Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 Dovahkiin

Dovahkiin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 05 July 2012 - 12:30 PM

Here's the log, what do I do next?

Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 05-07-2012 19:19:25
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-19] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-05-30] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-02-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKU\Michael\...\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-25] (Google Inc.)
HKU\Michael\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [x]
HKU\Michael\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-01-29] (Valve Corporation)
HKU\Michael\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Michael\...\Run: [AdobeBridge] [x]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Michael\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-09-15] (Intel Corporation)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [921664 2011-05-19] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1335360 2011-05-19] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [995392 2011-05-19] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-09-15] (Windows ® Win 7 DDK provider)
3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [51712 2011-05-19] (Intel Corporation)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [53248 2011-05-19] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [282624 2011-07-19] (Intel Corporation)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-07-19] (Intel Corporation)
1 lnjmgsdy; C:\Windows\System32\Drivers\lnjmgsdy.sys [50392 2012-07-05] (Microsoft Corporation)
3 tihub3; C:\Windows\System32\Drivers\tihub3.sys [136000 2011-07-20] (Texas Instruments Incorporated)
3 tixhci; C:\Windows\System32\Drivers\tixhci.sys [406336 2011-07-20] (Texas Instruments Incorporated)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 19:19 - 2012-07-05 19:19 - 00000000 ____D C:\FRST
2012-07-05 12:12 - 2012-07-05 12:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D46079DD59368411
2012-07-05 12:12 - 2012-07-05 12:12 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nkfepeql.sys
2012-07-05 12:12 - 2012-07-05 12:12 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lnjmgsdy.sys
2012-07-05 12:10 - 2012-07-05 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C15616C898E03733
2012-07-05 12:07 - 2012-07-05 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C0B10EE720EE904
2012-07-05 12:02 - 2012-07-05 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.596FC0CA0DC96AA5
2012-07-05 11:58 - 2012-07-05 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.430548ACF8393F99
2012-07-05 11:55 - 2012-07-05 11:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02F2DC6341416CED
2012-07-05 11:50 - 2012-07-05 12:08 - 00147375 ____A C:\Users\Michael\Downloads\yorkyt.exe.log
2012-07-05 11:50 - 2012-07-05 11:50 - 01415784 ____A C:\Users\Michael\Downloads\yorkyt.exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover.exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover (2).exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover (1).exe
2012-07-05 11:41 - 2012-07-05 11:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.323656F4916338BB
2012-07-05 11:37 - 2012-07-05 11:37 - 16208824 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-V4.9 (1).exe
2012-07-05 11:37 - 2012-07-05 11:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8035DFEFFEBC5880
2012-07-05 11:37 - 2012-06-03 17:35 - 56731752 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-05 11:36 - 2012-07-05 11:37 - 16208824 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-V4.9.exe
2012-07-05 11:34 - 2012-07-05 11:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-07-05 11:31 - 2012-07-05 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E436048432878EEF
2012-07-05 11:25 - 2012-07-05 11:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A2DA677FC66BC12
2012-07-05 11:18 - 2012-07-05 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37E2E7F58DFDE7AF
2012-07-05 11:14 - 2012-07-05 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20968F09C9BC2A33
2012-07-05 11:11 - 2012-07-05 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.940AA3AFC58326D5
2012-07-05 11:04 - 2012-07-05 11:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-05 11:04 - 2012-07-05 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-05 11:03 - 2012-07-05 11:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall (1).exe
2012-07-05 11:02 - 2012-07-05 11:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall.exe
2012-07-04 08:24 - 2012-07-04 08:24 - 60824696 ____A (Maveritchell ) C:\Users\Michael\Downloads\ConPack2.2Patch.exe
2012-07-04 08:18 - 2012-07-04 08:22 - 791414474 ____A (Maveritchell ) C:\Users\Michael\Downloads\convopackinstaller.exe
2012-07-04 08:09 - 2012-07-04 08:09 - 111678378 ____A C:\Users\Michael\Downloads\swbf2v1.3patch_full_revision_117.exe
2012-07-04 07:59 - 2012-07-04 07:59 - 22380779 ____A C:\Users\Michael\Downloads\tatout.zip
2012-07-04 07:54 - 2012-07-04 07:54 - 41833489 ____A C:\Users\Michael\Downloads\bespin_escapev3.0.zip
2012-07-04 07:35 - 2012-07-04 07:35 - 35804525 ____A C:\Users\Michael\Downloads\sa1.exe
