
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\r2 Studios
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Paragon
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Office Genuine Advantage
2012-04-23 21:00 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Nitro PDF
2012-04-23 20:59 - 2012-01-20 20:55 - 00000000 ____D C:\Users\All Users\Locktime
2012-04-23 20:59 - 2011-11-09 14:25 - 00000000 ____D C:\Users\All Users\Key Metric Software
2012-04-23 20:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-04-23 20:59 - 2011-03-14 18:36 - 00000000 ____D C:\Users\All Users\LightScribe
2012-04-23 20:58 - 2012-04-05 18:01 - 00000000 ____D C:\Program Files\Windows Imaging
2012-04-23 20:58 - 2012-02-05 19:35 - 00000000 ____D C:\Users\All Users\Dyn
2012-04-23 20:58 - 2012-01-20 08:01 - 00000000 ____D C:\Program Files\Winspector
2012-04-23 20:58 - 2012-01-05 12:36 - 00000000 ____D C:\Users\All Users\Brother
2012-04-23 20:58 - 2011-08-29 20:50 - 00000000 ____D C:\Users\All Users\AutoUpdate
2012-04-23 20:58 - 2011-07-25 14:39 - 00000000 ____D C:\Program Files\Yukkuri Panic!
2012-04-23 20:58 - 2011-07-25 14:38 - 00000000 ____D C:\Program Files\Yukkuri Panic! ADV
2012-04-23 20:58 - 2011-07-20 14:36 - 00000000 ____D C:\Program Files\Wondershare
2012-04-23 20:58 - 2011-06-10 16:24 - 00000000 ____D C:\Users\All Users\Apple
2012-04-23 20:58 - 2011-05-30 09:10 - 00000000 ____D C:\Program Files\WinCatalog 2011
2012-04-23 20:58 - 2011-05-27 22:18 - 00000000 ____D C:\Program Files\X10 Hardware
2012-04-23 20:58 - 2011-05-08 14:53 - 00000000 ____D C:\Program Files\WIZnet
2012-04-23 20:58 - 2011-04-02 17:30 - 00000000 ____D C:\Users\All Users\DynDNS
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\InstallShield
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Innovative Solutions
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Geek Squad
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\FlashFXP
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Enterprise Distributed Technologies
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\DivX
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Conceiva
2012-04-23 20:58 - 2011-03-14 18:31 - 00000000 ____D C:\Users\All Users\Cerberus LLC
2012-04-23 20:58 - 2011-03-14 18:30 - 00000000 ____D C:\Users\All Users\ACD Systems
2012-04-23 20:58 - 2011-02-19 13:13 - 00000000 ____D C:\Program Files\Windows AIK
2012-04-23 20:58 - 2010-11-30 22:59 - 00000000 ____D C:\Program Files\Windows Resource Kits
2012-04-23 20:58 - 2010-11-20 13:04 - 00000000 ____D C:\Program Files\WinHTTrack
2012-04-23 20:58 - 2010-09-02 18:28 - 00000000 ____D C:\Program Files\????
2012-04-23 20:58 - 2010-06-12 21:30 - 00000000 ____D C:\Program Files\???????
2012-04-23 20:58 - 2010-05-14 14:04 - 00000000 ____D C:\Program Files\WinZip
2012-04-23 20:58 - 2010-05-14 13:29 - 00000000 ____D C:\Program Files\WinCatalog Standard
2012-04-23 20:58 - 2010-05-06 18:40 - 00000000 ____D C:\Program Files\WinRAR
2012-04-23 20:58 - 2006-11-02 04:35 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2012-04-23 20:58 - 2006-11-02 04:35 - 00000000 ____D C:\Program Files\Windows Collaboration
2012-04-23 20:58 - 2006-11-02 04:35 - 00000000 ____D C:\Program Files\Windows Calendar
2012-04-23 20:57 - 2011-02-05 11:20 - 00000000 ____D C:\Program Files\What's my computer doing
2012-04-23 20:57 - 2010-12-05 09:01 - 00000000 ____D C:\Program Files\Western Digital Corporation
2012-04-23 20:57 - 2010-05-14 13:46 - 00000000 ____D C:\Program Files\WimsPrg
2012-04-23 20:56 - 2012-04-20 19:00 - 00000000 ____D C:\Program Files\UltraISO
2012-04-23 20:56 - 2012-04-20 19:00 - 00000000 ____D C:\Program Files\Trillian5
2012-04-23 20:56 - 2012-04-05 18:10 - 00000000 ____D C:\Program Files\Visual BCD
2012-04-23 20:56 - 2012-02-16 23:27 - 00000000 ____D C:\Program Files\VERIZONDM
2012-04-23 20:56 - 2011-12-22 14:29 - 00000000 ____D C:\Program Files\USBlyzer
2012-04-23 20:56 - 2011-12-07 01:22 - 00000000 ____D C:\Program Files\VisiPics
2012-04-23 20:56 - 2011-03-21 23:10 - 00000000 ____D C:\Program Files\VSO
2012-04-23 20:56 - 2011-02-06 16:31 - 00000000 ____D C:\Program Files\WD Align System Utility 2.0 (Retail) - Powered By Paragon
2012-04-23 20:56 - 2010-10-08 13:48 - 00000000 ____D C:\Program Files\VideoLAN
2012-04-23 20:56 - 2010-07-20 22:25 - 00000000 ____D C:\Program Files\VideoCharge Software
2012-04-23 20:56 - 2010-05-14 13:15 - 00000000 ____D C:\Program Files\Vistanita
2012-04-23 20:56 - 2010-05-14 10:01 - 00000000 ____D C:\Program Files\Videora
2012-04-23 20:56 - 2010-05-06 21:09 - 00000000 ____D C:\Program Files\Unlocker
2012-04-23 20:56 - 2010-05-06 18:43 - 00000000 ____D C:\Program Files\uTorrent
2012-04-23 20:56 - 2008-05-15 15:31 - 00000000 ____D C:\Program Files\Wakan
2012-04-23 20:55 - 2012-01-16 21:16 - 00000000 ____D C:\Program Files\QPST
2012-04-23 20:55 - 2012-01-05 12:47 - 00000000 ____D C:\Program Files\Reallusion
2012-04-23 20:55 - 2012-01-02 18:29 - 00000000 ____D C:\Program Files\TADS
2012-04-23 20:55 - 2011-12-01 20:06 - 00000000 ____D C:\Program Files\SDA
2012-04-23 20:55 - 2011-11-04 15:43 - 00000000 ____D C:\Program Files\ShadowExplorer
2012-04-23 20:55 - 2011-07-20 22:03 - 00000000 ____D C:\Program Files\Riva
2012-04-23 20:55 - 2011-07-10 16:24 - 00000000 ____D C:\Program Files\Spirent Communications
2012-04-23 20:55 - 2011-04-17 11:12 - 00000000 ____D C:\Program Files\Softland
2012-04-23 20:55 - 2011-04-07 18:19 - 00000000 ____D C:\Program Files\RIFT Beta
2012-04-23 20:55 - 2011-04-05 04:16 - 00000000 ____D C:\Program Files\RemotelyAnywhere
2012-04-23 20:55 - 2011-03-12 21:49 - 00000000 ____D C:\Program Files\Real
2012-04-23 20:55 - 2011-02-27 08:39 - 00000000 ____D C:\Program Files\Setup Files
2012-04-23 20:55 - 2011-02-17 21:45 - 00000000 ____D C:\Program Files\ProposalKit
2012-04-23 20:55 - 2011-02-09 19:40 - 00000000 ____D C:\Program Files\Sun
2012-04-23 20:55 - 2011-01-07 12:33 - 00000000 ____D C:\Program Files\PowerDataRecovery
2012-04-23 20:55 - 2011-01-07 12:27 - 00000000 ____D C:\Program Files\Runtime Software
2012-04-23 20:55 - 2010-12-08 23:08 - 00000000 ____D C:\Program Files\Swiff Player
2012-04-23 20:55 - 2010-12-01 21:11 - 00000000 ____D C:\Program Files\TortoiseSVN
2012-04-23 20:55 - 2010-11-28 09:41 - 00000000 ____D C:\Program Files\TeamViewer
2012-04-23 20:55 - 2010-11-20 13:24 - 00000000 ____D C:\Program Files\Tensons
2012-04-23 20:55 - 2010-11-14 08:46 - 00000000 ____D C:\Program Files\Speccy
2012-04-23 20:55 - 2010-11-02 18:23 - 00000000 ____D C:\Program Files\RFA 8
2012-04-23 20:55 - 2010-10-09 06:57 - 00000000 ____D C:\Program Files\Stardock
2012-04-23 20:55 - 2010-10-08 13:22 - 00000000 ____D C:\Program Files\PS3 Media Server
2012-04-23 20:55 - 2010-09-17 05:32 - 00000000 ____D C:\Program Files\QuickSFV
2012-04-23 20:55 - 2010-08-22 14:22 - 00000000 ____D C:\Program Files\Revo Uninstaller Pro
2012-04-23 20:55 - 2010-08-09 21:46 - 00000000 ____D C:\Program Files\Supplement Time
2012-04-23 20:55 - 2010-07-29 20:15 - 00000000 ____D C:\Program Files\Seagate
2012-04-23 20:55 - 2010-07-28 00:40 - 00000000 ____D C:\Program Files\Resource Hacker
2012-04-23 20:55 - 2010-07-21 20:24 - 00000000 ____D C:\Program Files\Recuva
2012-04-23 20:55 - 2010-05-30 22:59 - 00000000 ____D C:\Program Files\PowerMenu
2012-04-23 20:55 - 2010-05-14 15:25 - 00000000 ____D C:\Program Files\Simpli Software
2012-04-23 20:55 - 2010-05-14 13:09 - 00000000 ____D C:\Program Files\Runningman
2012-04-23 20:55 - 2010-05-14 09:36 - 00000000 ____D C:\Program Files\TextPad 5
2012-04-23 20:55 - 2010-05-06 03:51 - 00000000 ____D C:\Program Files\Realtek
2012-04-23 20:55 - 2008-05-15 12:03 - 00000000 ____D C:\Program Files\SYSTRAN
2012-04-23 20:54 - 2012-04-23 00:38 - 00000000 ____D C:\Program Files\NuonSoft
2012-04-23 20:54 - 2012-03-24 20:48 - 00000000 ____D C:\Program Files\Portable
2012-04-23 20:54 - 2012-01-20 20:55 - 00000000 ____D C:\Program Files\NetLimiter 3
2012-04-23 20:54 - 2012-01-05 12:49 - 00000000 ____D C:\Program Files\NewSoft
2012-04-23 20:54 - 2011-11-04 08:16 - 00000000 ____D C:\Program Files\NOS
2012-04-23 20:54 - 2011-07-05 17:17 - 00000000 ____D C:\Program Files\Phyxion.net
2012-04-23 20:54 - 2011-02-17 19:37 - 00000000 ____D C:\Program Files\Partition Wizard Pro Ed 5.0
2012-04-23 20:54 - 2010-11-20 16:18 - 00000000 ____D C:\Program Files\PhotoME
2012-04-23 20:54 - 2010-09-28 19:50 - 00000000 ____D C:\Program Files\Opti Drive Control
2012-04-23 20:54 - 2010-06-13 19:30 - 00000000 ____D C:\Program Files\Nitro PDF
2012-04-23 20:52 - 2012-03-24 20:48 - 00000000 ____D C:\Program Files\NCH Software
2012-04-23 20:52 - 2012-02-09 16:31 - 00000000 ____D C:\Program Files\Microsoft Works
2012-04-23 20:52 - 2012-01-05 12:39 - 00000000 ____D C:\Program Files\MSXML 4.0
2012-04-23 20:52 - 2011-12-29 19:02 - 00000000 ____D C:\Program Files\MotioninJoy
2012-04-23 20:52 - 2011-12-15 17:36 - 00000000 ____D C:\Program Files\MSIHQ USB Bootable Tool and BIOS Helper
2012-04-23 20:52 - 2011-12-01 20:47 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 7.0
2012-04-23 20:52 - 2011-10-07 12:28 - 00000000 ____D C:\Program Files\MultiPar
2012-04-23 20:52 - 2011-05-22 22:01 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-23 20:52 - 2011-04-23 00:43 - 00000000 ____D C:\Program Files\Microsoft Virtual PC
2012-04-23 20:52 - 2011-03-28 18:11 - 00000000 ____D C:\Program Files\NCH Swift Sound
2012-04-23 20:52 - 2011-03-14 19:14 - 00000000 ____D C:\Program Files\MSXML 6.0
2012-04-23 20:52 - 2011-02-05 10:00 - 00000000 ____D C:\Program Files\MSConfig CleanUp
2012-04-23 20:52 - 2010-09-02 23:15 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2012-04-23 20:52 - 2010-09-02 23:14 - 00000000 ____D C:\Program Files\MSN
2012-04-23 20:52 - 2010-07-29 18:05 - 00000000 ____D C:\Program Files\Miranda IM
2012-04-23 20:52 - 2010-06-02 22:32 - 00000000 ____D C:\Program Files\MKV Demux All
2012-04-23 20:52 - 2010-05-30 19:54 - 00000000 ____D C:\Program Files\MSECACHE
2012-04-23 20:52 - 2010-05-28 03:47 - 00000000 ____D C:\Program Files\MSI
2012-04-23 20:52 - 2010-05-14 07:44 - 00000000 ____D C:\Program Files\MKVtoolnix
2012-04-23 20:52 - 2010-05-08 05:52 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2012-04-23 20:52 - 2010-05-08 05:51 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-04-23 20:51 - 2012-04-21 21:13 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2012-04-23 20:51 - 2011-10-06 15:14 - 00000000 ____D C:\Program Files\Microsoft DirectX SDK (August 2009)
2012-04-23 20:51 - 2011-09-23 19:14 - 00000000 ____D C:\Program Files\Magical Diary - Horse Hall
2012-04-23 20:51 - 2011-08-29 20:25 - 00000000 ____D C:\Program Files\Kwakkelflap
2012-04-23 20:51 - 2011-05-12 22:50 - 00000000 ____D C:\Program Files\LockHunter
2012-04-23 20:51 - 2011-03-06 12:57 - 00000000 ____D C:\Program Files\Manga Reader
2012-04-23 20:51 - 2011-02-26 12:14 - 00000000 ____D C:\Program Files\Lavalys
2012-04-23 20:51 - 2010-05-30 19:03 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2012-04-23 20:51 - 2010-05-14 13:06 - 00000000 ____D C:\Program Files\MediaInfo
2012-04-23 20:51 - 2010-05-14 07:56 - 00000000 ____D C:\Program Files\KC Softwares
2012-04-23 20:51 - 2010-05-08 11:32 - 00000000 ____D C:\Program Files\LopeSoft
2012-04-23 20:51 - 2010-05-07 14:28 - 00000000 ____D C:\Program Files\Logitech
2012-04-23 20:51 - 2008-05-15 14:45 - 00000000 ____D C:\Program Files\MeCab
2012-04-23 20:50 - 2012-02-08 13:42 - 00000000 ____D C:\Program Files\HyperSnap 7
2012-04-23 20:50 - 2011-09-26 21:22 - 00000000 ____D C:\Program Files\Infinite Game Works
2012-04-23 20:50 - 2011-07-15 18:09 - 00000000 ____D C:\Program Files\Icon Remover
2012-04-23 20:50 - 2011-07-10 16:23 - 00000000 ____D C:\Program Files\HTC
2012-04-23 20:50 - 2010-10-28 21:01 - 00000000 ____D C:\Program Files\HWiNFO32
2012-04-23 20:50 - 2010-09-28 20:34 - 00000000 ____D C:\Program Files\InfinaDyne
2012-04-23 20:50 - 2010-05-14 13:42 - 00000000 ____D C:\Program Files\Iarsn
2012-04-23 20:50 - 2010-05-14 09:31 - 00000000 ____D C:\Program Files\HyperSnap 6
2012-04-23 20:49 - 2012-02-23 23:02 - 00000000 ____D C:\Program Files\GrandCross
2012-04-23 20:49 - 2012-01-29 17:57 - 00000000 ____D C:\Program Files\Design-Lib Creations
2012-04-23 20:49 - 2012-01-17 23:58 - 00000000 ____D C:\Program Files\Digital Confidence
2012-04-23 20:49 - 2012-01-09 00:51 - 00000000 ____D C:\Program Files\DivX
2012-04-23 20:49 - 2011-11-09 14:25 - 00000000 ____D C:\Program Files\Duplicate File Detective 4
2012-04-23 20:49 - 2011-11-09 14:22 - 00000000 ____D C:\Program Files\Duplicate File Cleaner
2012-04-23 20:49 - 2011-10-05 07:15 - 00000000 ____D C:\Program Files\Febooti fileTweak Hash and CRC
2012-04-23 20:49 - 2011-09-30 12:12 - 00000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-23 20:49 - 2011-09-30 10:43 - 00000000 ____D C:\Program Files\Folder Options X
2012-04-23 20:49 - 2011-09-26 21:38 - 00000000 ____D C:\Program Files\Fading Hearts
2012-04-23 20:49 - 2011-07-20 19:24 - 00000000 ____D C:\Program Files\Freemake
2012-04-23 20:49 - 2011-07-11 21:31 - 00000000 ____D C:\Program Files\doubleTwist 2.0
2012-04-23 20:49 - 2011-04-18 16:16 - 00000000 ____D C:\Program Files\Debugging Tools for Windows (x86)
2012-04-23 20:49 - 2011-04-16 09:20 - 00000000 ____D C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2012-04-23 20:49 - 2011-04-04 23:02 - 00000000 ____D C:\Program Files\DIFX
2012-04-23 20:49 - 2011-04-02 17:30 - 00000000 ____D C:\Program Files\DynDNS Updater
2012-04-23 20:49 - 2010-12-25 18:15 - 00000000 ____D C:\Program Files\Enterbrain
2012-04-23 20:49 - 2010-12-16 19:34 - 00000000 ____D C:\Program Files\Download Manager
2012-04-23 20:49 - 2010-09-18 11:12 - 00000000 ____D C:\Program Files\FontCreator
2012-04-23 20:49 - 2010-08-13 20:33 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2012-04-23 20:49 - 2010-07-03 12:05 - 00000000 ____D C:\Program Files\FTPRush
2012-04-23 20:49 - 2010-06-13 19:48 - 00000000 ____D C:\Program Files\Foxit Software
2012-04-23 20:49 - 2010-05-14 13:33 - 00000000 ____D C:\Program Files\HD Tune Pro
2012-04-23 20:49 - 2010-05-14 13:02 - 00000000 ____D C:\Program Files\Flash Movie Player
2012-04-23 20:49 - 2010-05-14 08:18 - 00000000 ____D C:\Program Files\GSpot
2012-04-23 20:49 - 2010-05-14 08:08 - 00000000 ____D C:\Program Files\Encoding
2012-04-23 20:49 - 2010-05-06 18:48 - 00000000 ____D C:\Program Files\HoneyView3
2012-04-23 20:47 - 2012-01-05 12:41 - 00000000 ____D C:\Program Files\ControlCenter4
2012-04-23 20:47 - 2011-05-19 15:18 - 00000000 ____D C:\Program Files\Curse of Slate Rock Manor
2012-04-23 20:47 - 2011-02-26 21:33 - 00000000 ____D C:\Program Files\ContextMenuEditor
2012-04-23 20:47 - 2010-11-20 15:41 - 00000000 ____D C:\Program Files\Conceiva
2012-04-23 20:46 - 2010-09-24 07:28 - 00000000 ____D C:\Program Files\ColorVision
2012-04-23 20:45 - 2012-02-22 15:58 - 00000000 ____D C:\Program Files\Brotherhood Software
2012-04-23 20:45 - 2012-01-05 12:41 - 00000000 ____D C:\Program Files\Browny02
2012-04-23 20:45 - 2011-12-07 00:01 - 00000000 ____D C:\Program Files\Awesome Duplicate Photo Finder
2012-04-23 20:45 - 2011-05-11 16:54 - 00000000 ____D C:\Program Files\C-Media PCI Audio
2012-04-23 20:45 - 2011-04-18 16:16 - 00000000 ____D C:\Program Files\Application Verifier
2012-04-23 20:45 - 2010-12-25 18:39 - 00000000 ____D C:\Program Files\ASCII
2012-04-23 20:45 - 2010-09-28 19:55 - 00000000 ____D C:\Program Files\CDDVDDataRecovery
2012-04-23 20:45 - 2010-09-28 18:53 - 00000000 ____D C:\Program Files\Autoplay Repair
2012-04-23 20:45 - 2010-07-16 20:41 - 00000000 ____D C:\Program Files\College Romance
2012-04-23 20:45 - 2010-06-17 19:45 - 00000000 ____D C:\Program Files\AMP Font Viewer
2012-04-23 20:45 - 2010-05-14 13:32 - 00000000 ____D C:\Program Files\BurnInTest
2012-04-23 20:45 - 2010-05-14 12:25 - 00000000 ____D C:\Program Files\Atomic Clock Sync
2012-04-23 20:45 - 2010-05-14 12:14 - 00000000 ____D C:\Program Files\AnalogX
2012-04-23 20:45 - 2010-05-14 12:07 - 00000000 ____D C:\Program Files\AM-DeadLink
2012-04-23 20:45 - 2010-05-14 12:04 - 00000000 ____D C:\Program Files\Advanced Port Scanner
2012-04-23 20:45 - 2010-05-14 12:04 - 00000000 ____D C:\Program Files\Advanced LAN Scanner
2012-04-23 20:45 - 2010-05-14 12:03 - 00000000 ____D C:\Program Files\Adobe Media Player
2012-04-23 20:45 - 2010-05-14 08:16 - 00000000 ____D C:\Program Files\Aegisub
2012-04-23 20:45 - 2010-05-14 07:32 - 00000000 ____D C:\Program Files\AviSynth 2.5
2012-04-23 20:45 - 2008-07-04 16:47 - 00000000 ____D C:\Program Files\ATLAS V14
2012-04-23 20:43 - 2011-02-19 08:18 - 00000000 ____D C:\Program Files\Acronis
2012-04-23 20:43 - 2010-07-02 08:55 - 00000000 ____D C:\Program Files\3RVX
2012-04-23 20:43 - 2010-05-14 09:03 - 00000000 ____D C:\Program Files\ACD Systems
2012-04-23 19:53 - 2011-09-22 11:44 - 00000000 ____D C:\Program Files\Classic Shell
2012-04-23 19:52 - 2012-04-21 05:01 - 00000000 ____D C:\Users\All Users\DRM
2012-04-23 19:52 - 2012-01-05 12:41 - 00000000 ____D C:\Users\All Users\ControlCenter4
2012-04-23 19:50 - 2012-04-27 00:41 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-23 19:50 - 2012-04-27 00:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-23 19:50 - 2012-04-27 00:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-23 19:50 - 2012-04-23 19:50 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-23 19:32 - 2012-04-23 19:32 - 00000000 ____D C:\Users\malaac\AppData\Roaming\Scooter Software
2012-04-23 19:18 - 2012-04-23 19:18 - 00000000 ____D C:\Users\malaac\AppData\Local\AMD
2012-04-23 19:06 - 2012-04-23 19:06 - 00000179 ____A C:\Windows\Cmicnfg3.ini.cfl
2012-04-23 19:06 - 2012-04-23 19:06 - 00000000 ____D C:\Program Files\C-Media PCI Audio Device
2012-04-23 19:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system
2012-04-23 19:05 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\restore
2012-04-23 19:00 - 2012-04-23 19:00 - 00000020 ___SH C:\Users\malaac\ntuser.ini
2012-04-23 18:54 - 2012-04-23 18:54 - 00057560 ____A C:\Users\molitar\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-23 18:53 - 2012-04-23 18:53 - 00000020 __ASH C:\Users\molitar\ntuser.ini
2012-04-23 18:53 - 2012-04-23 18:53 - 00000000 __SHD C:\Recovery
2012-04-23 18:53 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-23 18:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\Recovery
2012-04-05 18:34 - 2012-04-05 18:34 - 00159232 ____A C:\Windows\System32\clinfo.exe
2012-04-05 18:34 - 2012-04-05 18:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
2012-04-05 18:32 - 2012-04-05 18:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2012-04-05 18:07 - 2012-04-05 17:45 - 00000000 ____D C:\winre
2012-04-04 11:56 - 2012-04-24 16:39 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 15:56 - 2011-04-17 23:46 - 00000000 ____D C:\GRMCULFRER_EN_DVD