2012-07-04 07:19 - 2012-07-04 07:26 - 576765952 ____A C:\Users\Michael\Downloads\aaf-rcswe3.bdx.avi
2012-07-03 20:08 - 2010-02-23 03:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-02 17:01 - 2012-07-02 17:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-02 16:59 - 2012-07-02 16:59 - 00393272 ____A C:\Users\Michael\Downloads\Final.bmp
2012-07-02 16:53 - 2012-07-02 18:44 - 00000000 ____D C:\Users\Michael\Downloads\XPadder 2012.05.01 (A must have for games and programs)
2012-07-02 16:50 - 2012-07-02 16:50 - 00145218 ____A C:\Users\Michael\Downloads\xpadder-windows-malavida.exe
2012-07-02 11:43 - 2012-07-02 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-02 11:43 - 2012-07-02 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-02 11:42 - 2012-07-02 11:42 - 00000925 ____A C:\Users\Public\Desktop\DS3 Tool.lnk
2012-07-02 11:42 - 2012-07-02 11:42 - 00000925 ____A C:\Users\All Users\Desktop\DS3 Tool.lnk
2012-07-02 11:42 - 2012-07-02 11:42 - 00000000 ____D C:\Users\Michael\Application Data\MotioninJoy
2012-07-02 11:42 - 2012-07-02 11:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MotioninJoy
2012-07-02 11:42 - 2012-07-02 11:42 - 00000000 ____D C:\Program Files\MotioninJoy
2012-07-02 11:42 - 2012-05-12 06:31 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-07-02 11:42 - 2011-12-07 13:42 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-07-02 11:42 - 2011-12-07 13:42 - 00074960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
2012-07-02 11:41 - 2012-07-02 11:41 - 04117346 ____A C:\Users\Michael\Downloads\MotioninJoy_071001_signed.zip
2012-07-02 07:44 - 2012-07-02 07:44 - 00000000 ____D C:\Users\Michael\Downloads\MotioninJoy_060005_x86_signed
2012-07-02 07:43 - 2012-07-02 07:44 - 02164917 ____A C:\Users\Michael\Downloads\MotioninJoy_060005_x86_signed.zip
2012-07-02 07:38 - 2012-07-02 07:38 - 02465497 ____A C:\Users\Michael\Downloads\MotioninJoy_060005_amd64_signed.zip
2012-07-02 07:38 - 2012-07-02 07:38 - 00000000 ____D C:\Users\Michael\Downloads\MotioninJoy_060005_amd64_signed
2012-07-02 07:31 - 2012-07-02 07:31 - 00001959 ____A C:\Users\Michael\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:31 - 2012-07-02 07:31 - 00000000 ____D C:\Users\Michael\My Documents\PCSX2
2012-07-02 07:31 - 2012-07-02 07:31 - 00000000 ____D C:\Users\Michael\Documents\PCSX2
2012-07-02 07:30 - 2012-07-02 07:30 - 12780479 ____A C:\Users\Michael\Downloads\pcsx2-0.9.8-r4600-setup (1).exe
2012-07-02 07:30 - 2012-07-02 07:30 - 00001991 ____A C:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:30 - 2012-07-02 07:30 - 00001991 ____A C:\Users\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:30 - 2012-07-02 07:30 - 00000000 ____D C:\Program Files (x86)\PCSX2 0.9.8
2012-07-02 07:27 - 2012-07-02 07:28 - 32915604 ____A C:\Users\Michael\Downloads\Playstation-2-Bios-Pack.zip
2012-07-02 07:09 - 2012-07-02 07:09 - 00000023 ____A C:\Windows\BlendSettings.ini
2012-07-01 10:43 - 2012-07-01 10:43 - 00000132 ____A C:\Users\Michael\Application Data\Adobe PNG Format CS6 Prefs
2012-07-01 10:43 - 2012-07-01 10:43 - 00000132 ____A C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-06-22 06:12 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 06:12 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 06:12 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 06:12 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 06:11 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 06:11 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 06:11 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 06:11 - 2012-06-02 09:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 06:11 - 2012-06-02 09:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 03:54 - 2012-06-21 03:54 - 00000000 ____D C:\Windows\en
2012-06-21 03:50 - 2012-06-21 03:51 - 27696611 ____A C:\Users\Michael\Downloads\JellyRollMortonAndHisRedHotPeppers-11-20_vbr_mp3.zip
2012-06-21 03:50 - 2012-06-21 03:51 - 23797756 ____A C:\Users\Michael\Downloads\JellyRollMortonAndHisRedHotPeppers-01-10_vbr_mp3.zip
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{CDEF557D-FD29-404F-90FE-AE615A72E97F}
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{97B6FF39-1651-453C-B825-8C1F5652A9E1}
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\Local Settings\{CDEF557D-FD29-404F-90FE-AE615A72E97F}
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\Local Settings\{97B6FF39-1651-453C-B825-8C1F5652A9E1}
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{CDEF557D-FD29-404F-90FE-AE615A72E97F}
2012-06-21 03:14 - 2012-06-21 03:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{97B6FF39-1651-453C-B825-8C1F5652A9E1}
2012-06-20 08:09 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{5E9EE6B8-382B-4B23-9340-5D0567F8A8D9}
2012-06-20 08:09 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\Local Settings\{5E9EE6B8-382B-4B23-9340-5D0567F8A8D9}
2012-06-20 08:09 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\{5E9EE6B8-382B-4B23-9340-5D0567F8A8D9}
2012-06-20 08:08 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{E9191220-1F2D-4CF6-8304-DE16E887421B}
2012-06-20 08:08 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\Local Settings\{E9191220-1F2D-4CF6-8304-DE16E887421B}
2012-06-20 08:08 - 2012-06-20 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\{E9191220-1F2D-4CF6-8304-DE16E887421B}
2012-06-19 09:26 - 2012-06-19 09:29 - 25603101 ____A C:\Users\Michael\Downloads\KingOliversCreoleJazzBand-01-08_vbr_mp3.zip
2012-06-19 08:29 - 2012-06-19 08:29 - 00000132 ____A C:\Users\Michael\Application Data\Adobe IllExport Filter CS6 Prefs
2012-06-19 08:29 - 2012-06-19 08:29 - 00000132 ____A C:\Users\Michael\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2012-06-19 08:15 - 2012-06-19 08:15 - 00025923 ____A C:\Users\Michael\Downloads\nicks-fonts_raconteur-nf.zip
2012-06-19 08:15 - 2012-06-19 08:15 - 00000000 ____D C:\Users\Michael\Downloads\nicks-fonts_raconteur-nf
2012-06-19 06:51 - 2012-06-19 06:51 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-19 06:51 - 2012-06-19 06:51 - 00000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2012-06-19 06:50 - 2012-06-19 06:50 - 00000000 ____D C:\Program Files\Adobe
2012-06-19 06:46 - 2012-06-19 06:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-19 06:32 - 2012-06-19 06:32 - 00000000 ____D C:\Users\Michael\Desktop\Adobe CS6
2012-06-19 06:30 - 2012-06-19 06:30 - 00000000 ____D C:\Users\Michael\Photos
2012-06-19 02:26 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{1D8C0056-8973-4454-B342-90F9244DCE86}
2012-06-19 02:26 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\Local Settings\{1D8C0056-8973-4454-B342-90F9244DCE86}
2012-06-19 02:26 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\AppData\Local\{1D8C0056-8973-4454-B342-90F9244DCE86}
2012-06-19 02:25 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{215470B0-6AA7-43EF-865F-904B7C2A4AE3}
2012-06-19 02:25 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\Local Settings\{215470B0-6AA7-43EF-865F-904B7C2A4AE3}
2012-06-19 02:25 - 2012-06-19 02:26 - 00000000 ____D C:\Users\Michael\AppData\Local\{215470B0-6AA7-43EF-865F-904B7C2A4AE3}
2012-06-18 12:34 - 2012-06-18 13:33 - 541078053 ____A C:\Users\Michael\Downloads\A_P_C.S.6.Extended.LS16.hoot009.part2.rar
2012-06-18 10:50 - 2012-06-18 17:39 - 734003200 ____A C:\Users\Michael\Downloads\A_P_C.S.6.Extended.LS16.hoot009.part1.rar
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Michael\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Default\Application Data\Macromedia
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Default User\Application Data\Macromedia
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-18 10:41 - 2012-06-18 10:41 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-06-18 10:40 - 2012-06-18 10:40 - 02500792 ____A C:\Users\Michael\Downloads\AdobeDownloadAssistant.exe
2012-06-18 06:16 - 2012-06-18 06:16 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{A71EAA2F-70EB-4F55-BE3D-5A95897ADE72}
2012-06-18 06:16 - 2012-06-18 06:16 - 00000000 ____D C:\Users\Michael\Local Settings\{A71EAA2F-70EB-4F55-BE3D-5A95897ADE72}
2012-06-18 06:16 - 2012-06-18 06:16 - 00000000 ____D C:\Users\Michael\AppData\Local\{A71EAA2F-70EB-4F55-BE3D-5A95897ADE72}
2012-06-17 03:12 - 2012-06-17 03:12 - 00038830 ____A C:\Users\Michael\Downloads\Untitledfdfsadw2.bmp
2012-06-17 02:31 - 2012-06-17 02:32 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{B31B94E4-B887-4F95-A040-C24993EAAC48}
2012-06-17 02:31 - 2012-06-17 02:32 - 00000000 ____D C:\Users\Michael\Local Settings\{B31B94E4-B887-4F95-A040-C24993EAAC48}
2012-06-17 02:31 - 2012-06-17 02:32 - 00000000 ____D C:\Users\Michael\AppData\Local\{B31B94E4-B887-4F95-A040-C24993EAAC48}
2012-06-16 05:10 - 2012-06-16 05:10 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{2F46711A-2296-45CA-9CE5-4102D9A726E4}
2012-06-16 05:10 - 2012-06-16 05:10 - 00000000 ____D C:\Users\Michael\Local Settings\{2F46711A-2296-45CA-9CE5-4102D9A726E4}
2012-06-16 05:10 - 2012-06-16 05:10 - 00000000 ____D C:\Users\Michael\AppData\Local\{2F46711A-2296-45CA-9CE5-4102D9A726E4}
2012-06-15 17:54 - 2012-06-20 10:23 - 00000000 ____D C:\Users\Michael\Downloads\New World-
2012-06-15 08:11 - 2012-06-15 08:11 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-06-15 08:11 - 2012-06-15 08:11 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-06-15 07:48 - 2012-06-15 07:48 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{7A4AF786-611F-4C35-B74F-F143D5D978C2}
2012-06-15 07:48 - 2012-06-15 07:48 - 00000000 ____D C:\Users\Michael\Local Settings\{7A4AF786-611F-4C35-B74F-F143D5D978C2}
2012-06-15 07:48 - 2012-06-15 07:48 - 00000000 ____D C:\Users\Michael\AppData\Local\{7A4AF786-611F-4C35-B74F-F143D5D978C2}
2012-06-14 19:55 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 19:55 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 19:55 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 19:55 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 19:55 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 19:55 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 19:55 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 19:55 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 19:55 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 19:55 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 19:55 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 19:55 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 19:55 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 19:55 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 19:55 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 