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 12%
Total physical RAM: 4095.12 MB
Available physical RAM: 3590.28 MB
Total Pagefile: 4093.41 MB
Available Pagefile: 3588.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.29 MB

======================= Partitions =========================

2 Drive c: (WINNT) (Fixed) (Total:931.51 GB) (Free:377.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive d: (Storage2) (Fixed) (Total:1863.01 GB) (Free:494.02 GB) NTFS
4 Drive f: (Storage1) (Fixed) (Total:1397.26 GB) (Free:840.82 GB) NTFS
6 Drive h: (KINGSTON) (Removable) (Total:0.46 GB) (Free:0.46 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (Storage3) (Fixed) (Total:1863.01 GB) (Free:275.35 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online         1863 GB      0 B         
  Disk 1    Online         1863 GB  1024 KB         
  Disk 2    Online          931 GB      0 B         
  Disk 3    Online         1397 GB      0 B         
  Disk 4    Online          477 MB      0 B         
  Disk 5    No Media           0 B      0 B         
  Disk 6    No Media           0 B      0 B         
  Disk 7    No Media           0 B      0 B         
  Disk 8    No Media           0 B      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1863 GB  1024 KB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   Storage3     NTFS   Partition   1863 GB  Healthy            

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1863 GB  2048 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   Storage2     NTFS   Partition   1863 GB  Healthy            

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB    31 KB

======================================================================================================

Disk: 2
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C   WINNT        NTFS   Partition    931 GB  Healthy            

======================================================================================================

Partitions of Disk 3:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1397 GB  1024 KB

======================================================================================================

Disk: 3
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   Storage1     NTFS   Partition   1397 GB  Healthy            

======================================================================================================

Partitions of Disk 4:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            468 MB    16 KB

======================================================================================================

Disk: 4
Partition 1
Type  : 0E
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   KINGSTON     FAT    Removable    468 MB  Healthy            

======================================================================================================

==========================================================

Last Boot: 2012-06-19 22:44

======================= End Of Log ==========================

Edited by molitar, 22 June 2012 - 08:55 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 23 June 2012 - 07:41 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 23 June 2012 - 10:57 AM

Ok the tdskiller log. During the aswMBR scan I noticed it reports BabylonToolbar hidden but I have not installed that so for another test I did a scan on my mothers notebook and it reports same thing. That maybe the malware but I do not see that folder when I try to browse to it.