19:55 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 19:55 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 19:55 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 19:55 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 19:55 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 19:55 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 19:55 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 19:55 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 19:55 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 19:55 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 19:55 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 19:55 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 19:55 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 07:00 - 2012-06-14 07:00 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{E404EDA0-B6CF-412B-8C17-9E1B1197EFA9}
2012-06-14 07:00 - 2012-06-14 07:00 - 00000000 ____D C:\Users\Michael\Local Settings\{E404EDA0-B6CF-412B-8C17-9E1B1197EFA9}
2012-06-14 07:00 - 2012-06-14 07:00 - 00000000 ____D C:\Users\Michael\AppData\Local\{E404EDA0-B6CF-412B-8C17-9E1B1197EFA9}
2012-06-14 06:39 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 06:39 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 06:39 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 06:39 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 06:39 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 06:39 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 06:39 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 06:39 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 06:39 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 06:39 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 06:39 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 06:39 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 06:39 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 06:39 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 06:39 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 06:39 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 06:39 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 11:30 - 2012-06-13 11:30 - 00014881 ____A C:\Users\Michael\Downloads\[kat.ph]simcity.4.rush.hour.torrent
2012-06-13 11:28 - 2012-06-13 11:28 - 00277248 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (3).exe
2012-06-13 11:28 - 2012-06-13 11:28 - 00277248 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (2).exe
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{5BABC81A-B0DF-4A54-8271-0606F99A8EBB}
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{4E868E28-4D67-4DAE-861F-CBF238489119}
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\Local Settings\{5BABC81A-B0DF-4A54-8271-0606F99A8EBB}
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\Local Settings\{4E868E28-4D67-4DAE-861F-CBF238489119}
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{5BABC81A-B0DF-4A54-8271-0606F99A8EBB}
2012-06-13 04:05 - 2012-06-13 04:05 - 00000000 ____D C:\Users\Michael\AppData\Local\{4E868E28-4D67-4DAE-861F-CBF238489119}
2012-06-12 14:33 - 2012-06-12 14:33 - 00007928 ____A C:\Users\Michael\Downloads\sapucdex1.0.0.5.zip
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{DC146132-BFA7-46C7-AE3C-977D5F5E6012}
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{91CAA231-6B6A-4BA3-877C-CD61190DCF39}
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\Local Settings\{DC146132-BFA7-46C7-AE3C-977D5F5E6012}
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\Local Settings\{91CAA231-6B6A-4BA3-877C-CD61190DCF39}
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{DC146132-BFA7-46C7-AE3C-977D5F5E6012}
2012-06-12 13:14 - 2012-06-12 13:14 - 00000000 ____D C:\Users\Michael\AppData\Local\{91CAA231-6B6A-4BA3-877C-CD61190DCF39}
2012-06-12 10:40 - 2012-06-12 10:40 - 02244511 ____A C:\Users\Michael\Downloads\bookbinder-3.0.zip
2012-06-12 10:18 - 2012-06-12 10:24 - 00000000 ____D C:\Users\Michael\Application Data\PDFlite
2012-06-12 10:18 - 2012-06-12 10:24 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PDFlite
2012-06-12 10:18 - 2012-06-12 10:18 - 00001865 ____A C:\Users\Public\Desktop\PDFlite.lnk
2012-06-12 10:18 - 2012-06-12 10:18 - 00001865 ____A C:\Users\All Users\Desktop\PDFlite.lnk
2012-06-12 10:17 - 2012-06-12 10:17 - 01029608 ____A C:\Users\Michael\Downloads\setup-pdflite-ic-0.7.exe
2012-06-12 10:17 - 2012-06-12 10:17 - 00000000 ____D C:\Program Files (x86)\PDFlite
2012-06-12 10:17 - 2005-03-11 19:07 - 00087040 ____A C:\Windows\System32\redmonnt.dll
2012-06-12 10:17 - 2005-03-11 19:07 - 00046080 ____A C:\Windows\System32\unredmon.exe
2012-06-12 10:17 - 2001-10-28 01:42 - 00119152 ____A C:\Windows\System32\redmon.hlp
2012-06-12 09:31 - 2012-06-12 09:31 - 00021220 ____A C:\Users\Michael\Downloads\www_dll-files_org_VDDLoader.dll.zip
2012-06-12 09:30 - 2012-06-12 09:30 - 00978432 ____A C:\Users\Michael\Downloads\VDMSound-2.0.4-WinNT-i386 (1).msi
2012-06-12 09:28 - 2012-06-12 09:32 - 00000000 ____D C:\Program Files (x86)\VDMSound
2012-06-12 09:27 - 2012-06-12 09:27 - 00978432 ____A C:\Users\Michael\Downloads\VDMSound-2.0.4-WinNT-i386.msi
2012-06-12 09:22 - 2012-06-12 14:33 - 00000000 ____D C:\Program Files (x86)\Redguard
2012-06-12 09:22 - 2012-06-12 09:22 - 00000000 ____D C:\Windows\_ISTMP3.DIR