[coe]11:18:35.0593 5956 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
11:18:36.0004 5956 ============================================================
11:18:36.0004 5956 Current date / time: 2012/06/23 11:18:36.0004
11:18:36.0004 5956 SystemInfo:
11:18:36.0004 5956
11:18:36.0004 5956 OS Version: 6.1.7601 ServicePack: 1.0
11:18:36.0004 5956 Product type: Workstation
11:18:36.0004 5956 ComputerName: ALLEGIANCE
11:18:36.0005 5956 UserName: malaac
11:18:36.0005 5956 Windows directory: C:\Windows
11:18:36.0005 5956 System windows directory: C:\Windows
11:18:36.0005 5956 Processor architecture: Intel x86
11:18:36.0005 5956 Number of processors: 4
11:18:36.0005 5956 Page size: 0x1000
11:18:36.0005 5956 Boot type: Normal boot
11:18:36.0005 5956 ============================================================
11:18:37.0184 5956 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:18:37.0184 5956 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:18:37.0196 5956 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:18:37.0609 5956 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:18:37.0611 5956 ============================================================
11:18:37.0611 5956 \Device\Harddisk0\DR0:
11:18:37.0612 5956 MBR partitions:
11:18:37.0612 5956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:18:37.0612 5956 \Device\Harddisk1\DR1:
11:18:37.0612 5956 MBR partitions:
11:18:37.0612 5956 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0xE8E0A382
11:18:37.0612 5956 \Device\Harddisk2\DR2:
11:18:37.0612 5956 MBR partitions:
11:18:37.0612 5956 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
11:18:37.0612 5956 \Device\Harddisk3\DR3:
11:18:37.0612 5956 MBR partitions:
11:18:37.0612 5956 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0AB82
11:18:37.0612 5956 ============================================================
11:18:37.0633 5956 C: <-> \Device\Harddisk0\DR0\Partition0
11:18:37.0677 5956 E: <-> \Device\Harddisk1\DR1\Partition0
11:18:37.0718 5956 F: <-> \Device\Harddisk3\DR3\Partition0
11:18:37.0739 5956 D: <-> \Device\Harddisk2\DR2\Partition0
11:18:37.0739 5956 ============================================================
11:18:37.0739 5956 Initialize success
11:18:37.0739 5956 ============================================================
11:18:43.0544 4568 ============================================================
11:18:43.0544 4568 Scan started
11:18:43.0544 4568 Mode: Manual;
11:18:43.0544 4568 ============================================================
11:18:47.0916 4568 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:18:47.0935 4568 1394ohci - ok
11:18:47.0978 4568 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:18:48.0004 4568 ACPI - ok
11:18:48.0064 4568 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:18:48.0065 4568 AcpiPmi - ok
11:18:48.0181 4568 AcrSch2Svc - ok
11:18:48.0241 4568 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:18:48.0317 4568 Suspicious file (Forged): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: 76d5a3d2a50402a0b9b6ed13c4371e79, Fake md5: 990dc6edc9f933194d7cd4e65146bc94
11:18:48.0317 4568 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - warning
11:18:48.0317 4568 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic (1)
11:18:48.0359 4568 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
11:18:48.0369 4568 adp94xx - ok
11:18:48.0396 4568 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
11:18:48.0419 4568 adpahci - ok
11:18:48.0449 4568 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
11:18:48.0451 4568 adpu320 - ok
11:18:48.0478 4568 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:18:48.0480 4568 AeLookupSvc - ok
11:18:48.0530 4568 afcdp (158ed54ce49cf828c1e46a811fff8804) C:\Windows\system32\DRIVERS\afcdp.sys
11:18:48.0672 4568 afcdp - ok
11:18:48.0873 4568 afcdpsrv (5555e5ce43de53fe4c2f19a1163c49a0) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:18:49.0116 4568 Suspicious file (Forged): C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe. Real md5: 5555e5ce43de53fe4c2f19a1163c49a0, Fake md5: ed8b4cf3357de01f8060d206254648c9
11:18:49.0123 4568 afcdpsrv ( ForgedFile.Multi.Generic ) - warning
11:18:49.0123 4568 afcdpsrv - detected ForgedFile.Multi.Generic (1)
11:18:49.0309 4568 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:18:49.0330 4568 AFD - ok
11:18:49.0357 4568 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:18:49.0377 4568 agp440 - ok
11:18:49.0425 4568 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
11:18:49.0441 4568 aic78xx - ok
11:18:49.0508 4568 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:18:49.0509 4568 ALG - ok
11:18:49.0547 4568 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:18:49.0549 4568 aliide - ok
11:18:49.0613 4568 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe
11:18:49.0632 4568 AMD External Events Utility - ok
11:18:49.0762 4568 AMD FUEL Service - ok
11:18:49.0768 4568 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:18:49.0770 4568 amdagp - ok
11:18:49.0781 4568 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:18:49.0782 4568 amdide - ok
11:18:49.0811 4568 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
11:18:49.0853 4568 amdiox86 - ok
11:18:49.0893 4568 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
11:18:49.0916 4568 AmdK8 - ok
11:18:50.0325 4568 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys
11:18:50.0465 4568 amdkmdag - ok
11:18:50.0562 4568 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys
11:18:50.0582 4568 amdkmdap - ok
11:18:50.0604 4568 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:18:50.0606 4568 AmdPPM - ok
11:18:50.0646 4568 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:18:50.0649 4568 amdsata - ok
11:18:50.0679 4568 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
11:18:50.0702 4568 amdsbs - ok
11:18:50.0729 4568 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:18:50.0747 4568 amdxata - ok
11:18:50.0770 4568 amd_sata (e91675d350f5fcd98005f5b2c97f6b61) C:\Windows\system32\DRIVERS\amd_sata.sys
11:18:50.0771 4568 amd_sata - ok
11:18:50.0779 4568 amd_xata (5b43a272f8233a743533992248ecbc73) C:\Windows\system32\DRIVERS\amd_xata.sys
11:18:50.0800 4568 amd_xata - ok
11:18:50.0900 4568 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
11:18:50.0956 4568 AODDriver4.01 - ok
11:18:50.0994 4568 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:18:50.0996 4568 AppID - ok
11:18:51.0047 4568 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:18:51.0059 4568 AppIDSvc - ok
11:18:51.0089 4568 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:18:51.0091 4568 Appinfo - ok
11:18:51.0188 4568 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:18:51.0220 4568 Apple Mobile Device - ok
11:18:51.0249 4568 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:18:51.0251 4568 AppMgmt - ok
11:18:51.0290 4568 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
11:18:51.0292 4568 arc - ok
11:18:51.0307 4568 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
11:18:51.0309 4568 arcsas - ok
11:18:51.0383 4568 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:18:51.0433 4568 aspnet_state - ok
11:18:51.0459 4568 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:18:51.0460 4568 AsyncMac - ok
11:18:51.0542 4568 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:18:51.0543 4568 atapi - ok
11:18:51.0610 4568 AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys
11:18:51.0628 4568 AtiHDAudioService - ok
11:18:51.0684 4568 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:18:51.0692 4568 AudioEndpointBuilder - ok
11:18:51.0696 4568 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:18:51.0698 4568 Audiosrv - ok
11:18:51.0781 4568 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
11:18:51.0783 4568 AVP - ok
11:18:51.0821 4568 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:18:51.0823 4568 AxInstSV - ok
11:18:51.0871 4568 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
11:18:51.0915 4568 b06bdrv - ok
11:18:51.0959 4568 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:18:51.0980 4568 b57nd60x - ok
11:18:52.0060 4568 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:18:52.0079 4568 BDESVC - ok
11:18:52.0115 4568 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:18:52.0116 4568 Beep - ok
11:18:52.0324 4568 BestSyncSvc (512077c29d696d33d1161e0af8c0f857) C:\Program Files\BestSync 2012\BestSyncSvc.exe
11:18:52.0539 4568 BestSyncSvc - ok
11:18:52.0654 4568 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:18:52.0671 4568 BFE - ok
11:18:52.0729 4568 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:18:52.0745 4568 BITS - ok
11:18:52.0783 4568 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:18:52.0785 4568 blbdrive - ok
11:18:52.0861 4568 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:18:52.0880 4568 Bonjour Service - ok
11:18:52.0925 4568 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:18:52.0927 4568 bowser - ok
11:18:52.0939 4568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
11:18:52.0941 4568 BrFiltLo - ok
11:18:52.0953 4568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
11:18:52.0954 4568 BrFiltUp - ok
11:18:52.0973 4568 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:18:52.0975 4568 Browser - ok
11:18:52.0992 4568 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:18:53.0017 4568 Brserid - ok
11:18:53.0040 4568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:18:53.0042 4568 BrSerWdm - ok
11:18:53.0056 4568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:18:53.0057 4568 BrUsbMdm - ok
11:18:53.0060 4568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:18:53.0061 4568 BrUsbSer - ok
11:18:53.0077 4568 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
11:18:53.0078 4568 BTHMODEM - ok
11:18:53.0107 4568 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:18:53.0121 4568 bthserv - ok
11:18:53.0163 4568 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:18:53.0164 4568 cdfs - ok
11:18:53.0268 4568 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:18:53.0270 4568 cdrom - ok
11:18:53.0329 4568 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:18:53.0331 4568 CertPropSvc - ok
11:18:53.0356 4568 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
11:18:53.0372 4568 circlass - ok
11:18:53.0405 4568 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:18:53.0438 4568 CLFS - ok
11:18:53.0519 4568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:53.0597 4568 clr_optimization_v2.0.50727_32 - ok
11:18:53.0703 4568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:18:53.0788 4568 clr_optimization_v4.0.30319_32 - ok
11:18:53.0806 4568 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
11:18:53.0807 4568 CmBatt - ok
11:18:53.0810 4568 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:18:53.0811 4568 cmdide - ok
11:18:53.0916 4568 cmuda3 (2cdb584346895fc301dc2932326b6aa7) C:\Windows\system32\drivers\cmudax3.sys
11:18:53.0998 4568 cmuda3 - ok
11:18:54.0108 4568 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:18:54.0127 4568 CNG - ok
11:18:54.0151 4568 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:18:54.0152 4568 Compbatt - ok
11:18:54.0212 4568 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:18:54.0213 4568 CompositeBus - ok
11:18:54.0225 4568 COMSysApp - ok
11:18:54.0247 4568 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
11:18:54.0248 4568 crcdisk - ok
11:18:54.0292 4568 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:18:54.0295 4568 CryptSvc - ok
11:18:54.0333 4568 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:18:54.0350 4568 CSC - ok
11:18:54.0393 4568 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:18:54.0409 4568 CscService - ok
11:18:54.0449 4568 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:18:54.0454 4568 DcomLaunch - ok
11:18:54.0488 4568 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:18:54.0507 4568 defragsvc - ok
11:18:54.0534 4568 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:18:54.0536 4568 DfsC - ok
11:18:54.0578 4568 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:18:54.0596 4568 Dhcp - ok
11:18:54.0626 4568 DIRECTIO - ok
11:18:54.0646 4568 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:18:54.0657 4568 discache - ok
11:18:54.0710 4568 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
11:18:54.0711 4568 Disk - ok
11:18:54.0741 4568 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
11:18:54.0743 4568 dmvsc - ok
11:18:54.0775 4568 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:18:54.0778 4568 Dnscache - ok
11:18:54.0861 4568 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:18:54.0874 4568 dot3svc - ok
11:18:54.0896 4568 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:18:54.0898 4568 DPS - ok
11:18:54.0924 4568 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:18:54.0952 4568 drmkaud - ok
11:18:54.0999 4568 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:18:55.0002 4568 dtsoftbus01 - ok
11:18:55.0043 4568 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:18:55.0061 4568 DXGKrnl - ok
11:18:55.0075 4568 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:18:55.0087 4568 EapHost - ok
11:18:55.0240 4568 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
11:18:55.0281 4568 ebdrv - ok
11:18:55.0355 4568 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:18:55.0357 4568 EFS - ok
11:18:55.0476 4568 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:18:55.0519 4568 ehRecvr - ok
11:18:55.0544 4568 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:18:55.0546 4568 ehSched - ok
11:18:55.0601 4568 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
11:18:55.0613 4568 elxstor - ok
11:18:55.0618 4568 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:18:55.0619 4568 ErrDev - ok
11:18:55.0670 4568 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:18:55.0673 4568 EventSystem - ok
11:18:55.0687 4568 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:18:55.0689 4568 exfat - ok
11:18:55.0765 4568 FARMNTIO (5d4bf387faed15e832d5b575478a500c) c:\windows\system32\drivers\farmntio.sys
11:18:55.0782 4568 FARMNTIO - ok
11:18:55.0802 4568 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:18:55.0805 4568 fastfat - ok
11:18:55.0875 4568 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:18:55.0891 4568 Fax - ok
11:18:55.0904 4568 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:18:55.0906 4568 fdc - ok
11:18:55.0915 4568 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:18:55.0917 4568 fdPHost - ok
11:18:55.0930 4568 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:18:55.0932 4568 FDResPub - ok
11:18:55.0944 4568 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:18:55.0945 4568 FileInfo - ok
11:18:55.0948 4568 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:18:55.0963 4568 Filetrace - ok
11:18:55.0983 4568 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:18:55.0984 4568 flpydisk - ok
11:18:56.0039 4568 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:18:56.0042 4568 FltMgr - ok
11:18:56.0105 4568 fltsrv (17119d86fb4a43a99bf5242dd3038394) C:\Windows\system32\DRIVERS\fltsrv.sys
11:18:56.0193 4568 Suspicious file (Forged): C:\Windows\system32\DRIVERS\fltsrv.sys. Real md5: 17119d86fb4a43a99bf5242dd3038394, Fake md5: d85453baf5de7e55cb13441452a4e2d3
11:18:56.0193 4568 fltsrv ( ForgedFile.Multi.Generic ) - warning
11:18:56.0193 4568 fltsrv - detected ForgedFile.Multi.Generic (1)
11:18:56.0265 4568 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
11:18:56.0307 4568 FontCache - ok
11:18:56.0384 4568 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:18:56.0400 4568 FontCache3.0.0.0 - ok
11:18:56.0419 4568 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:18:56.0421 4568 FsDepends - ok
11:18:56.0441 4568 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:18:56.0470 4568 Fs_Rec - ok
11:18:56.0534 4568 Futuremark SystemInfo Service (d02e0cbe4ab5fceefed21ed52d54a977) C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
11:18:56.0566 4568 Futuremark SystemInfo Service - ok
11:18:56.0616 4568 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:18:56.0619 4568 fvevol - ok
11:18:56.0639 4568 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
11:18:56.0641 4568 gagp30kx - ok
11:18:56.0693 4568 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:18:56.0740 4568 gpsvc - ok
11:18:56.0793 4568 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:56.0806 4568 gupdate - ok
11:18:56.0808 4568 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:56.0809 4568 gupdatem - ok
11:18:56.0830 4568 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:18:56.0832 4568 hcw85cir - ok
11:18:56.0872 4568 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:18:56.0876 4568 HdAudAddService - ok
11:18:56.0917 4568 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:18:56.0919 4568 HDAudBus - ok
11:18:56.0930 4568 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:18:56.0931 4568 HidBatt - ok
11:18:56.0943 4568 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
11:18:56.0945 4568 HidBth - ok
11:18:56.0978 4568 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
11:18:56.0992 4568 HidIr - ok
11:18:57.0026 4568 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:18:57.0028 4568 hidserv - ok
11:18:57.0106 4568 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:18:57.0107 4568 HidUsb - ok
11:18:57.0133 4568 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:18:57.0154 4568 hkmsvc - ok
11:18:57.0181 4568 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:18:57.0195 4568 HomeGroupListener - ok
11:18:57.0221 4568 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:18:57.0224 4568 HomeGroupProvider - ok
11:18:57.0261 4568 hotcore3 (93dbe69bb4160c7d57dd1e739166e7f4) C:\Windows\system32\DRIVERS\hotcore3.sys
11:18:57.0316 4568 hotcore3 - ok
11:18:57.0330 4568 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:18:57.0332 4568 HpSAMD - ok
11:18:57.0377 4568 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:18:57.0394 4568 HTCAND32 - ok
11:18:57.0445 4568 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
11:18:57.0517 4568 htcnprot - ok
11:18:57.0560 4568 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:18:57.0577 4568 HTTP - ok
11:18:57.0656 4568 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS
11:18:57.0687 4568 HWiNFO32 - ok
11:18:57.0718 4568 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:18:57.0739 4568 hwpolicy - ok
11:18:57.0775 4568 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:18:57.0776 4568 i8042prt - ok
11:18:57.0818 4568 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:18:57.0891 4568 iaStorV - ok
11:18:57.0989 4568 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:18:58.0024 4568 idsvc - ok
11:18:58.0072 4568 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
11:18:58.0074 4568 iirsp - ok
11:18:58.0146 4568 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:18:58.0191 4568 IKEEXT - ok
11:18:58.0196 4568 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:18:58.0197 4568 intelide - ok
11:18:58.0226 4568 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
11:18:58.0228 4568 intelppm - ok
11:18:58.0242 4568 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:18:58.0244 4568 IPBusEnum - ok
11:18:58.0254 4568 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:18:58.0255 4568 IpFilterDriver - ok
11:18:58.0321 4568 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:18:58.0376 4568 iphlpsvc - ok
11:18:58.0404 4568 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:18:58.0406 4568 IPMIDRV - ok
11:18:58.0423 4568 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:18:58.0426 4568 IPNAT - ok
11:18:58.0429 4568 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:18:58.0430 4568 IRENUM - ok
11:18:58.0439 4568 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:18:58.0440 4568 isapnp - ok
11:18:58.0478 4568 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:18:58.0528 4568 iScsiPrt - ok
11:18:58.0558 4568 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:18:58.0559 4568 kbdclass - ok
11:18:58.0581 4568 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:18:58.0583 4568 kbdhid - ok
11:18:58.0613 4568 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:18:58.0615 4568 KeyIso - ok
11:18:58.0658 4568 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
11:18:58.0675 4568 KL1 - ok
11:18:58.0696 4568 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
11:18:58.0697 4568 kl2 - ok
11:18:58.0785 4568 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
11:18:58.0850 4568 KLIF - ok
11:18:58.0885 4568 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
11:18:58.0898 4568 KLIM6 - ok
11:18:58.0947 4568 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
11:18:58.0949 4568 klmouflt - ok
11:18:58.0959 4568 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:18:58.0974 4568 KSecDD - ok
11:18:58.0994 4568 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:18:58.0997 4568 KSecPkg - ok
11:18:59.0037 4568 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:18:59.0061 4568 KtmRm - ok
11:18:59.0093 4568 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:18:59.0097 4568 LanmanServer - ok
11:18:59.0124 4568 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:18:59.0128 4568 LanmanWorkstation - ok
11:18:59.0226 4568 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:18:59.0245 4568 LBTServ - ok
11:18:59.0276 4568 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
11:18:59.0294 4568 LGBusEnum - ok
11:18:59.0317 4568 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
11:18:59.0337 4568 LGVirHid - ok
11:18:59.0384 4568 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:18:59.0386 4568 LHidFilt - ok
11:18:59.0481 4568 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:18:59.0519 4568 lltdio - ok
11:18:59.0607 4568 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:18:59.0654 4568 lltdsvc - ok
11:18:59.0664 4568 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:18:59.0666 4568 lmhosts - ok
11:18:59.0678 4568 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:18:59.0680 4568 LMouFilt - ok
11:18:59.0716 4568 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
11:18:59.0740 4568 LSI_FC - ok
11:18:59.0762 4568 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
11:18:59.0764 4568 LSI_SAS - ok
11:18:59.0811 4568 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
11:18:59.0812 4568 LSI_SAS2 - ok
11:18:59.0823 4568 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
11:18:59.0825 4568 LSI_SCSI - ok
11:18:59.0831 4568 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:18:59.0833 4568 luafv - ok
11:18:59.0875 4568 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
11:18:59.0877 4568 MBAMProtector - ok
11:18:59.0945 4568 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:18:59.0990 4568 MBAMService - ok
11:19:00.0081 4568 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:19:00.0106 4568 Mcx2Svc - ok
11:19:00.0130 4568 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
11:19:00.0132 4568 megasas - ok
11:19:00.0154 4568 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
11:19:00.0157 4568 MegaSR - ok
11:19:00.0215 4568 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:19:00.0233 4568 Microsoft Office Groove Audit Service - ok
11:19:00.0263 4568 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:19:00.0265 4568 MMCSS - ok
11:19:00.0269 4568 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:19:00.0270 4568 Modem - ok
11:19:00.0298 4568 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:19:00.0300 4568 monitor - ok
11:19:00.0347 4568 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:19:00.0350 4568 mouclass - ok
11:19:00.0424 4568 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:19:00.0426 4568 mouhid - ok
11:19:00.0504 4568 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:19:00.0505 4568 mountmgr - ok
11:19:00.0688 4568 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:19:00.0706 4568 MozillaMaintenance - ok
11:19:00.0748 4568 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:19:00.0764 4568 mpio - ok
11:19:00.0792 4568 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:19:00.0813 4568 mpsdrv - ok
11:19:00.0856 4568 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:19:00.0918 4568 MpsSvc - ok
11:19:01.0039 4568 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:19:01.0041 4568 MRxDAV - ok
11:19:01.0103 4568 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:19:01.0127 4568 mrxsmb - ok
11:19:01.0155 4568 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:19:01.0158 4568 mrxsmb10 - ok
11:19:01.0171 4568 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:19:01.0173 4568 mrxsmb20 - ok
11:19:01.0198 4568 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:19:01.0200 4568 msahci - ok
11:19:01.0212 4568 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:19:01.0214 4568 msdsm - ok
11:19:01.0231 4568 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:19:01.0235 4568 MSDTC - ok
11:19:01.0265 4568 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:19:01.0267 4568 Msfs - ok
11:19:01.0276 4568 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:19:01.0301 4568 mshidkmdf - ok
11:19:01.0327 4568 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:19:01.0328 4568 msisadrv - ok
11:19:01.0382 4568 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:19:01.0403 4568 MSiSCSI - ok
11:19:01.0405 4568 msiserver - ok
11:19:01.0633 4568 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
11:19:01.0671 4568 MSI_MSIBIOS_010507 - ok
11:19:01.0706 4568 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:19:01.0707 4568 MSKSSRV - ok
11:19:01.0772 4568 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
11:19:01.0785 4568 msloop - ok
11:19:01.0801 4568 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:19:01.0802 4568 MSPCLOCK - ok
11:19:01.0805 4568 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:19:01.0806 4568 MSPQM - ok
11:19:01.0825 4568 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:19:01.0838 4568 MsRPC - ok
11:19:01.0843 4568 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
11:19:01.0856 4568 mssmbios - ok
11:19:01.0859 4568 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:19:01.0860 4568 MSTEE - ok
11:19:01.0863 4568 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
11:19:01.0864 4568 MTConfig - ok
11:19:01.0885 4568 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:19:01.0887 4568 Mup - ok
11:19:01.0936 4568 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:19:01.0941 4568 napagent - ok
11:19:01.0981 4568 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:19:01.0999 4568 NativeWifiP - ok
11:19:02.0092 4568 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
11:19:02.0109 4568 NAUpdate - ok
11:19:02.0167 4568 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:19:02.0187 4568 NDIS - ok
11:19:02.0216 4568 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:19:02.0218 4568 NdisCap - ok
11:19:02.0249 4568 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:19:02.0250 4568 NdisTapi - ok
11:19:02.0283 4568 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:19:02.0285 4568 Ndisuio - ok
11:19:02.0298 4568 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:19:02.0300 4568 NdisWan - ok
11:19:02.0304 4568 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:19:02.0306 4568 NDProxy - ok
11:19:02.0336 4568 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:19:02.0355 4568 NetBIOS - ok
11:19:02.0384 4568 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:19:02.0386 4568 NetBT - ok
11:19:02.0413 4568 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:19:02.0414 4568 Netlogon - ok
11:19:02.0504 4568 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:19:02.0513 4568 Netman - ok
11:19:02.0600 4568 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:19:02.0621 4568 NetMsmqActivator - ok
11:19:02.0628 4568 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:19:02.0629 4568 NetPipeActivator - ok
11:19:02.0660 4568 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:19:02.0664 4568 netprofm - ok
11:19:02.0667 4568 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:19:02.0668 4568 NetTcpActivator - ok
11:19:02.0671 4568 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:19:02.0672 4568 NetTcpPortSharing - ok
11:19:02.0730 4568 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
11:19:02.0755 4568 nfrd960 - ok
11:19:02.0796 4568 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:19:02.0800 4568 NlaSvc - ok
11:19:02.0812 4568 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:19:02.0814 4568 Npfs - ok
11:19:02.0846 4568 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:19:02.0849 4568 nsi - ok
11:19:02.0858 4568 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:19:02.0859 4568 nsiproxy - ok
11:19:02.0939 4568 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:19:03.0014 4568 Ntfs - ok
11:19:03.0170 4568 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
11:19:03.0188 4568 NTIOLib_1_0_4 - ok
11:19:03.0285 4568 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:19:03.0305 4568 Null - ok
11:19:03.0347 4568 nusb3hub (bad636ee7ff5bf539854bba33868efc2) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:19:03.0363 4568 nusb3hub - ok
11:19:03.0403 4568 nusb3xhc (dfafdc3051e04ffafddc4872394c1fc8) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:19:03.0427 4568 nusb3xhc - ok
11:19:03.0560 4568 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:19:03.0563 4568 nvraid - ok
11:19:03.0600 4568 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:19:03.0603 4568 nvstor - ok
11:19:03.0617 4568 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:19:03.0619 4568 nv_agp - ok
11:19:03.0689 4568 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:19:03.0716 4568 odserv - ok
11:19:03.0739 4568 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:19:03.0764 4568 ohci1394 - ok
11:19:03.0800 4568 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:19:03.0813 4568 ose - ok
11:19:03.0851 4568 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:19:03.0856 4568 p2pimsvc - ok
11:19:03.0896 4568 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:19:03.0916 4568 p2psvc - ok
11:19:03.0937 4568 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
11:19:03.0939 4568 Parport - ok
11:19:03.0953 4568 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:19:03.0968 4568 partmgr - ok
11:19:03.0981 4568 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
11:19:03.0982 4568 Parvdm - ok
11:19:04.0009 4568 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:19:04.0012 4568 PcaSvc - ok
11:19:04.0028 4568 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:19:04.0030 4568 pci - ok
11:19:04.0035 4568 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:19:04.0052 4568 pciide - ok
11:19:04.0080 4568 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
11:19:04.0083 4568 pcmcia - ok
11:19:04.0092 4568 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:19:04.0094 4568 pcw - ok
11:19:04.0153 4568 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:19:04.0177 4568 PEAUTH - ok
11:19:04.0249 4568 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:19:04.0285 4568 PeerDistSvc - ok
11:19:04.0387 4568 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:19:04.0424 4568 pla - ok
11:19:04.0574 4568 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:19:04.0579 4568 PlugPlay - ok
11:19:04.0591 4568 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:19:04.0603 4568 PNRPAutoReg - ok
11:19:04.0634 4568 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:19:04.0637 4568 PNRPsvc - ok
11:19:04.0676 4568 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:19:04.0680 4568 PolicyAgent - ok
11:19:04.0713 4568 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:19:04.0716 4568 Power - ok
11:19:04.0783 4568 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:19:04.0803 4568 PptpMiniport - ok
11:19:04.0828 4568 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
11:19:04.0830 4568 Processor - ok
11:19:04.0877 4568 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:19:04.0880 4568 ProfSvc - ok
11:19:04.0913 4568 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:19:04.0914 4568 ProtectedStorage - ok
11:19:04.0952 4568 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:19:04.0954 4568 Psched - ok
11:19:04.0984 4568 pwdrvio (7ed7830412f6fbea96b117edc5f470f1) C:\Windows\system32\pwdrvio.sys
11:19:05.0006 4568 Suspicious file (Forged): C:\Windows\system32\pwdrvio.sys. Real md5: 7ed7830412f6fbea96b117edc5f470f1, Fake md5: aab0efaff96126a6169355f487a32242
11:19:05.0006 4568 pwdrvio ( ForgedFile.Multi.Generic ) - warning
11:19:05.0006 4568 pwdrvio - detected ForgedFile.Multi.Generic (1)
11:19:05.0052 4568 pwdspio (38ae04a18ea88f8c7b4baac72c1682ea) C:\Windows\system32\pwdspio.sys
11:19:05.0079 4568 Suspicious file (Forged): C:\Windows\system32\pwdspio.sys. Real md5: 38ae04a18ea88f8c7b4baac72c1682ea, Fake md5: d74205ced10211cee23c13c230d8511f
11:19:05.0080 4568 pwdspio ( ForgedFile.Multi.Generic ) - warning
11:19:05.0080 4568 pwdspio - detected ForgedFile.Multi.Generic (1)
11:19:05.0156 4568 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
11:19:05.0222 4568 ql2300 - ok
11:19:05.0293 4568 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
11:19:05.0295 4568 ql40xx - ok
11:19:05.0331 4568 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:19:05.0335 4568 QWAVE - ok
11:19:05.0347 4568 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:19:05.0349 4568 QWAVEdrv - ok
11:19:05.0356 4568 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:19:05.0358 4568 RasAcd - ok
11:19:05.0397 4568 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:19:05.0427 4568 RasAgileVpn - ok
11:19:05.0485 4568 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:19:05.0502 4568 RasAuto - ok
11:19:05.0521 4568 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:19:05.0523 4568 Rasl2tp - ok
11:19:05.0543 4568 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:19:05.0548 4568 RasMan - ok
11:19:05.0563 4568 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:19:05.0565 4568 RasPppoe - ok
11:19:05.0581 4568 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:19:05.0606 4568 RasSstp - ok
11:19:05.0643 4568 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:19:05.0646 4568 rdbss - ok
11:19:05.0658 4568 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:19:05.0674 4568 rdpbus - ok
11:19:05.0693 4568 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:19:05.0694 4568 RDPCDD - ok
11:19:05.0727 4568 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:19:05.0746 4568 RDPDR - ok
11:19:05.0772 4568 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:19:05.0773 4568 RDPENCDD - ok
11:19:05.0777 4568 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:19:05.0778 4568 RDPREFMP - ok
11:19:05.0805 4568 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:19:05.0830 4568 RdpVideoMiniport - ok
11:19:05.0863 4568 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:19:05.0866 4568 RDPWD - ok
11:19:05.0885 4568 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:19:05.0887 4568 rdyboost - ok
11:19:05.0921 4568 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:19:05.0941 4568 RemoteAccess - ok
11:19:05.0972 4568 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:19:05.0986 4568 RemoteRegistry - ok
11:19:06.0014 4568 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:19:06.0016 4568 RpcEptMapper - ok
11:19:06.0042 4568 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:19:06.0061 4568 RpcLocator - ok
11:19:06.0098 4568 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:19:06.0102 4568 RpcSs - ok
11:19:06.0113 4568 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:19:06.0115 4568 rspndr - ok
11:19:06.0250 4568 RSUSBSTOR (f1ed9ffa59c369e72bc53a7631346f61) C:\Windows\system32\Drivers\RtsUStor.sys
11:19:06.0270 4568 RSUSBSTOR - ok
11:19:06.0315 4568 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
11:19:06.0318 4568 RTL8167 - ok
11:19:06.0348 4568 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:19:06.0370 4568 s3cap - ok
11:19:06.0405 4568 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:19:06.0407 4568 SamSs - ok
11:19:06.0450 4568 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:19:06.0453 4568 sbp2port - ok
11:19:06.0464 4568 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:19:06.0479 4568 SCardSvr - ok
11:19:06.0500 4568 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:19:06.0501 4568 scfilter - ok
11:19:06.0543 4568 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:19:06.0579 4568 Schedule - ok
11:19:06.0621 4568 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:19:06.0621 4568 SCPolicySvc - ok
11:19:06.0655 4568 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:19:06.0674 4568 SDRSVC - ok
11:19:06.0709 4568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:19:06.0711 4568 secdrv - ok
11:19:06.0720 4568 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:19:06.0723 4568 seclogon - ok
11:19:06.0737 4568 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:19:06.0740 4568 SENS - ok
11:19:06.0764 4568 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:19:06.0778 4568 SensrSvc - ok
11:19:06.0785 4568 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:19:06.0786 4568 Serenum - ok
11:19:06.0792 4568 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:19:06.0794 4568 Serial - ok
11:19:06.0797 4568 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
11:19:06.0799 4568 sermouse - ok
11:19:06.0824 4568 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:19:06.0828 4568 SessionEnv - ok
11:19:06.0832 4568 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:19:06.0834 4568 sffdisk - ok
11:19:06.0836 4568 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:19:06.0838 4568 sffp_mmc - ok
11:19:06.0845 4568 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:19:06.0846 4568 sffp_sd - ok
11:19:06.0849 4568 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
11:19:06.0862 4568 sfloppy - ok
11:19:06.0900 4568 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:19:06.0923 4568 SharedAccess - ok
11:19:06.0963 4568 Shdbus (86d281b2b10a177ba4b096ff0bf5a6da) C:\Windows\system32\drivers\Shdbus.sys
11:19:07.0040 4568 Shdbus - ok
11:19:07.0118 4568 SHDSERV (78cce98ca874050ce16db72b86640634) C:\Program Files\Shield\shdserv.exe
11:19:07.0173 4568 SHDSERV - ok
11:19:07.0210 4568 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:19:07.0215 4568 ShellHWDetection - ok
11:19:07.0231 4568 Shield (72bb98ec69d65b01660945aa96442315) C:\Windows\system32\drivers\Shield.sys
11:19:07.0263 4568 Shield - ok
11:19:07.0292 4568 ShieldClientService (86e2d45d5e65c57f3bed0cf718fe7bec) C:\Program Files\Shield\shieldclnt.exe
11:19:07.0363 4568 ShieldClientService - ok
11:19:07.0388 4568 Shieldf (1c1063e9b9cf9ecd58d9b9274219f63a) C:\Windows\system32\drivers\Shieldf.sys
11:19:07.0451 4568 Shieldf - ok
11:19:07.0476 4568 Shieldm (06276c0723e84609d98e0893dbdddae9) C:\Windows\system32\drivers\Shieldm.sys
11:19:07.0507 4568 Shieldm - ok
11:19:07.0545 4568 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:19:07.0546 4568 sisagp - ok
11:19:07.0579 4568 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
11:19:07.0595 4568 SiSRaid2 - ok
11:19:07.0616 4568 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
11:19:07.0618 4568 SiSRaid4 - ok
11:19:07.0652 4568 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:19:07.0653 4568 Smb - ok
11:19:07.0725 4568 snapman (1bc68a9a70f92d5effbf0700ae2d7432) C:\Windows\system32\DRIVERS\snapman.sys
11:19:07.0853 4568 Suspicious file (Forged): C:\Windows\system32\DRIVERS\snapman.sys. Real md5: 1bc68a9a70f92d5effbf0700ae2d7432, Fake md5: 5583054ef09d13ca953da1fae287d80d
11:19:07.0853 4568 snapman ( ForgedFile.Multi.Generic ) - warning
11:19:07.0853 4568 snapman - detected ForgedFile.Multi.Generic (1)
11:19:07.0903 4568 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:19:07.0906 4568 SNMPTRAP - ok
11:19:07.0918 4568 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:19:07.0920 4568 spldr - ok
11:19:07.0944 4568 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:19:07.0949 4568 Spooler - ok
11:19:08.0107 4568 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:19:08.0161 4568 sppsvc - ok
11:19:08.0246 4568 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:19:08.0249 4568 sppuinotify - ok
11:19:08.0298 4568 sptd - ok
11:19:08.0356 4568 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:19:08.0380 4568 srv - ok
11:19:08.0415 4568 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:19:08.0419 4568 srv2 - ok
11:19:08.0434 4568 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:19:08.0453 4568 srvnet - ok
11:19:08.0481 4568 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
11:19:08.0483 4568 ssadbus - ok
11:19:08.0503 4568 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:19:08.0506 4568 SSDPSRV - ok
11:19:08.0611 4568 SshSharedFolderService2 (4826a1bb55f034b8f0cd8398e389689b) C:\Program Files\SshSharedFoldersSetup\SshSharedFolderService2.exe
11:19:08.0650 4568 SshSharedFolderService2 - ok
11:19:08.0675 4568 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:19:08.0679 4568 SstpSvc - ok
11:19:08.0696 4568 Steam Client Service - ok
11:19:08.0717 4568 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
11:19:08.0737 4568 stexstor - ok
11:19:08.0792 4568 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:19:08.0832 4568 StiSvc - ok
11:19:08.0861 4568 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:19:08.0863 4568 storflt - ok
11:19:08.0897 4568 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:19:08.0898 4568 storvsc - ok
11:19:08.0908 4568 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
11:19:08.0909 4568 swenum - ok
11:19:08.0999 4568 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:19:09.0056 4568 SwitchBoard - ok
11:19:09.0109 4568 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:19:09.0114 4568 swprv - ok
11:19:09.0177 4568 syncagentsrv - ok
11:19:09.0203 4568 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
11:19:09.0205 4568 Synth3dVsc - ok
11:19:09.0259 4568 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:19:09.0299 4568 SysMain - ok
11:19:09.0334 4568 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:19:09.0354 4568 TabletInputService - ok
11:19:09.0387 4568 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:19:09.0411 4568 TapiSrv - ok
11:19:09.0483 4568 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:19:09.0486 4568 TBS - ok
11:19:09.0589 4568 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:19:09.0676 4568 Tcpip - ok
11:19:09.0696 4568 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:19:09.0701 4568 TCPIP6 - ok
11:19:09.0730 4568 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:19:09.0753 4568 tcpipreg - ok
11:19:09.0777 4568 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:19:09.0778 4568 TDPIPE - ok
11:19:09.0781 4568 tdrpman - ok
11:19:09.0814 4568 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:19:09.0816 4568 TDTCP - ok
11:19:09.0827 4568 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:19:09.0848 4568 tdx - ok
11:19:10.0038 4568 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
11:19:10.0119 4568 TeamViewer7 - ok
11:19:10.0214 4568 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
11:19:10.0215 4568 TermDD - ok
11:19:10.0246 4568 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
11:19:10.0247 4568 terminpt - ok
11:19:10.0298 4568 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:19:10.0356 4568 TermService - ok
11:19:10.0370 4568 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:19:10.0373 4568 Themes - ok
11:19:10.0405 4568 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:19:10.0406 4568 THREADORDER - ok
11:19:10.0471 4568 timounter (4e4ba74565e8300596025fdf8b271cd1) C:\Windows\system32\DRIVERS\timntr.sys
11:19:10.0554 4568 Suspicious file (Forged): C:\Windows\system32\DRIVERS\timntr.sys. Real md5: 4e4ba74565e8300596025fdf8b271cd1, Fake md5: 9853eff7fb1af233e05d2bc813fcee8e
11:19:10.0555 4568 timounter ( ForgedFile.Multi.Generic ) - warning
11:19:10.0555 4568 timounter - detected ForgedFile.Multi.Generic (1)
11:19:10.0600 4568 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:19:10.0623 4568 TrkWks - ok
11:19:10.0679 4568 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:19:10.0706 4568 TrustedInstaller - ok
11:19:10.0731 4568 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:19:10.0733 4568 tssecsrv - ok
11:19:10.0738 4568 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:19:10.0739 4568 TsUsbFlt - ok
11:19:10.0751 4568 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
11:19:10.0753 4568 TsUsbGD - ok
11:19:10.0773 4568 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
11:19:10.0775 4568 tsusbhub - ok
11:19:10.0809 4568 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:19:10.0811 4568 tunnel - ok
11:19:10.0822 4568 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
11:19:10.0824 4568 uagp35 - ok
11:19:10.0847 4568 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:19:10.0850 4568 udfs - ok
11:19:10.0886 4568 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:19:10.0904 4568 UI0Detect - ok
11:19:10.0959 4568 UimBus (d596e6d2793c5b12d6b4180aef802e7b) C:\Windows\system32\DRIVERS\UimBus.sys
11:19:10.0961 4568 UimBus - ok
11:19:11.0013 4568 Uim_IM (6b0339dac02b529cb9fc6c012f78a105) C:\Windows\system32\Drivers\Uim_IM.sys
11:19:11.0133 4568 Uim_IM - ok
11:19:11.0193 4568 Uim_Vim (01679e434c97d78655dc69864fea06ad) C:\Windows\system32\Drivers\Uim_Vim.sys
11:19:11.0211 4568 Uim_Vim - ok
11:19:11.0240 4568 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:19:11.0262 4568 uliagpkx - ok
11:19:11.0305 4568 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:19:11.0307 4568 umbus - ok
11:19:11.0319 4568 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
11:19:11.0320 4568 UmPass - ok
11:19:11.0355 4568 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:19:11.0359 4568 UmRdpService - ok
11:19:11.0472 4568 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:19:11.0508 4568 UnlockerDriver5 - ok
11:19:11.0528 4568 UnsignedThemes (3d571a3cbf127e9555ead2f8598f425f) C:\Windows\UnsignedThemesSvc.exe
11:19:11.0530 4568 UnsignedThemes - ok
11:19:11.0547 4568 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:19:11.0566 4568 upnphost - ok
11:19:11.0612 4568 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:19:11.0628 4568 USBAAPL - ok
11:19:11.0652 4568 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:19:11.0664 4568 usbccgp - ok
11:19:11.0694 4568 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:19:11.0696 4568 usbcir - ok
11:19:11.0728 4568 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:19:11.0761 4568 usbehci - ok
11:19:11.0809 4568 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:19:11.0829 4568 usbhub - ok
11:19:11.0848 4568 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
11:19:11.0864 4568 usbohci - ok
11:19:11.0877 4568 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
11:19:11.0901 4568 usbprint - ok
11:19:11.0931 4568 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:19:11.0933 4568 USBSTOR - ok
11:19:11.0962 4568 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:19:11.0963 4568 usbuhci - ok
11:19:12.0013 4568 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
11:19:12.0016 4568 usbvideo - ok
11:19:12.0053 4568 uxpatch (628c632710ab55747cb5bcc68716be21) C:\Windows\system32\drivers\uxpatch.sys
11:19:12.0055 4568 uxpatch - ok
11:19:12.0067 4568 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:19:12.0070 4568 UxSms - ok
11:19:12.0096 4568 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:19:12.0098 4568 VaultSvc - ok
11:19:12.0106 4568 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:19:12.0107 4568 vdrvroot - ok
11:19:12.0140 4568 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:19:12.0157 4568 vds - ok
11:19:12.0186 4568 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:19:12.0206 4568 vga - ok
11:19:12.0227 4568 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:19:12.0228 4568 VgaSave - ok
11:19:12.0231 4568 VGPU - ok
11:19:12.0272 4568 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:19:12.0275 4568 vhdmp - ok
11:19:12.0306 4568 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:19:12.0308 4568 viaagp - ok
11:19:12.0315 4568 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
11:19:12.0317 4568 ViaC7 - ok
11:19:12.0320 4568 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:19:12.0321 4568 viaide - ok
11:19:12.0383 4568 vididr (9d71c424898e029e316fa93ad494950e) C:\Windows\system32\DRIVERS\vididr.sys
11:19:12.0419 4568 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vididr.sys. Real md5: 9d71c424898e029e316fa93ad494950e, Fake md5: 3b264e62e5e7d4389db72a9dc29ccd07
11:19:12.0419 4568 vididr ( ForgedFile.Multi.Generic ) - warning
11:19:12.0419 4568 vididr - detected ForgedFile.Multi.Generic (1)
11:19:12.0508 4568 vidsflt61 - ok
11:19:12.0536 4568 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:19:12.0538 4568 vmbus - ok
11:19:12.0558 4568 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:19:12.0560 4568 VMBusHID - ok
11:19:12.0576 4568 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:19:12.0578 4568 volmgr - ok
11:19:12.0605 4568 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:19:12.0626 4568 volmgrx - ok
11:19:12.0654 4568 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:19:12.0657 4568 volsnap - ok
11:19:12.0693 4568 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
11:19:12.0706 4568 vsmraid - ok
11:19:12.0770 4568 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:19:12.0815 4568 VSS - ok
11:19:12.0849 4568 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:19:12.0851 4568 vwifibus - ok
11:19:12.0880 4568 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:19:12.0885 4568 W32Time - ok
11:19:12.0894 4568 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
11:19:12.0895 4568 WacomPen - ok
11:19:12.0905 4568 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:12.0907 4568 WANARP - ok
11:19:12.0909 4568 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:12.0910 4568 Wanarpv6 - ok
11:19:13.0003 4568 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:19:13.0042 4568 WatAdminSvc - ok
11:19:13.0120 4568 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:19:13.0142 4568 wbengine - ok
11:19:13.0159 4568 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:19:13.0163 4568 WbioSrvc - ok
11:19:13.0188 4568 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:19:13.0193 4568 wcncsvc - ok
11:19:13.0202 4568 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:19:13.0205 4568 WcsPlugInService - ok
11:19:13.0232 4568 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
11:19:13.0245 4568 Wd - ok
11:19:13.0285 4568 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:19:13.0296 4568 Wdf01000 - ok
11:19:13.0315 4568 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:19:13.0318 4568 WdiServiceHost - ok
11:19:13.0321 4568 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:19:13.0323 4568 WdiSystemHost - ok
11:19:13.0341 4568 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:19:13.0366 4568 WebClient - ok
11:19:13.0375 4568 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:19:13.0379 4568 Wecsvc - ok
11:19:13.0397 4568 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:19:13.0400 4568 wercplsupport - ok
11:19:13.0509 4568 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:19:13.0512 4568 WerSvc - ok
11:19:13.0544 4568 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:19:13.0546 4568 WfpLwf - ok
11:19:13.0549 4568 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:19:13.0551 4568 WIMMount - ok
11:19:13.0652 4568 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:19:13.0689 4568 WinDefend - ok
11:19:13.0694 4568 WinHttpAutoProxySvc - ok
11:19:13.0758 4568 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:19:13.0760 4568 Winmgmt - ok
11:19:13.0829 4568 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:19:13.0886 4568 WinRM - ok
11:19:13.0972 4568 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
11:19:13.0974 4568 WinUSB - ok
11:19:14.0035 4568 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:19:14.0086 4568 Wlansvc - ok
11:19:14.0140 4568 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:19:14.0177 4568 wlcrasvc - ok
11:19:14.0308 4568 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:19:14.0330 4568 wlidsvc - ok
11:19:14.0412 4568 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:19:14.0414 4568 WmiAcpi - ok
11:19:14.0466 4568 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:19:14.0485 4568 wmiApSrv - ok
11:19:14.0598 4568 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:19:14.0646 4568 WMPNetworkSvc - ok
11:19:14.0697 4568 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:19:14.0715 4568 WPCSvc - ok
11:19:14.0733 4568 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:19:14.0747 4568 WPDBusEnum - ok
11:19:14.0766 4568 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:19:14.0779 4568 ws2ifsl - ok
11:19:14.0802 4568 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:19:14.0805 4568 wscsvc - ok
11:19:14.0808 4568 WSearch - ok
11:19:14.0896 4568 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:19:14.0942 4568 wuauserv - ok
11:19:14.0985 4568 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:19:14.0987 4568 WudfPf - ok
11:19:15.0022 4568 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:19:15.0037 4568 WUDFRd - ok
11:19:15.0055 4568 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:19:15.0058 4568 wudfsvc - ok
11:19:15.0092 4568 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:19:15.0097 4568 WwanSvc - ok
11:19:15.0124 4568 MBR (0x1B8) (727069414524180e1662b8b2e42e2e37) \Device\Harddisk0\DR0
11:19:15.0187 4568 \Device\Harddisk0\DR0 - ok
11:19:15.0189 4568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:19:15.0191 4568 \Device\Harddisk1\DR1 - ok
11:19:15.0206 4568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
11:19:15.0209 4568 \Device\Harddisk2\DR2 - ok
11:19:15.0211 4568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
11:19:15.0212 4568 \Device\Harddisk3\DR3 - ok
11:19:15.0215 4568 Boot (0x1200) (e20c0941d778b02efee462943d0b31fe) \Device\Harddisk0\DR0\Partition0
11:19:15.0216 4568 \Device\Harddisk0\DR0\Partition0 - ok
11:19:15.0219 4568 Boot (0x1200) (2b7dc28376b31d513f96f5d7d0c1c730) \Device\Harddisk1\DR1\Partition0
11:19:15.0220 4568 \Device\Harddisk1\DR1\Partition0 - ok
11:19:15.0229 4568 Boot (0x1200) (e3f21a9911d4298032756c03d61663ca) \Device\Harddisk2\DR2\Partition0
11:19:15.0231 4568 \Device\Harddisk2\DR2\Partition0 - ok
11:19:15.0234 4568 Boot (0x1200) (de94ff0479538ba88da1448a42b12638) \Device\Harddisk3\DR3\Partition0
11:19:15.0234 4568 \Device\Harddisk3\DR3\Partition0 - ok
11:19:15.0235 4568 ============================================================
11:19:15.0235 4568 Scan finished
11:19:15.0235 4568 ============================================================
11:19:15.0244 3876 Detected object count: 8
11:19:15.0244 3876 Actual detected object count: 8
11:19:40.0587 3876 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0587 3876 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0588 3876 afcdpsrv ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0588 3876 afcdpsrv ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0589 3876 fltsrv ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0589 3876 fltsrv ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0590 3876 pwdrvio ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0590 3876 pwdrvio ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0591 3876 pwdspio ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0591 3876 pwdspio ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0592 3876 snapman ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0592 3876 snapman ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0593 3876 timounter ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0593 3876 timounter ( ForgedFile.Multi.Generic ) - User select action: Skip
11:19:40.0594 3876 vididr ( ForgedFile.Multi.Generic ) - skipped by user
11:19:40.0594 3876 vididr ( ForgedFile.Multi.Generic ) - User select action: Skip
11:20:42.0402 6084 Deinitialize success
[/code]



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 11:21:34
-----------------------------
11:21:34.858 OS Version: Windows 6.1.7601 Service Pack 1
11:21:34.858 Number of processors: 4 586 0x402
11:21:34.859 ComputerName: ALLEGIANCE UserName: malaac
11:21:45.583 Initialize success
11:22:28.316 AVAST engine defs: 12062300
11:22:52.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
11:22:52.471 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
11:22:52.473 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
11:22:52.475 Disk 1 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 11
11:22:52.478 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
11:22:52.481 Disk 2 Vendor: ST315003 CC1H Size: 1430799MB BusType: 11
11:22:52.484 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000077
11:22:52.487 Disk 3 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 11
11:22:52.511 Disk 0 MBR read successfully
11:22:52.514 Disk 0 MBR scan
11:22:52.520 Disk 0 unknown MBR code
11:22:52.523 Disk 0 MBR hidden
11:22:52.527 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
11:22:52.550 Disk 0 scanning sectors +1953520065
11:22:52.609 Disk 0 scanning C:\Windows\system32\drivers
11:23:17.563 File: C:\Windows\system32\drivers\phylock.sys **HIDDEN**
11:23:17.591 File: C:\Windows\system32\drivers\TBIMount.sys **HIDDEN**
11:23:17.613 File: C:\Windows\system32\drivers\vsflt67.sys **HIDDEN**
11:23:17.619 Service scanning
11:23:25.057 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
11:23:25.081 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
11:23:25.188 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
11:23:25.250 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
11:23:37.417 Modules scanning
11:23:41.788 Disk 0 trace - called modules:
11:23:41.815 ntoskrnl.exe fltsrv.sys halmacpi.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys amd_xata.sys storport.sys amd_sata.sys
11:23:41.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8709c030]
11:23:41.826 3 CLASSPNP.SYS[8ddc559e] -> nt!IofCallDriver -> [0x8709bb70]
11:23:41.831 5 vsflt61.sys[8ce34f9b] -> nt!IofCallDriver -> [0x8694cc08]
11:23:41.836 7 amd_xata.sys[8d671c90] -> nt!IofCallDriver -> \Device\00000073[0x869552f0]
11:23:48.288 AVAST engine scan C:\Windows
11:23:51.835 File: C:\Windows\tbicd2hd.exe **HIDDEN**
11:23:53.280 AVAST engine scan C:\Windows\system32
11:28:21.405 AVAST engine scan C:\Windows\system32\drivers
11:29:32.379 File: C:\Windows\system32\drivers\phylock.sys **HIDDEN**
11:29:32.513 File: C:\Windows\system32\drivers\TBIMount.sys **HIDDEN**
11:29:32.657 File: C:\Windows\system32\drivers\vsflt67.sys **HIDDEN**
11:29:52.496 AVAST engine scan C:\Users\malaac
11:47:15.126 File: C:\Users\malaac\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll **HIDDEN**
11:47:15.177 File: C:\Users\malaac\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll **HIDDEN**
11:47:15.240 File: C:\Users\malaac\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll **HIDDEN**
11:47:15.299 File: C:\Users\malaac\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll **HIDDEN**
11:47:16.204 File: C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll **HIDDEN**
11:47:17.844 AVAST engine scan C:\ProgramData
11:48:40.284 File: C:\ProgramData\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\bases\av\emu\i386\klavemu.kdl **SUSPICIOUS**
11:52:26.746 File: C:\ProgramData\Kaspersky Lab\AVP12\Bases\Cache\klavemu.kdl.85976ab5c7f1af13efe46747dae3c453 **HIDDEN**
11:52:56.975 Scan finished successfully
11:54:12.658 Disk 0 MBR has been saved successfully to "C:\Users\malaac\Desktop\MBR.dat"
11:54:12.677 The log file has been saved successfully to "C:\Users\malaac\Desktop\aswMBR.txt"