2012-06-12 09:22 - 2012-06-12 09:22 - 00000000 ____D C:\Windows\_ISTMP1.DIR
2012-06-12 09:22 - 1998-07-30 07:51 - 00305152 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-06-12 09:09 - 2012-06-12 09:09 - 02040144 ____A () C:\Users\Michael\Downloads\Glidos_v1_50.exe
2012-06-12 09:05 - 2012-06-12 09:09 - 00000000 ____D C:\Program Files (x86)\Glidos
2012-06-12 09:04 - 2012-06-12 09:04 - 00904412 ____A C:\Users\Michael\Downloads\DOSBoxForGlidos_1_2.exe
2012-06-12 08:49 - 2012-06-12 08:51 - 44240698 ____A C:\Users\Michael\Downloads\TES_Battlespire_OST.rar
2012-06-12 08:49 - 2012-06-12 08:49 - 00420566 ____A C:\Users\Michael\Downloads\TES2_Daggerfall.rar
2012-06-12 08:49 - 2012-06-12 08:49 - 00168957 ____A C:\Users\Michael\Downloads\TES1_Arena.zip
2012-06-12 08:42 - 2012-06-12 08:42 - 00159995 ____A C:\Users\Michael\Downloads\gzip124xN.exe
2012-06-12 08:42 - 1997-12-23 04:14 - 00091648 ____A C:\Users\Michael\Downloads\gzip.exe
2012-06-12 08:42 - 1995-10-13 11:15 - 00007968 ____A C:\Users\Michael\Downloads\README
2012-06-12 08:42 - 1992-11-25 10:39 - 00018321 ____A C:\Users\Michael\Downloads\COPYING
2012-06-12 08:32 - 2012-06-12 08:32 - 04039282 ____A (Hoo Technologies ) C:\Users\Michael\Downloads\wavmp3_converter.exe
2012-06-12 08:32 - 2012-06-12 08:32 - 00001095 ____A C:\Users\Public\Desktop\WAV MP3 Converter.lnk
2012-06-12 08:32 - 2012-06-12 08:32 - 00001095 ____A C:\Users\All Users\Desktop\WAV MP3 Converter.lnk
2012-06-12 08:32 - 2012-06-12 08:32 - 00000000 ____D C:\Program Files (x86)\WAV MP3 Converter 4
2012-06-12 08:31 - 2012-06-12 08:31 - 00140804 ____A C:\Users\Michael\Downloads\sample.au
2012-06-12 07:58 - 2012-06-12 08:04 - 00000000 ____D C:\Users\Michael\Downloads\Compass
2012-06-12 06:52 - 2012-06-12 06:53 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{D31D4BBB-5F3C-482B-BE22-F03FA8F60FA3}
2012-06-12 06:52 - 2012-06-12 06:53 - 00000000 ____D C:\Users\Michael\Local Settings\{D31D4BBB-5F3C-482B-BE22-F03FA8F60FA3}
2012-06-12 06:52 - 2012-06-12 06:53 - 00000000 ____D C:\Users\Michael\AppData\Local\{D31D4BBB-5F3C-482B-BE22-F03FA8F60FA3}
2012-06-12 06:52 - 2012-06-12 06:52 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{F85205DA-D607-4016-84EA-0F049533A8E2}
2012-06-12 06:52 - 2012-06-12 06:52 - 00000000 ____D C:\Users\Michael\Local Settings\{F85205DA-D607-4016-84EA-0F049533A8E2}
2012-06-12 06:52 - 2012-06-12 06:52 - 00000000 ____D C:\Users\Michael\AppData\Local\{F85205DA-D607-4016-84EA-0F049533A8E2}
2012-06-12 06:23 - 2012-06-12 06:23 - 00001142 ____A C:\Users\Michael\Desktop\Musicnotes Player.lnk
2012-06-12 06:21 - 2012-06-12 06:22 - 19213512 ____A (Musicnotes Inc. ) C:\Users\Michael\Downloads\musicnotesSuite.exe
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{6B94B904-7D33-4441-B14E-2202AEEBC52C}
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{44FD8081-21BA-4443-BE79-47C63F55A486}
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\Local Settings\{6B94B904-7D33-4441-B14E-2202AEEBC52C}
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\Local Settings\{44FD8081-21BA-4443-BE79-47C63F55A486}
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\AppData\Local\{6B94B904-7D33-4441-B14E-2202AEEBC52C}
2012-06-12 05:55 - 2012-06-12 05:55 - 00000000 ____D C:\Users\Michael\AppData\Local\{44FD8081-21BA-4443-BE79-47C63F55A486}
2012-06-11 13:04 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{CC83F6FE-C129-47E3-844E-0879D5BBFF5E}
2012-06-11 13:04 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\Local Settings\{CC83F6FE-C129-47E3-844E-0879D5BBFF5E}
2012-06-11 13:04 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\AppData\Local\{CC83F6FE-C129-47E3-844E-0879D5BBFF5E}
2012-06-11 13:03 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{4B2D8BDB-6371-417E-A624-AE2DEE8A5482}
2012-06-11 13:03 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\Local Settings\{4B2D8BDB-6371-417E-A624-AE2DEE8A5482}
2012-06-11 13:03 - 2012-06-11 13:04 - 00000000 ____D C:\Users\Michael\AppData\Local\{4B2D8BDB-6371-417E-A624-AE2DEE8A5482}
2012-06-11 10:28 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{819D9583-A976-41EE-BFF1-BC391165CF0E}
2012-06-11 10:28 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\Local Settings\{819D9583-A976-41EE-BFF1-BC391165CF0E}
2012-06-11 10:28 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\AppData\Local\{819D9583-A976-41EE-BFF1-BC391165CF0E}
2012-06-11 10:27 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{E06678C9-92F9-4511-9D6E-475E8E629C24}
2012-06-11 10:27 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\Local Settings\{E06678C9-92F9-4511-9D6E-475E8E629C24}
2012-06-11 10:27 - 2012-06-11 10:28 - 00000000 ____D C:\Users\Michael\AppData\Local\{E06678C9-92F9-4511-9D6E-475E8E629C24}
2012-06-10 09:40 - 2012-06-10 09:40 - 00000000 ____D C:\Users\All Users\DVD Shrink
2012-06-10 09:40 - 2012-06-10 09:40 - 00000000 ____D C:\Users\All Users\Application Data\DVD Shrink
2012-06-10 09:40 - 2012-06-10 09:40 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2012-06-10 09:39 - 2012-06-10 09:39 - 00158176 ____A () C:\Users\Michael\Downloads\DVDShrink_downloader_by_DVDShrink.exe
2012-06-10 08:47 - 2012-06-10 08:47 - 00062965 ____A C:\Users\Michael\Downloads\EmiratesHarmony_NotesAndChords.zip