Attached Files


Edited by gringo_pr, 23 June 2012 - 12:17 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 23 June 2012 - 12:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 23 June 2012 - 04:25 PM

Here is the report.

[ce]OTL logfile created on: 6/23/2012 5:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 21.49% Memory free
6.49 Gb Paging File | 3.14 Gb Available in Paging File | 48.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 366.95 Gb Free Space | 39.39% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 839.12 Gb Free Space | 60.05% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 493.47 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 275.35 Gb Free Space | 14.78% Space Free | Partition Type: NTFS

Computer Name: ALLEGIANCE | User Name: malaac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Dos\DomDomSoft Manga Downloader\DomDomSoft Manga Downloader.exe (DomDomSoft)
PRC - C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\EventGhost\EventGhost.exe (EventGhost Project)
PRC - C:\Program Files\Logitech\SetPointG\SetPointII.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmi32.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Dos\Aom\AOM.exe ()
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCD-Miscellany\LCDMisc.exe (Goat Hats, Inc.)
PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
PRC - C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler.exe (NuonSoft)
PRC - C:\Program Files\Shield\shieldtray.exe ()
PRC - C:\Program Files\Shield\SHDSERV.exe ()
PRC - C:\Program Files\Shield\ShieldClnt.exe ()
PRC - C:\Program Files\3RVX\3RVX.exe (matt.malensek.net)
PRC - C:\Windows\system\HsMgr.exe ()
PRC - C:\Program Files\Icon Remover\IconRemover.exe (IconRemover.com)
PRC - C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\EventGhost\lib26\wx._core_.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._controls_.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._gdi_.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._misc_.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._windows_.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._aui.pyd ()
MOD - C:\Program Files\EventGhost\lib26\wx._grid.pyd ()
MOD - C:\Program Files\EventGhost\lib26\PIL._imaging.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_imaging.pyd ()
MOD - C:\Program Files\EventGhost\lib26\Crypto.Cipher.AES.pyd ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxmsw28uh_aui_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxmsw28uh_html_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxmsw28uh_adv_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxmsw28uh_core_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxbase28uh_net_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\wxbase28uh_vc.dll ()
MOD - C:\Program Files\EventGhost\lib26\site-packages\cFunctions.pyd ()
MOD - C:\Program Files\EventGhost\lib26\site-packages\WinUsbWrapper.dll ()
MOD - C:\Program Files\EventGhost\plugins\System\VistaVolume.dll ()
MOD - C:\Program Files\EventGhost\lib26\pywintypes26.dll ()
MOD - C:\Program Files\EventGhost\lib26\win32com.shell.shell.pyd ()
MOD - C:\Program Files\EventGhost\lib26\pythoncom26.dll ()
MOD - C:\Program Files\EventGhost\lib26\win32gui.pyd ()
MOD - C:\Program Files\EventGhost\lib26\win32api.pyd ()
MOD - C:\Program Files\EventGhost\lib26\win32trace.pyd ()
MOD - C:\Program Files\EventGhost\lib26\win32process.pyd ()
MOD - C:\Program Files\EventGhost\lib26\win32file.pyd ()
MOD - C:\Program Files\HoneyView3\HV3Shell32.dll ()
MOD - C:\Program Files\Trillian\libpng13.dll ()
MOD - C:\Program Files\Trillian\libungif.dll ()
MOD - C:\Program Files\Trillian\zlib1.dll ()
MOD - c:\Program Files\Trillian\languages\en\aim.dll ()
MOD - c:\Program Files\Trillian\languages\en\yahoo.dll ()
MOD - c:\Program Files\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files\Trillian\languages\en\msn.dll ()
MOD - c:\Program Files\Trillian\languages\en\events.dll ()
MOD - c:\Program Files\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files\Trillian\languages\en\proxy.dll ()
MOD - c:\Program Files\Trillian\languages\en\toolkit.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\EventGhost\lib26\select.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_multiprocessing.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_hashlib.pyd ()
MOD - C:\Program Files\EventGhost\lib26\pyexpat.pyd ()
MOD - C:\Program Files\EventGhost\lib26\winsound.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_ctypes.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_elementtree.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_ssl.pyd ()
MOD - C:\Program Files\EventGhost\lib26\unicodedata.pyd ()
MOD - C:\Program Files\EventGhost\lib26\_socket.pyd ()
MOD - C:\Dos\Aom\AOM.exe ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\NuonImage.dll ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\zlib1.dll ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\Wallpaper Cycler Helper.dll ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\libexif.dll ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\CrashRpt.dll ()
MOD - C:\Program Files\NuonSoft\WallpaperCycler3\Effects\Effects.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\LCD-Miscellany\dll\LCDMisc Itunes.dll ()
MOD - C:\Program Files\Shield\shieldtray.exe ()
MOD - C:\Program Files\Shield\shieldshell.dll ()
MOD - C:\Program Files\Shield\idle.dll ()
MOD - C:\Program Files\Shield\ps.dll ()
MOD - C:\Program Files\Shield\SHDSERVps.dll ()
MOD - C:\Windows\system\HsMgr.exe ()
MOD - C:\Program Files\Trillian\plugins\GoodNews\libcurl3a.dll ()
MOD - C:\Program Files\3RVX\CoreAudioApi.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Dos\Aom\aomdbi4.dll ()
MOD - C:\Dos\Aom\AOMShare.dll ()


========== Win32 Services (SafeList) ==========

SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (BestSyncSvc) -- C:\Program Files\BestSync 2012\BestSyncSvc.exe (RiseFly Software)
SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SshSharedFolderService2) -- C:\Program Files\SshSharedFoldersSetup\SshSharedFolderService2.exe (IIC Internet LLC)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (SHDSERV) -- C:\Program Files\Shield\SHDSERV.exe ()
SRV - (ShieldClientService) -- C:\Program Files\Shield\ShieldClnt.exe ()


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (DIRECTIO) -- C:\Program Files\PerformanceTest\DirectIo.sys File not found
DRV - (aswMBR) -- C:\Temp\aswMBR.sys File not found
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vidsflt61) Acronis Disk Storage Filter (61) -- C:\Windows\System32\drivers\vsflt61.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FARMNTIO) -- C:\Windows\System32\drivers\farmntio.sys ()
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows ® 2000 DDK provider)
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys (MSI)
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX™)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys (Your Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys ()
DRV - (Shield) -- C:\Windows\System32\drivers\Shield.sys ()
DRV - (Shieldm) -- C:\Windows\System32\drivers\Shieldm.sys ()
DRV - (Shieldf) -- C:\Windows\System32\drivers\Shieldf.sys ()
DRV - (Shdbus) -- C:\Windows\System32\drivers\Shdbus.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=HP_ss&mntrId=6ea506fb0000000000006c626d7151e6
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 29 04 9E 80 44 CD 01 [binary data]
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_6_&babsrc=SP_ss&mntrId=6ea506fb0000000000006c626d7151e6
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "tokyotosho Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2066179&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.4a.3417
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: eastasian@eunheui:1.1.3
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledItems: rj@reedmace.net:0.9.7.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.19
FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.3
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.7.0
FF - prefs.js..extensions.enabledItems: smartfind@smartfind.org:0.2.2
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.9.1
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:3.1
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:3.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:1.0.1
FF - prefs.js..extensions.enabledItems: mintrayr@tn123.ath.cx:0.9.4
FF - prefs.js..extensions.enabledItems: flash@adobee.com:1.1.0
FF - prefs.js..extensions.enabledItems: outwit-kernel-1110@outwit.com:2.0.2.10
FF - prefs.js..extensions.enabledItems: outwit-images-1110@outwit.com:0.5.2.10
FF - prefs.js..extensions.enabledItems: HomePagePrint2@corpus.co.jp:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.5.3
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: savedpasswordeditor@daniel.dawson:2.5
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=6ea506fb0000000000006c626d7151e6&q="
FF - prefs.js..network.proxy.network.proxy.socks_remote_dns: 1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/05/02 06:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/02 06:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/02 06:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 13:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 00:52:33 | 000,000,000 | ---D | M]

[2012/04/25 16:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malaac\AppData\Roaming\Mozilla\Extensions
[2012/06/23 11:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions
[2012/04/24 03:13:27 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/04/24 03:13:29 | 000,000,000 | ---D | M] (OpenDownloadツイ) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2012/04/24 09:28:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/06/18 03:07:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/04/24 03:13:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/05/18 22:45:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/07 00:42:41 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2012/06/22 00:03:06 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\coralietab@mozdev.org
[2012/04/24 03:13:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\DeviceDetection@logitech.com
[2012/04/24 03:13:51 | 000,000,000 | ---D | M] (East Asian Translator) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\eastasian@eunheui
[2012/04/24 03:13:56 | 000,000,000 | ---D | M] (fireform) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\fireform@mozilla.org
[2012/06/06 19:23:34 | 000,000,000 | ---D | M] (HyperSnap Helper) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\jid0-GWN5cQ7aNwf7gXzAEIjPjwc37Gg@jetpack
[2012/04/24 03:14:05 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\LogMeInClient@logmein.com
[2012/04/24 03:14:06 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\mintrayr@tn123.ath.cx
[2012/04/24 03:14:06 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\multilinks@plugin
[2012/04/24 03:14:08 | 000,000,000 | ---D | M] (NewTabURL) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\newtaburl@sogame.cat
[2012/04/24 03:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\nostmp
[2012/06/18 03:07:44 | 000,000,000 | ---D | M] (Outwit Images) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\outwit-images-1110@outwit.com
[2012/06/18 03:07:46 | 000,000,000 | ---D | M] (OutWit Kernel) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\outwit-kernel-1110@outwit.com
[2012/04/24 03:14:14 | 000,000,000 | ---D | M] (Smart Find) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\smartfind@smartfind.org
[2012/04/24 03:14:14 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2012/04/24 03:14:15 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\extensions\zoompage@DW-dev
[2012/04/25 16:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions
[2012/04/24 03:14:23 | 000,000,000 | ---D | M] (URL Fixer) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2012/04/24 03:14:25 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2012/04/25 16:00:23 | 000,000,000 | ---D | M] ("Stop-or-Reload Button") -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2012/04/24 03:14:25 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/04/24 03:14:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/04/24 03:14:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/24 03:14:28 | 000,000,000 | ---D | M] (OpenDownload) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2012/04/24 03:14:30 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2012/04/24 03:14:30 | 000,000,000 | ---D | M] (DownThemAll! AntiContainer) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\anticontainer@downthemall.net
[2012/04/24 03:14:36 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\coralietab@mozdev.org
[2012/04/24 03:14:36 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\DeviceDetection@logitech.com
[2012/04/24 03:14:36 | 000,000,000 | ---D | M] (East Asian Translator) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\eastasian@eunheui
[2012/04/24 03:14:37 | 000,000,000 | ---D | M] (fireform) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\fireform@mozilla.org
[2012/04/24 03:14:37 | 000,000,000 | ---D | M] (FlashPlayer 10) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\flash@adobee.com
[2012/04/24 03:14:39 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\LDSI_plashcor@gmail.com
[2012/04/24 03:14:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\LogMeInClient@logmein.com
[2012/04/24 03:14:41 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\mintrayr@tn123.ath.cx
[2012/04/24 03:14:42 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\multilinks@plugin
[2012/04/24 03:14:43 | 000,000,000 | ---D | M] (NewTabURL) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\newtaburl@sogame.cat
[2012/04/24 03:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\nostmp
[2012/04/24 03:14:44 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\rj@reedmace.net
[2012/04/24 03:14:44 | 000,000,000 | ---D | M] (Smart Find) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\smartfind@smartfind.org
[2012/04/24 03:14:48 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\sortplaces@andyhalford.com
[2012/04/24 03:14:50 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\malaac\AppData\Roaming\Mozilla\SeaMonkey\Profiles\4dxmvpgu.default\extensions\zoompage@DW-dev
[2011/01/10 12:46:08 | 000,002,277 | ---- | M] () -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\searchplugins\aol-search.xml
[2011/01/10 13:04:28 | 000,000,882 | ---- | M] () -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\searchplugins\conduit.xml
[2012/06/22 20:45:45 | 000,001,398 | ---- | M] () -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\searchplugins\sankaku-channel.xml
[2012/04/27 13:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/02 06:49:46 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2012/03/11 04:19:15 | 000,067,810 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}.XPI
[2012/05/15 20:47:58 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/03/11 04:24:51 | 000,016,633 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}.XPI
[2012/03/28 13:59:34 | 000,330,853 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}.XPI
[2012/03/11 04:02:10 | 000,079,365 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
[2012/06/15 20:20:15 | 000,185,600 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012/06/15 20:20:15 | 000,082,896 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\LDSI_PLASHCOR@GMAIL.COM.XPI
[2012/03/28 14:51:38 | 000,008,232 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\RAMBACK@PAVLOV.NET.XPI
[2012/05/09 02:01:15 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2012/03/31 21:53:41 | 000,081,251 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\SORTPLACES@ANDYHALFORD.COM.XPI
[2012/04/24 09:28:44 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\MALAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0THQG877.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/27 22:28:54 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/12/27 22:28:47 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/02/22 21:12:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/09 16:48:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/06/18 22:33:20 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\malaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/05/28 12:20:42 | 000,001,025 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 meetandbleepgames.com www.meetandbleepgames.com
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net
O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com
O1 - Hosts: 127.0.0.1 update.inicom.net
O1 - Hosts: 127.0.0.1 update.flashfxp.com
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [Cmaudio8768GX] C:\Windows\system\HsMgr.exe ()
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [shield] C:\Program Files\Shield\shieldtray.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-307808138-3340831958-838744835-1003..\Run: [3RVX] C:\Program Files\3RVX\3RVX.exe (matt.malensek.net)
O4 - HKU\S-1-5-21-307808138-3340831958-838744835-1003..\Run: [Icon Remover] C:\Program Files\Icon Remover\IconRemover.exe (IconRemover.com)
O4 - HKU\S-1-5-21-307808138-3340831958-838744835-1003..\Run: [NuonSoft Wallpaper Cycler] C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler.exe (NuonSoft)
O4 - HKU\S-1-5-21-307808138-3340831958-838744835-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk = C:\Program Files\EventGhost\EventGhost.exe (EventGhost Project)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\ELTIMA Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\ELTIMA Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED4E541-EE13-4C10-A463-34BE894D06C3}: NameServer = 192.168.1.1,4.2.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\Shell - "" = AutoRun
O33 - MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (chkvdisk)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{6BCE196D-9D92-44FA-816C-2561C0AD6C58}
[2012/06/23 11:15:01 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{3805C385-0CBD-4F23-BD42-E2D7A07F68AE}
[2012/06/22 22:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012/06/22 22:14:36 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\Macromedia
[2012/06/22 21:36:09 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\NeoSmart_Technologies
[2012/06/22 21:35:27 | 000,000,000 | ---D | C] -- C:\NST
[2012/06/22 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\EasyBCD
[2012/06/22 20:47:42 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{05E08E08-A5C3-44C5-8C47-F738F0C723FF}
[2012/06/22 20:47:31 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{1A932C2A-B76A-40D3-BC41-5B36F2E82BA5}
[2012/06/22 08:47:04 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{87D5E48B-4732-42CD-8AB1-05DDCEAFCAE4}
[2012/06/22 08:46:53 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{B05DCCB7-8B9F-4598-944B-BD684595C5D9}
[2012/06/21 23:33:29 | 000,234,752 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/06/21 23:33:25 | 000,766,496 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/06/21 23:33:18 | 000,609,760 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/06/21 23:33:14 | 000,084,544 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt61.sys
[2012/06/21 23:33:13 | 000,170,752 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/06/21 23:33:12 | 000,077,696 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/06/21 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/06/21 20:16:28 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{9DF0DBB3-C037-4F5C-84D0-3C976018801C}
[2012/06/21 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{315B1971-0B21-4A26-8E8A-6B6FD13957C5}
[2012/06/20 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup & Recovery
[2012/06/20 20:45:38 | 000,004,608 | ---- | C] (Windows ® 2000 DDK provider) -- C:\Windows\System32\chkvdisk.exe
[2012/06/20 20:45:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\configfix
[2012/06/20 20:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Shield
[2012/06/20 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{BB08595D-96D6-4D55-AFA8-C11705BDBA28}
[2012/06/20 16:42:13 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{F7DCBE88-5386-4C11-B060-32EC110718D9}
[2012/06/20 08:59:53 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\Nero
[2012/06/20 08:59:49 | 000,000,000 | ---D | C] -- C:\My Documents\NeroVision
[2012/06/20 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\Nero
[2012/06/20 08:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/06/20 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nero 10
[2012/06/20 08:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/06/20 01:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2012/06/20 01:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ftw
[2012/06/19 19:57:37 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{7A62A449-9103-473A-B9D1-B309FAF7712E}
[2012/06/19 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{D5962EAD-D027-4FB7-A1D1-23EF4CED48AC}
[2012/06/19 05:07:47 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{E55B3227-737D-4135-9C3F-AD23E63C32CE}
[2012/06/19 05:07:36 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{283F0BA3-FDE4-410E-A1BB-FF68C0758806}
[2012/06/19 04:08:25 | 000,000,000 | ---D | C] -- C:\My Documents\クレージュエース
[2012/06/18 22:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/06/18 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\YourFileDownloader
[2012/06/18 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{1E135858-45B6-4BB3-98EA-C1643E653E15}
[2012/06/18 03:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disktrix
[2012/06/18 01:57:58 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\sol-fa-soft
[2012/06/17 22:54:24 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{B1777B10-EB66-4893-9409-75B7E7D0EAFB}
[2012/06/17 01:57:47 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{AE083E68-102A-417E-A6B3-8F2E9E4B0C04}
[2012/06/16 21:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\scripts
[2012/06/16 20:15:14 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/06/16 20:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\complexbackup
[2012/06/16 20:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/06/16 20:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/06/16 17:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/16 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/06/16 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/06/16 17:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/16 15:45:17 | 000,000,000 | ---D | C] -- C:\ATI
[2012/06/16 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\EventGhost
[2012/06/16 15:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EventGhost
[2012/06/16 14:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/16 14:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/16 14:31:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/16 13:09:02 | 000,058,568 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2012/06/16 12:00:38 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{91EED608-E278-4CA7-9E15-5889320E7F75}
[2012/06/15 23:26:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/15 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{62B637B2-6AD6-4C9D-BD75-2EE467A314A0}
[2012/06/15 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Farstone
[2012/06/15 20:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Helios
[2012/06/15 20:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 6
[2012/06/15 18:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Restore
[2012/06/15 18:19:01 | 002,593,120 | ---- | C] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2012/06/15 16:02:54 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{B5E5408D-BF6D-4955-BBD9-F1FBE9CB984B}
[2012/06/11 16:33:00 | 000,095,080 | ---- | C] (DiskTrix Inc) -- C:\Windows\System32\UDBDef.exe
[2012/06/08 20:11:06 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{228E5462-84D8-4862-AB53-CD77F28C4493}
[2012/06/08 20:10:55 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{F7D6F4E0-7907-4AA7-8D08-8088DCE34457}
[2012/06/07 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{62CA1EA4-81D3-4E47-B745-9DB341349AA6}
[2012/06/07 23:13:55 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{B0D94D69-BC9D-4E2E-8D8C-378DF0054186}
[2012/06/07 22:11:42 | 000,000,000 | -HSD | C] -- C:\Users\malaac\wc
[2012/06/07 22:11:35 | 000,000,000 | -HSD | C] -- C:\Users\malaac\AppData\Roaming\wyUpdate AU
[2012/06/06 19:05:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012/06/06 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\InstallShield
[2012/06/06 18:44:56 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{EBC160BA-B723-4450-9CAD-83DC9EAA6C28}
[2012/06/06 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{B8268A91-2F26-4F88-A91E-6FF21C62AC23}
[2012/06/06 11:44:08 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\LogMeIn
[2012/06/06 01:51:44 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Roaming\ChemTable Software
[2012/06/06 01:50:43 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\ChemTable Software
[2012/06/06 01:50:43 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\AnVir
[2012/06/05 22:09:13 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{A3D2ED97-0180-4A8D-AC4A-1ECEDD4B2782}
[2012/06/05 22:09:01 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{E2DDF058-E040-44E8-AEEC-F4D800581B23}
[2012/06/04 22:02:39 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{9038DC3B-2D6A-45C1-9029-9C2C5260FFD8}
[2012/06/04 22:02:28 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{60AF8AF8-9566-4D03-8596-5FC482D2F9F2}
[2012/06/03 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{46CCD59B-CDED-45A7-9E5F-6F434260D3F5}
[2012/06/03 22:53:33 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{EA4CEF9A-D636-4FF0-9F2D-E704EEC26906}
[2012/06/03 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{E63DFF13-3880-4F82-BB4E-11C40B7C93DB}
[2012/06/03 10:09:58 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{56C895ED-8ACF-45EA-B73A-1BA1E0974BEB}
[2012/06/02 13:52:16 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{9F6CEB12-E3E5-485B-B301-7847723A204D}
[2012/06/02 13:52:05 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{429FBC0E-C1F9-4058-9C69-6F4E3EF993F5}
[2012/06/01 09:54:32 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{0E8BC82E-F216-4E12-887F-F57192EBDBC7}
[2012/06/01 09:54:21 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{37E9B342-77F5-4DE9-BB02-D3E2B0E3EFEA}
[2012/05/31 21:52:04 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{A2A1F1B2-6322-48C1-81DF-B2EF7A8C8B80}
[2012/05/31 21:51:51 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{A8DFD46B-A5C5-4571-8079-E5E44FE19AB6}
[2012/05/31 03:54:19 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{9FBD2A0D-CD9B-4D4E-9C37-EB26864DCAE8}
[2012/05/31 03:54:08 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{AB791FC7-F49A-44B8-8D50-CEF384254EFB}
[2012/05/30 11:40:37 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{5D922DDB-8524-4612-B20A-C53C4151FB15}
[2012/05/30 11:40:25 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{38E69E31-3815-4054-B3EB-15B69AD3AA49}
[2012/05/29 21:00:50 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{9DF66D3E-2950-4B0F-8CAD-4321D6944F5D}
[2012/05/29 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{AB23A6FF-F35E-4E8A-AF1F-DCCB745B57D4}
[2012/05/29 08:53:43 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{0F1138E7-6F66-4CBE-BE1E-36F4911FF9CD}
[2012/05/29 08:53:31 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{32BBF458-B5DF-495C-B54E-5EDCF5E1490B}
[2012/05/29 01:53:45 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\露辱少女あんこ☆マギカ
[2012/05/28 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{41D39EF1-CE8B-4F47-AA84-3016475035CA}
[2012/05/28 12:23:57 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{415C80E9-B987-437D-B01C-C932D6F42FA5}
[2012/05/27 22:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\BestSync 2012
[2012/05/27 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{3EAE7071-8170-4B9D-963C-875FE5BA756C}
[2012/05/27 21:45:41 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{74C4DEAE-94C3-4FC7-8D97-CAC4FDC5DC97}
[2012/05/27 05:22:57 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{938BC177-2F20-4C34-BE56-8EDCA82386CD}
[2012/05/27 05:22:46 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{CD1AF868-29ED-40C3-837A-4FCD799BF55A}
[2012/05/26 14:28:29 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{15DDA562-0427-4CF8-B219-EAE16488CF40}
[2012/05/26 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{D0261E39-FF3E-49E5-8E22-758BBD157193}
[2012/05/26 00:45:04 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{28BE4936-6E98-4CCA-8AB2-C5532FA0F40E}
[2012/05/26 00:44:51 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{25693234-90C5-4BA9-9D1B-00B507FCB750}
[2012/05/25 12:32:30 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{7A553CC4-A4D1-4877-8EFC-61E78F8BBDD0}
[2012/05/25 12:32:19 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{089F7DC9-1FFA-4FB3-A14B-7D451ACBEAC9}
[2012/05/24 23:43:59 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{11BAFB3C-1724-4334-B2F5-92ED59C8F461}
[2012/05/24 23:43:48 | 000,000,000 | ---D | C] -- C:\Users\malaac\AppData\Local\{C4E4A911-A2C1-40C5-89E5-E012B611CE64}
[2012/04/24 03:55:37 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\malaac\PCPE Setup.exe
[2012/04/24 03:55:37 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\malaac\mfc80u.dll
[2012/04/24 03:55:37 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\malaac\msvcr80.dll
[2012/04/24 03:55:37 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\malaac\grm_res.dll
[2012/04/24 03:55:37 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\malaac\fr_res.dll
[2012/04/24 03:55:37 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\malaac\pt_res.dll
[2012/04/24 03:55:37 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\malaac\it_res.dll
[2012/04/24 03:55:37 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\malaac\es_res.dll
[2012/04/24 03:55:37 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\malaac\en_res.dll
[2012/04/24 03:55:37 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\malaac\ru_res.dll
[2012/04/24 03:55:37 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\malaac\jp_res.dll
[2012/04/24 03:55:37 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\malaac\zh_res.dll