2012-06-10 05:07 - 2012-06-10 05:07 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{D4EE0365-7C13-4454-98DB-F114A200F911}
2012-06-10 05:07 - 2012-06-10 05:07 - 00000000 ____D C:\Users\Michael\Local Settings\{D4EE0365-7C13-4454-98DB-F114A200F911}
2012-06-10 05:07 - 2012-06-10 05:07 - 00000000 ____D C:\Users\Michael\AppData\Local\{D4EE0365-7C13-4454-98DB-F114A200F911}
2012-06-09 14:55 - 2012-06-09 14:55 - 00762372 ____A C:\Users\Michael\Downloads\sdkhooks-2.1.0-windows.zip
2012-06-09 12:14 - 2012-06-09 12:14 - 00276736 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (1).exe
2012-06-09 07:02 - 2012-06-09 07:02 - 00063455 ____A C:\Users\Michael\Downloads\z64-gerudo.mid
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{6FC9C731-284E-4B45-A4BD-15F658DC97DC}
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{38933249-4222-4491-A1AB-2928B6716105}
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\Local Settings\{6FC9C731-284E-4B45-A4BD-15F658DC97DC}
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\Local Settings\{38933249-4222-4491-A1AB-2928B6716105}
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\AppData\Local\{6FC9C731-284E-4B45-A4BD-15F658DC97DC}
2012-06-09 03:51 - 2012-06-09 03:51 - 00000000 ____D C:\Users\Michael\AppData\Local\{38933249-4222-4491-A1AB-2928B6716105}
2012-06-08 17:46 - 2012-06-08 17:46 - 00114352 ____A (GameRanger Technologies) C:\Users\Michael\Downloads\GameRangerSetup (1).exe
2012-06-08 17:46 - 2012-06-08 17:46 - 00001036 ____A C:\Users\Michael\Desktop\GameRanger.lnk
2012-06-08 17:46 - 2012-06-08 17:46 - 00000000 ____D C:\Users\Michael\Application Data\GameRanger
2012-06-08 17:46 - 2012-06-08 17:46 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GameRanger
2012-06-08 17:45 - 2012-06-08 17:46 - 00114352 ____A (GameRanger Technologies) C:\Users\Michael\Downloads\GameRangerSetup.exe
2012-06-08 17:45 - 2012-06-08 17:45 - 00000000 ____D C:\Users\Michael\Application Data\Doublefine
2012-06-08 17:45 - 2012-06-08 17:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Doublefine
2012-06-08 17:25 - 2012-06-08 17:25 - 00000000 ____D C:\Program Files (x86)\A.O.E.C
2012-06-08 04:39 - 2012-06-08 04:39 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{8923EA38-07A2-4936-A79E-1BB4C2717D7C}
2012-06-08 04:39 - 2012-06-08 04:39 - 00000000 ____D C:\Users\Michael\Local Settings\{8923EA38-07A2-4936-A79E-1BB4C2717D7C}
2012-06-08 04:39 - 2012-06-08 04:39 - 00000000 ____D C:\Users\Michael\AppData\Local\{8923EA38-07A2-4936-A79E-1BB4C2717D7C}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{93764039-F683-4042-9274-F3C7C391CAC3}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{106627A4-1180-47B3-A066-E41FE88F5D86}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\Local Settings\{93764039-F683-4042-9274-F3C7C391CAC3}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\Local Settings\{106627A4-1180-47B3-A066-E41FE88F5D86}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\AppData\Local\{93764039-F683-4042-9274-F3C7C391CAC3}
2012-06-07 05:16 - 2012-06-07 05:16 - 00000000 ____D C:\Users\Michael\AppData\Local\{106627A4-1180-47B3-A066-E41FE88F5D86}
2012-06-07 04:57 - 2012-06-07 04:58 - 10822491 ____A C:\Users\Michael\Downloads\GrimFandangoMural.zip
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{D06B2DA9-5AAF-4891-879D-B6C4C349AC6A}
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{26D5B042-2947-41A4-9CED-6935B6823FB1}
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\Local Settings\{D06B2DA9-5AAF-4891-879D-B6C4C349AC6A}
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\Local Settings\{26D5B042-2947-41A4-9CED-6935B6823FB1}
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{D06B2DA9-5AAF-4891-879D-B6C4C349AC6A}
2012-06-07 04:17 - 2012-06-07 04:17 - 00000000 ____D C:\Users\Michael\AppData\Local\{26D5B042-2947-41A4-9CED-6935B6823FB1}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{E59FE5BA-1391-4D17-AE96-04080B6BABB4}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{C86CB5BF-1181-45EB-B9B1-C6D7B3345579}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\Local Settings\{E59FE5BA-1391-4D17-AE96-04080B6BABB4}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\Local Settings\{C86CB5BF-1181-45EB-B9B1-C6D7B3345579}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{E59FE5BA-1391-4D17-AE96-04080B6BABB4}
2012-06-06 11:19 - 2012-06-06 11:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{C86CB5BF-1181-45EB-B9B1-C6D7B3345579}
2012-06-05 10:18 - 2012-06-05 10:19 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{31628304-287B-42E4-9589-82BBF96114AE}
2012-06-05 10:18 - 2012-06-05 10:19 - 00000000 ____D C:\Users\Michael\Local Settings\{31628304-287B-42E4-9589-82BBF96114AE}
2012-06-05 10:18 - 2012-06-05 10:19 - 00000000 ____D C:\Users\Michael\AppData\Local\{31628304-287B-42E4-9589-82BBF96114AE}
2012-06-05 10:18 - 2012-06-05 10:18 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{52F1127B-67A3-44CF-9C47-88B1ECA74900}
2012-06-05 10:18 - 2012-06-05 10:18 - 00000000 ____D C:\Users\Michael\Local Settings\{52F1127B-67A3-44CF-9C47-88B1ECA74900}
2012-06-05 10:18 - 2012-06-05 10:18 - 00000000 ____D C:\Users\Michael\AppData\Local\{52F1127B-67A3-44CF-9C47-88B1ECA74900}
2012-06-05 03:01 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{CBA41785-4551-425A-BF57-AFC8A9C95A90}