========== Files - Modified Within 30 Days ==========

[2012/06/23 17:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 17:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 11:54:12 | 000,000,512 | ---- | M] () -- C:\Users\malaac\Desktop\MBR.dat
[2012/06/23 11:33:47 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2012/06/23 11:33:47 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2012/06/23 05:00:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 22:00:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/22 22:00:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/22 21:55:10 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 21:55:10 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 21:46:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 21:45:48 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\MyBackup.job
[2012/06/22 21:38:11 | 003,224,623 | ---- | M] () -- C:\My Documents\anime.wcl
[2012/06/22 21:06:28 | 000,000,000 | ---- | M] () -- C:\bcedit
[2012/06/22 20:46:11 | 000,649,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/22 20:46:11 | 000,119,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/21 23:33:29 | 000,234,752 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/06/21 23:33:25 | 000,766,496 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/06/21 23:33:18 | 000,609,760 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/06/21 23:33:14 | 000,084,544 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt61.sys
[2012/06/21 23:33:13 | 000,170,752 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/06/21 23:33:12 | 000,077,696 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/06/20 23:30:28 | 000,000,295 | -HS- | M] () -- C:\boot.ini
[2012/06/20 18:08:47 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2012/06/20 17:19:02 | 000,018,596 | ---- | M] () -- C:\Windows\2dfightermaker2nd20022.mid
[2012/06/20 09:08:03 | 000,001,148 | ---- | M] () -- C:\Windows\System32\game.ini
[2012/06/19 22:14:40 | 000,001,298 | ---- | M] () -- C:\Users\malaac\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/06/19 22:12:23 | 000,000,017 | ---- | M] () -- C:\Users\malaac\AppData\Local\resmon.resmoncfg
[2012/06/18 22:33:28 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/18 03:09:19 | 000,002,070 | ---- | M] () -- C:\Users\malaac\Desktop\Ultimate Defrag.lnk
[2012/06/17 04:42:47 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_170612001811664.job
[2012/06/16 17:20:50 | 000,001,018 | ---- | M] () -- C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2012/06/16 14:58:18 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/06/16 02:49:11 | 000,000,020 | ---- | M] () -- C:\Users\malaac\defogger_reenable
[2012/06/15 22:40:26 | 000,000,529 | RHS- | M] () -- C:\Windows\System32\VFsRegister
[2012/06/15 19:18:33 | 000,000,042 | ---- | M] () -- C:\Windows\System32\DuplicateFileCleaner.lie
[2012/06/15 18:20:11 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2012/06/15 18:19:01 | 002,593,120 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2012/06/11 16:33:00 | 000,095,080 | ---- | M] (DiskTrix Inc) -- C:\Windows\System32\UDBDef.exe
[2012/06/07 23:00:52 | 000,000,436 | ---- | M] () -- C:\Users\malaac\.webaom
[2012/06/06 00:12:39 | 000,001,228 | ---- | M] () -- C:\Users\malaac\Desktop\DomDomSoft Anime Downloader.lnk
[2012/05/29 01:27:31 | 000,000,036 | ---- | M] () -- C:\Users\malaac\Untitled.fsf
[2012/05/29 01:27:31 | 000,000,032 | ---- | M] () -- C:\Users\malaac\Untitled.fss
[2012/05/29 01:27:24 | 000,007,680 | ---- | M] () -- C:\Users\malaac\Untitled.fsl
[2012/05/27 22:46:17 | 000,000,858 | ---- | M] () -- C:\Users\malaac\Untitled.fsf~
[2012/05/25 20:55:58 | 000,001,036 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi

========== Files Created - No Company Name ==========

[2012/06/23 11:54:12 | 000,000,512 | ---- | C] () -- C:\Users\malaac\Desktop\MBR.dat
[2012/06/22 21:06:28 | 000,000,000 | ---- | C] () -- C:\bcedit
[2012/06/20 20:45:38 | 000,104,912 | ---- | C] () -- C:\Windows\System32\drivers\Shield.sys
[2012/06/20 20:45:38 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\Shieldm.sys
[2012/06/20 20:45:38 | 000,024,912 | ---- | C] () -- C:\Windows\System32\drivers\Shieldf.sys
[2012/06/20 20:45:38 | 000,007,376 | ---- | C] () -- C:\Windows\System32\drivers\Shdbus.sys
[2012/06/20 17:13:03 | 000,018,596 | ---- | C] () -- C:\Windows\2dfightermaker2nd20022.mid
[2012/06/20 09:08:03 | 000,001,148 | ---- | C] () -- C:\Windows\System32\game.ini
[2012/06/20 08:32:56 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/06/19 22:12:23 | 000,000,017 | ---- | C] () -- C:\Users\malaac\AppData\Local\resmon.resmoncfg
[2012/06/19 19:48:57 | 000,002,070 | ---- | C] () -- C:\Users\malaac\Desktop\Ultimate Defrag.lnk
[2012/06/18 22:33:28 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/16 20:34:32 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\Paragon Archive name arc_170612001811664.job
[2012/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/16 14:34:36 | 000,001,018 | ---- | C] () -- C:\Users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
[2012/06/16 02:48:50 | 000,000,020 | ---- | C] () -- C:\Users\malaac\defogger_reenable
[2012/06/15 21:46:05 | 000,021,592 | ---- | C] () -- C:\Windows\System32\drivers\farmntio.sys
[2012/06/15 21:45:21 | 000,000,529 | RHS- | C] () -- C:\Windows\System32\VFsRegister
[2012/06/15 19:18:33 | 000,000,042 | ---- | C] () -- C:\Windows\System32\DuplicateFileCleaner.lie
[2012/06/15 18:19:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2012/06/07 23:00:52 | 000,000,436 | ---- | C] () -- C:\Users\malaac\.webaom
[2012/06/06 01:10:04 | 000,001,228 | ---- | C] () -- C:\Users\malaac\Desktop\DomDomSoft Anime Downloader.lnk
[2012/05/28 23:07:00 | 000,007,680 | ---- | C] () -- C:\Users\malaac\Untitled.fsl
[2012/05/27 22:46:17 | 000,000,858 | ---- | C] () -- C:\Users\malaac\Untitled.fsf~
[2012/05/27 22:46:17 | 000,000,036 | ---- | C] () -- C:\Users\malaac\Untitled.fsf
[2012/05/27 22:46:17 | 000,000,032 | ---- | C] () -- C:\Users\malaac\Untitled.fss
[2012/05/26 20:21:18 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/05/21 00:47:42 | 000,040,625 | ---- | C] () -- C:\Users\malaac\IMAG0020.jpg
[2012/05/18 02:08:46 | 000,102,248 | ---- | C] () -- C:\Users\malaac\GoToAssistDownloadHelper.exe
[2012/05/09 13:43:42 | 000,000,257 | ---- | C] () -- C:\Users\malaac\doujins.efsp
[2012/04/27 13:48:30 | 000,000,090 | ---- | C] () -- C:\Users\malaac\mm.cfg
[2012/04/27 03:32:42 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2012/04/25 13:43:31 | 000,852,480 | ---- | C] () -- C:\Windows\System32\RGSS202E.dll
[2012/04/25 13:43:31 | 000,572,416 | ---- | C] () -- C:\Windows\System32\RGSS103J.dll
[2012/04/24 16:47:35 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012/04/24 16:43:45 | 000,018,991 | ---- | C] () -- C:\Windows\System32\Vmscnt3.dll
[2012/04/24 16:37:41 | 000,001,057 | ---- | C] () -- C:\Users\malaac\AppData\Roaming\vso_ts_preview.xml
[2012/04/24 16:20:21 | 000,000,600 | ---- | C] () -- C:\Users\malaac\AppData\Roaming\winscp.rnd
[2012/04/24 15:41:33 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012/04/24 15:40:28 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012/04/24 15:40:27 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/04/24 15:40:15 | 000,000,063 | ---- | C] () -- C:\Users\malaac\AppData\Roaming\22.cmd
[2012/04/24 15:27:40 | 000,000,017 | ---- | C] () -- C:\Users\malaac\tooldate.bsk
[2012/04/24 04:17:11 | 000,017,408 | ---- | C] () -- C:\Users\malaac\AppData\Local\WebpageIcons.db
[2012/04/24 04:14:51 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/04/24 04:14:51 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/04/24 03:55:38 | 013,338,112 | ---- | C] () -- C:\Users\malaac\PCPE_3.0.1.msi
[2012/04/24 03:55:37 | 000,018,808 | ---- | C] () -- C:\Users\malaac\ResourceReader.dll
[2012/04/23 23:06:21 | 000,561,152 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2012/04/23 23:06:21 | 000,000,179 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012/04/23 23:05:53 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/04/23 23:05:53 | 000,003,518 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012/04/23 23:05:53 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
[2012/04/23 23:05:53 | 000,001,036 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012/04/23 22:55:44 | 000,021,796 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2011/11/09 22:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/11/09 22:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/10/21 15:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F4CA4D70
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:CF08C48A

< End of report >
[/code]

Edited by gringo_pr, 23 June 2012 - 09:12 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 24 June 2012 - 11:33 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
    O33 - MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\Shell - "" = AutoRun
    O33 - MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\Shell\AutoRun\command - "" = H:\setup.exe  
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F4CA4D70
    @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:CF08C48A  
    IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=HP_ss&mntrId=6ea506fb0000000000006c626d7151e6
    IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-307808138-3340831958-838744835-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_6_&babsrc=SP_ss&mntrId=6ea506fb0000000000006c626d7151e6
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "tokyotosho Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2066179&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=6ea506fb0000000000006c626d7151e6&q="
    [2011/01/10 13:04:28 | 000,000,882 | ---- | M] () -- C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\searchplugins\conduit.xml
    [2012/06/18 22:33:20 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O1 - Hosts: 127.0.0.1 liveupdate.inicom.net
    O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com
    O1 - Hosts: 127.0.0.1 update.inicom.net
    O1 - Hosts: 127.0.0.1 update.flashfxp.com
    [2012/06/18 22:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 24 June 2012 - 12:13 PM

Ok will monitor. The first time running failed due to KIS 2012 was protecting host file. So I paused protection than ran it again and the report shows not found so appears it ran fine.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmPCIaudio not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Starting removal of ActiveX control vzTCPConfig
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d8d20-8e65-11e1-873a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118d8d20-8e65-11e1-873a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d8d20-8e65-11e1-873a-806e6f6e6963}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d8e73-8e65-11e1-873a-6c626d7151e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118d8e73-8e65-11e1-873a-6c626d7151e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118d8e73-8e65-11e1-873a-6c626d7151e6}\ not found.
File H:\setup.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:F4CA4D70 .
Unable to delete ADS C:\ProgramData\TEMP:CF08C48A .
HKU\S-1-5-21-307808138-3340831958-838744835-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "tokyotosho Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2066179&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?affID=112555&tt=060612_6_&babsrc=KW_ss&mntrId=6ea506fb0000000000006c626d7151e6&q=" removed from keyword.URL
File C:\Users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\searchplugins\conduit.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
Folder C:\ProgramData\Babylon\ not found.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Downloads\report\cmd.bat deleted successfully.
C:\Downloads\report\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: All Users.WINDOWS
 
User: Default
 
User: Default User
 
User: malaac
->Java cache emptied: 0 bytes
 
User: molitar
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: All Users.WINDOWS
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: malaac
->Flash cache emptied: 0 bytes
 
User: molitar
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.52.0 log created on 06242012_131225

Edited by molitar, 24 June 2012 - 12:14 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 24 June 2012 - 10:02 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 25 June 2012 - 10:14 PM

Ok let me run combofix. In the meantime when I launched Firefox it happened again. This time I captured a screenshot.

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 AM

Posted 25 June 2012 - 10:25 PM

Greetings


I want you to uninstall FireFox and if asked about user data or settings then remove that also


restart the computer and reinstall firefox - check things out and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 molitar

molitar
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 25 June 2012 - 10:59 PM

BTW I have run Combofix and have the Combofix log for you.

[cde]ComboFix 12-06-25.05 - malaac 5/2012 Mon 23:32:30.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3327.1846 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\malaac\AppData\Roaming\22.cmd
c:\users\malaac\AppData\Roaming\vso_ts_preview.xml
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\MSMAsk32.ocx
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-24 19:17 . 2012-06-24 19:17 -------- d-----w- c:\programdata\PC Tools
2012-06-24 19:17 . 2012-06-24 19:17 -------- d-----w- c:\users\malaac\AppData\Roaming\TestApp
2012-06-23 02:17 . 2012-06-23 02:18 -------- d-----w- c:\program files\CrystalDiskInfo
2012-06-23 02:14 . 2012-06-23 02:14 -------- d-----w- c:\users\malaac\AppData\Local\Macromedia
2012-06-23 01:36 . 2012-06-23 01:36 -------- d-----w- c:\users\malaac\AppData\Local\NeoSmart_Technologies
2012-06-23 01:32 . 2012-06-23 01:32 -------- d-----w- c:\program files\EasyBCD
2012-06-22 03:33 . 2012-06-22 03:33 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-06-22 03:33 . 2012-06-22 03:33 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-06-22 03:33 . 2012-06-22 03:33 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-06-22 03:33 . 2012-06-22 03:33 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2012-06-22 03:33 . 2012-06-22 03:33 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-06-22 03:33 . 2012-06-22 03:33 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-06-22 03:32 . 2012-06-22 03:32 -------- d-----w- c:\program files\Acronis
2012-06-21 00:45 . 2009-05-11 16:17 7376 ------w- c:\windows\system32\drivers\Shdbus.sys
2012-06-21 00:45 . 2009-05-11 16:17 32336 ------w- c:\windows\system32\drivers\Shieldm.sys
2012-06-21 00:45 . 2009-05-11 16:17 24912 ------w- c:\windows\system32\drivers\Shieldf.sys
2012-06-21 00:45 . 2009-05-11 16:17 104912 ------w- c:\windows\system32\drivers\Shield.sys
2012-06-21 00:45 . 2009-02-07 21:36 4608 ------w- c:\windows\system32\chkvdisk.exe
2012-06-21 00:45 . 2012-06-21 00:45 -------- d-----w- c:\windows\system32\configfix
2012-06-21 00:45 . 2012-06-21 01:29 -------- d-----w- c:\program files\Shield
2012-06-20 12:59 . 2012-06-20 12:59 -------- d-----w- c:\users\malaac\AppData\Local\Nero
2012-06-20 12:59 . 2012-06-20 13:11 -------- d-----w- c:\users\malaac\AppData\Roaming\Nero
2012-06-20 12:37 . 2012-06-20 12:39 -------- d-----w- c:\program files\Common Files\Nero
2012-06-20 12:37 . 2012-06-20 12:45 -------- d-----w- c:\program files\Nero
2012-06-20 05:41 . 2012-06-20 05:41 -------- d-----w- c:\programdata\restore
2012-06-20 05:38 . 2012-06-20 05:38 -------- d-----w- c:\programdata\ftw
2012-06-19 02:33 . 2012-06-19 02:33 -------- d-----w- c:\users\malaac\AppData\Roaming\YourFileDownloader
2012-06-18 05:57 . 2012-06-18 05:57 -------- d-----w- c:\users\malaac\AppData\Roaming\sol-fa-soft
2012-06-17 01:30 . 2012-06-17 01:30 -------- d-----w- c:\programdata\scripts
2012-06-17 00:11 . 2012-06-17 00:11 -------- d-----w- c:\programdata\complexbackup
2012-06-17 00:11 . 2012-06-17 00:11 -------- d-----w- c:\programdata\explauncher
2012-06-17 00:11 . 2012-06-17 00:11 -------- d-----w- c:\programdata\launcher
2012-06-16 21:24 . 2012-06-16 21:24 -------- d-----w- c:\programdata\ATI
2012-06-16 21:22 . 2012-06-16 21:22 -------- d-----w- c:\program files\AMD APP
2012-06-16 21:22 . 2012-06-16 21:22 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-16 19:45 . 2012-06-16 19:45 -------- d-----w- C:\ATI
2012-06-16 19:25 . 2012-06-17 02:10 -------- d-----w- c:\program files\EventGhost
2012-06-16 18:58 . 2012-06-16 18:58 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-16 18:48 . 2012-06-16 21:22 -------- d-----w- c:\program files\ATI Technologies
2012-06-16 18:48 . 2012-06-16 18:48 -------- d-----w- c:\program files\ATI
2012-06-16 17:09 . 2011-08-04 21:32 58568 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-06-16 01:46 . 2012-01-11 18:31 21592 ----a-w- c:\windows\system32\drivers\farmntio.sys
2012-06-16 01:45 . 2012-06-16 01:46 -------- d-----w- c:\programdata\Farstone
2012-06-16 00:25 . 2012-06-16 00:25 -------- d-----w- c:\programdata\Helios
2012-06-16 00:24 . 2012-06-16 00:24 -------- d-----w- c:\program files\TextPad 6
2012-06-15 22:52 . 2012-06-15 22:52 -------- d-----w- c:\program files\Desktop Restore
2012-06-15 22:19 . 2012-06-15 22:19 2593120 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-06-11 20:33 . 2012-06-11 20:33 95080 ----a-w- c:\windows\system32\UDBDef.exe
2012-06-08 02:11 . 2012-06-08 02:12 -------- d-sh--w- c:\users\malaac\wc
2012-06-08 02:11 . 2012-06-08 02:12 -------- d-sh--w- c:\users\malaac\AppData\Roaming\wyUpdate AU
2012-06-06 23:04 . 2012-06-06 23:04 -------- d-----w- c:\users\malaac\AppData\Roaming\InstallShield
2012-06-06 15:44 . 2012-06-06 15:44 -------- d-----w- c:\users\malaac\AppData\Local\LogMeIn
2012-06-06 05:51 . 2012-06-06 05:51 -------- d-----w- c:\users\malaac\AppData\Roaming\ChemTable Software
2012-06-06 05:50 . 2012-06-06 06:00 -------- d-----w- c:\users\malaac\AppData\Local\AnVir
2012-06-06 05:50 . 2012-06-06 05:50 -------- d-----w- c:\users\malaac\AppData\Local\ChemTable Software
2012-05-29 05:53 . 2012-05-29 05:57 -------- d-----w- c:\users\malaac\AppData\Local\露辱少女あんこ☆マギカ
2012-05-28 02:25 . 2012-05-28 02:25 -------- d-----w- c:\program files\BestSync 2012
2012-05-27 06:16 . 2012-05-27 06:16 -------- d-----w- c:\users\All Users.WINDOWS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:33 . 2012-05-18 04:07 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-06-23 15:33 . 2012-05-18 04:07 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-06-23 02:00 . 2012-04-24 13:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 02:00 . 2012-04-24 13:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 05:59 . 2012-04-24 07:13 53248 ----a-r- c:\users\malaac\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-28 05:59 . 2012-04-28 05:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-25 15:17 . 2012-04-24 07:13 3584 ----a-r- c:\users\malaac\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-04-24 23:31 . 2012-04-24 23:31 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 21:05 . 2012-04-24 03:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-24 21:05 . 2012-04-24 03:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-24 20:22 . 2012-04-24 20:22 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-24 03:50 . 2012-04-24 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-24 03:31 . 2012-04-24 03:31 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-04-18 07:06 . 2012-04-24 03:10 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E37B1AC8-C0DE-4951-BF11-C7F2B6F7793A}\mpengine.dll
2012-04-06 02:34 . 2012-04-06 02:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-04 19:56 . 2012-04-25 00:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 02:28 . 2010-12-28 02:28 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-02-16 14:40 . 2012-04-27 17:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-04-01 13:12 608768 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-29 328056]
"3RVX"="c:\program files\3RVX\3RVX.exe" [2008-10-14 159232]
"NuonSoft Wallpaper Cycler"="c:\program files\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [2009-06-30 4734008]
"Icon Remover"="c:\program files\Icon Remover\IconRemover.exe" [2008-03-26 742400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8768GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-04-01 147456]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 4375320]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"shield"="c:\program files\Shield\shieldtray.exe" [2009-05-11 3518800]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-12-16 5953992]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-12-16 403096]
.
c:\users\malaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files\EventGhost\EventGhost.exe [2012-6-16 31232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2011-08-04 277576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R3 BestSyncSvc;BestSync Service;c:\program files\BestSync 2012\BestSyncSvc.exe [2012-01-03 2793208]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [2012-01-11 21592]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-03-26 135584]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-05 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-05 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [2010-05-09 25912]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [2010-10-20 7680]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 SshSharedFolderService2;SshSharedFolderService2;c:\program files\SshSharedFoldersSetup\SshSharedFolderService2.exe [2011-07-11 8704]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-24 1343400]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-12-12 70784]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-12-12 34944]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-22 77696]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-08-04 58568]
S0 Shdbus;Shdbus; [x]
S0 Shield;Shield; [x]
S0 Shieldf;Shieldf; [x]
S0 Shieldm;Shieldm; [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-04-24 126144]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-06-22 84544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-24 242240]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-22 3450832]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2010-09-30 20088]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 ShieldClientService;Shield Client Service;c:\program files\Shield\shieldclnt.exe [2009-05-11 45056]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-22 234752]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 8913920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 263680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 63872]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 141952]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 02:00]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-05 23:08]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-05 23:08]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: Interfaces\{4ED4E541-EE13-4C10-A463-34BE894D06C3}: NameServer = 192.168.1.1,4.2.2.1
FF - ProfilePath - c:\users\malaac\AppData\Roaming\Mozilla\Firefox\Profiles\0thqg877.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 6ea506fb0000000000006c626d7151e6
FF - user.js: extensions.BabylonToolbar_i.hardId - 6ea506fb0000000000006c626d7151e6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15510
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-{B64BC516-2406-43AE-A21A-1E387A2343B1} - c:\program files\InstallShield Installation Information\{B64BC516-2406-43AE-A21A-1E387A2343B1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-307808138-3340831958-838744835-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI06.00.00.01PRO"="52669CBF75E26180BD33969BD0A1E5A4740CE7042142D176C53D16BD8CEBDC509E7CE91CA261F5330FF4EEF27E8AB37D18C74B1745078D394935E1F4E859E9F438C64CB0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A2D97226D213B555FEBC9E127BECC74CF6A28B9C9FF22F2FD36FD1D0C0D1BF07E8A1847E906A2379C5CCB292E4E07F5E07A49ACB2CDB7F4BA0A7AA1960B6C9B7F853E87CC3B9432A4EE9180B75EC2680EF473976CFF7633E46CE52271A89D8F1AD5992E5056054271BC0B69803CD6D661A734D095F61224C101EBBC2B7884F2556DE9FFC35DCF728A30FFB94A16454B34316B0144579B89FA053CCD51AB64AA49A132624C872854A3114C8FAFB530E6C791F325080E65648EA30E0EFB35895A8F327AB63C72A078E6292716D4F8303F8A1841416A213E138B9F948C38C79334B2F522EE6CD4CBA572CD13F30ECA04EA8F1BC0CE2D1297344A77B4529BFE7D70CEFCF1DFD8DEA936ED220702EB89ABE2C77C643D9C81BD52926010F19FBB46DCF2ADDDC9D48573880F349B4F02E2858191122D8C0D59E8A04FA5C4FB3853612DBA83F44DC5828829C7BA4B1ABD83ED368F3535D005BAC4657BDE4A6BC328896DD09BA2077293A8139AC8780B3DA1A1BF726E2D826CF83F10ADC7128986E8680E23D1AB1CE3AACF72C204EAD7F693CCE8884DD44E5BC2228E6176259D4B8D58AE00A2D2BE422E05C343F58BAAECC694240BED58D95C04EBB1A8297371FA5D9A02D8A463562070058F0C80A9C01E328FBA8D85D17AC8D9131B707F62FC9DABEE483ABBB6B142673CA66CF4A3C5A1F46B72E290FB6CBEAB93F3662EA25CC94712C04AFE85F68CF6B47FB3B85F545835266225E0736B2B1D6D370A460704322A302322B2B1374E7DB1400462A9C6E2BA1AABBF465D449503E0EA2B24ADAEAE64E22F40A657FEF66F92AA2FD2DF2A5C24B5B92C24E4398CA0A44F1C51CA4275AA77F9788801035D8413A77470634E00BAC8525EEEB27CC3596FDE26AD0FEFE0630BEC9B9E426465E72A477572F8B385BE56753746A9CBABA8477E08166149D0B2AB89E810116C5AB8F817FB9291B699A5AF4E425F9AF56993AA13ABEDEFB511C9B7B8E1B48257C08DF1B4E4C77F75447B15681A2CFE2BAA45FA19F2C3D470D80CD4973133212D5D16E6F09C322A9007159653766232C25C0E3CF2A268E786993CE170DCC388B61F78AB1B9A5B4AF12C00134F63BB2F6F6E8F437D25EDE869E45F10E80FC5836537EC747C94C3E79D96C9D8396C1BE1F372D8A1AF758BFDC8C17CC8C522D1829047EFCCB8B67D2EC4843E44D4FEB8AF80F2CDD6C5C6C465AB7A139A3F03C7A716F24C48E34798AE07025563B3E035FC74D1F6BD6A5C80DD144"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4932)
c:\program files\EventGhost\plugins\Task\hook.dll
c:\program files\PowerMenu\PowerMenuHook.dll
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\program files\Acronis\TrueImageHome\timounter.dll
c:\program files\NuonSoft\WallpaperCycler3\Wallpaper Cycler Helper.dll
c:\program files\Shield\idle.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\taskhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files\Shield\shdserv.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\SetPointG\SetPointII.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDCountdown.exe
c:\program files\Logitech Gaming Software\plugins\LCD-Miscellany\LCDMisc.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-06-25 23:55:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 03:55
.
Pre-Run: 380,070,608,896 bytes free
Post-Run: 378,631,766,016 bytes free
.
- - End Of File - - 57BFC9BE8AC081D85C3DA7F4180A7B22
[/code]

And the Add-Remove you asked about earlier...

[coe] Update for Microsoft Office 2007 (KB2508958)
3DMark 11
3DMark Vantage
3DMark06
ACDSee Pro 3
Acronis?True?Image?Home 2012
Adobe AIR
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Photoshop CS5
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
ADRIFT 5.0
AllToAVI v4 r5394
Altap Salamander 2.52
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bandizip
BestSync
Beyond Compare Version 3.3.4
Bonjour
C-Media PCI Audio Device
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CCleaner
Classic Shell
Combined Community Codec Pack 2011-11-11
ContentManager
CrystalDiskInfo 5.0.0 Shizuku Edition
D3DX10
DAEMON Tools Lite
Desktop Restore
Device Doctor v2.1
DirPrint 4.0
DomDomSoft Anime Downloader (remove only)
Duplicate Image Finder
DVD Flick 1.3.0.7
EasyBCD 2.1.2
Effective File Search 6.7
eReg
EventGhost 0.4.1.r1544
Flash Decompiler Trillix
Flash Movie Player 1.5
Flash Renamer 6.57
Futuremark SystemInfo
Google Chrome
Google Update Helper
Hard Disk Sentinel PRO
High-Definition Video Playback
HTC Sync
Java Auto Updater
Java™ 6 Update 31
JC拉致監禁レイプ バージョン 1.0
Junk Mail filter update
Kaspersky Internet Security 2012
Logitech Gaming Software
Logitech Gaming Software 8.20
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 7.1
MiniTool Partition Wizard Server Edition 7.1
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack 3
Nero 10 Movie ThemePack 4
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NuonSoft Wallpaper Cycler 3.6
OpenAL
PDF Settings CS5
piaip AppLocale
Plus Pack for Acronis True Image Home 2012
Realtek USB 2.0 Card Reader
Remove Empty Directories version 2.2
Renesas Electronics USB 3.0 Host Controller Driver
RGSS-RTP Standard
Rollback Rx
RPG Maker VX RTP
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sothink SWF Decompiler
SshSharedFoldersSetup
Steam
Sub Station Alpha v4.08
SUPER c v2012.build.51 (April 7, 2012) version v2012.build.51
swMSM
TeamViewer 7
TextPad 6
UltimateDefrag
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Profile Hive Cleanup Service
UxStyle Core Beta
Windows Driver Package - EventGhost Deal Extreme USB PC Remote (01/25/2010 1.0.2.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
神採りアルケミーマイスター
神採りアルケミーマイスター Append01
神採りアルケミーマイスター Append02
神採りアルケミーマイスター Ver2.00 Update[/code]

Edited by gringo_pr, 25 June 2012 - 11:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users