2012-06-05 03:01 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\Local Settings\{CBA41785-4551-425A-BF57-AFC8A9C95A90}
2012-06-05 03:01 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\AppData\Local\{CBA41785-4551-425A-BF57-AFC8A9C95A90}
2012-06-05 03:00 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\Local Settings\Application Data\{DC5189F3-7213-4B61-9ECB-E2F31F83ADF8}
2012-06-05 03:00 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\Local Settings\{DC5189F3-7213-4B61-9ECB-E2F31F83ADF8}
2012-06-05 03:00 - 2012-06-05 03:01 - 00000000 ____D C:\Users\Michael\AppData\Local\{DC5189F3-7213-4B61-9ECB-E2F31F83ADF8}

============ 3 Months Modified Files ========================

2012-07-05 12:12 - 2012-07-05 12:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D46079DD59368411
2012-07-05 12:12 - 2012-07-05 12:12 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nkfepeql.sys
2012-07-05 12:12 - 2012-07-05 12:12 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lnjmgsdy.sys
2012-07-05 12:11 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 12:11 - 2009-07-13 23:51 - 00074815 ____A C:\Windows\setupact.log
2012-07-05 12:10 - 2012-07-05 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C15616C898E03733
2012-07-05 12:08 - 2012-07-05 11:50 - 00147375 ____A C:\Users\Michael\Downloads\yorkyt.exe.log
2012-07-05 12:07 - 2012-07-05 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C0B10EE720EE904
2012-07-05 12:04 - 2012-02-29 17:24 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 12:04 - 2012-01-25 16:44 - 00000071 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-07-05 12:02 - 2012-07-05 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.596FC0CA0DC96AA5
2012-07-05 11:58 - 2012-07-05 11:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.430548ACF8393F99
2012-07-05 11:55 - 2012-07-05 11:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02F2DC6341416CED
2012-07-05 11:53 - 2011-12-17 02:50 - 01651208 ____A C:\Windows\WindowsUpdate.log
2012-07-05 11:53 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 11:53 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 11:51 - 2009-07-14 00:13 - 00786358 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 11:50 - 2012-07-05 11:50 - 01415784 ____A C:\Users\Michael\Downloads\yorkyt.exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover.exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover (2).exe
2012-07-05 11:44 - 2012-07-05 11:44 - 00137096 ____A (ESET) C:\Users\Michael\Downloads\ESETSirefefRemover (1).exe
2012-07-05 11:41 - 2012-07-05 11:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.323656F4916338BB
2012-07-05 11:40 - 2012-01-25 14:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626413248-2488451622-3878233316-1000UA.job
2012-07-05 11:37 - 2012-07-05 11:37 - 16208824 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-V4.9 (1).exe
2012-07-05 11:37 - 2012-07-05 11:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8035DFEFFEBC5880
2012-07-05 11:37 - 2012-07-05 11:36 - 16208824 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-V4.9.exe
2012-07-05 11:34 - 2012-04-03 08:23 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2012-07-05 11:34 - 2012-04-03 08:23 - 00000928 ____A C:\Users\All Users\Desktop\LogMeIn Hamachi.lnk
2012-07-05 11:34 - 2012-02-29 17:24 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 11:31 - 2012-07-05 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E436048432878EEF
2012-07-05 11:25 - 2012-07-05 11:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A2DA677FC66BC12
2012-07-05 11:18 - 2012-07-05 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37E2E7F58DFDE7AF
2012-07-05 11:14 - 2012-07-05 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20968F09C9BC2A33
2012-07-05 11:11 - 2012-07-05 11:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.940AA3AFC58326D5
2012-07-05 11:04 - 2012-01-25 14:25 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-05 11:04 - 2011-11-16 14:25 - 00792204 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 11:03 - 2012-07-05 11:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall (1).exe
2012-07-05 11:02 - 2012-07-05 11:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall.exe
2012-07-05 06:40 - 2012-01-25 14:22 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626413248-2488451622-3878233316-1000Core.job
2012-07-04 08:24 - 2012-07-04 08:24 - 60824696 ____A (Maveritchell ) C:\Users\Michael\Downloads\ConPack2.2Patch.exe
2012-07-04 08:22 - 2012-07-04 08:18 - 791414474 ____A (Maveritchell ) C:\Users\Michael\Downloads\convopackinstaller.exe
2012-07-04 08:09 - 2012-07-04 08:09 - 111678378 ____A C:\Users\Michael\Downloads\swbf2v1.3patch_full_revision_117.exe
2012-07-04 07:59 - 2012-07-04 07:59 - 22380779 ____A C:\Users\Michael\Downloads\tatout.zip
2012-07-04 07:54 - 2012-07-04 07:54 - 41833489 ____A C:\Users\Michael\Downloads\bespin_escapev3.0.zip
2012-07-04 07:35 - 2012-07-04 07:35 - 35804525 ____A C:\Users\Michael\Downloads\sa1.exe
2012-07-04 07:26 - 2012-07-04 07:19 - 576765952 ____A C:\Users\Michael\Downloads\aaf-rcswe3.bdx.avi
2012-07-02 17:59 - 2012-05-30 09:40 - 00087613 ____A C:\Users\Michael\Downloads\server.log
2012-07-02 17:58 - 2012-01-28 09:41 - 00000018 ____A C:\Users\Michael\Downloads\white-list.txt
2012-07-02 17:58 - 2012-01-28 09:41 - 00000018 ____A C:\Users\Michael\Downloads\ops.txt
2012-07-02 17:58 - 2012-01-28 09:41 - 00000000 ____A C:\Users\Michael\Downloads\banned-players.txt
2012-07-02 17:58 - 2012-01-28 09:41 - 00000000 ____A C:\Users\Michael\Downloads\banned-ips.txt
2012-07-02 16:59 - 2012-07-02 16:59 - 00393272 ____A C:\Users\Michael\Downloads\Final.bmp
2012-07-02 16:50 - 2012-07-02 16:50 - 00145218 ____A C:\Users\Michael\Downloads\xpadder-windows-malavida.exe
2012-07-02 11:43 - 2012-07-02 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-02 11:43 - 2012-07-02 11:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-02 11:42 - 2012-07-02 11:42 - 00000925 ____A C:\Users\Public\Desktop\DS3 Tool.lnk
2012-07-02 11:42 - 2012-07-02 11:42 - 00000925 ____A C:\Users\All Users\Desktop\DS3 Tool.lnk
2012-07-02 11:41 - 2012-07-02 11:41 - 04117346 ____A C:\Users\Michael\Downloads\MotioninJoy_071001_signed.zip
2012-07-02 11:10 - 2010-11-20 22:47 - 00078174 ____A C:\Windows\PFRO.log
2012-07-02 07:44 - 2012-07-02 07:43 - 02164917 ____A C:\Users\Michael\Downloads\MotioninJoy_060005_x86_signed.zip
2012-07-02 07:38 - 2012-07-02 07:38 - 02465497 ____A C:\Users\Michael\Downloads\MotioninJoy_060005_amd64_signed.zip
2012-07-02 07:31 - 2012-07-02 07:31 - 00001959 ____A C:\Users\Michael\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:30 - 2012-07-02 07:30 - 12780479 ____A C:\Users\Michael\Downloads\pcsx2-0.9.8-r4600-setup (1).exe
2012-07-02 07:30 - 2012-07-02 07:30 - 00001991 ____A C:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:30 - 2012-07-02 07:30 - 00001991 ____A C:\Users\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
2012-07-02 07:28 - 2012-07-02 07:27 - 32915604 ____A C:\Users\Michael\Downloads\Playstation-2-Bios-Pack.zip
2012-07-02 07:09 - 2012-07-02 07:09 - 00000023 ____A C:\Windows\BlendSettings.ini
2012-07-01 12:48 - 2012-01-28 09:41 - 00000462 ____A C:\Users\Michael\Downloads\server.properties
2012-07-01 12:47 - 2012-02-23 16:49 - 00002486 ____A C:\Users\Michael\My Documents\mcedit.ini
2012-07-01 12:47 - 2012-02-23 16:49 - 00002486 ____A C:\Users\Michael\Documents\mcedit.ini
2012-07-01 10:43 - 2012-07-01 10:43 - 00000132 ____A C:\Users\Michael\Application Data\Adobe PNG Format CS6 Prefs
2012-07-01 10:43 - 2012-07-01 10:43 - 00000132 ____A C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-07-01 02:57 - 2012-01-25 14:22 - 00002375 ____A C:\Users\Michael\Desktop\Google Chrome.lnk
2012-06-21 03:51 - 2012-06-21 03:50 - 27696611 ____A C:\Users\Michael\Downloads\JellyRollMortonAndHisRedHotPeppers-11-20_vbr_mp3.zip
2012-06-21 03:51 - 2012-06-21 03:50 - 23797756 ____A C:\Users\Michael\Downloads\JellyRollMortonAndHisRedHotPeppers-01-10_vbr_mp3.zip
2012-06-21 03:50 - 2011-12-17 03:07 - 00075669 ____A C:\Windows\DirectX.log
2012-06-20 08:07 - 2009-07-13 23:45 - 05111672 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-19 09:29 - 2012-06-19 09:26 - 25603101 ____A C:\Users\Michael\Downloads\KingOliversCreoleJazzBand-01-08_vbr_mp3.zip
2012-06-19 08:30 - 2012-01-25 14:15 - 00140968 ____A C:\Users\Michael\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-19 08:30 - 2012-01-25 14:15 - 00140968 ____A C:\Users\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-19 08:30 - 2012-01-25 14:15 - 00140968 ____A C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 08:29 - 2012-06-19 08:29 - 00000132 ____A C:\Users\Michael\Application Data\Adobe IllExport Filter CS6 Prefs
2012-06-19 08:29 - 2012-06-19 08:29 - 00000132 ____A C:\Users\Michael\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2012-06-19 08:15 - 2012-06-19 08:15 - 00025923 ____A C:\Users\Michael\Downloads\nicks-fonts_raconteur-nf.zip
2012-06-18 17:39 - 2012-06-18 10:50 - 734003200 ____A C:\Users\Michael\Downloads\A_P_C.S.6.Extended.LS16.hoot009.part1.rar
2012-06-18 13:33 - 2012-06-18 12:34 - 541078053 ____A C:\Users\Michael\Downloads\A_P_C.S.6.Extended.LS16.hoot009.part2.rar
2012-06-18 10:40 - 2012-06-18 10:40 - 02500792 ____A C:\Users\Michael\Downloads\AdobeDownloadAssistant.exe
2012-06-17 03:12 - 2012-06-17 03:12 - 00038830 ____A C:\Users\Michael\Downloads\Untitledfdfsadw2.bmp
2012-06-16 12:58 - 2012-05-30 13:34 - 00001860 ____A C:\Users\Michael\Downloads\server.log.1
2012-06-15 08:11 - 2012-06-15 08:11 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-06-15 08:11 - 2012-06-15 08:11 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-06-13 11:30 - 2012-06-13 11:30 - 00014881 ____A C:\Users\Michael\Downloads\[kat.ph]simcity.4.rush.hour.torrent
2012-06-13 11:28 - 2012-06-13 11:28 - 00277248 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (3).exe
2012-06-13 11:28 - 2012-06-13 11:28 - 00277248 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (2).exe
2012-06-12 14:33 - 2012-06-12 14:33 - 00007928 ____A C:\Users\Michael\Downloads\sapucdex1.0.0.5.zip
2012-06-12 10:40 - 2012-06-12 10:40 - 02244511 ____A C:\Users\Michael\Downloads\bookbinder-3.0.zip
2012-06-12 10:18 - 2012-06-12 10:18 - 00001865 ____A C:\Users\Public\Desktop\PDFlite.lnk
2012-06-12 10:18 - 2012-06-12 10:18 - 00001865 ____A C:\Users\All Users\Desktop\PDFlite.lnk
2012-06-12 10:17 - 2012-06-12 10:17 - 01029608 ____A C:\Users\Michael\Downloads\setup-pdflite-ic-0.7.exe
2012-06-12 09:31 - 2012-06-12 09:31 - 00021220 ____A C:\Users\Michael\Downloads\www_dll-files_org_VDDLoader.dll.zip
2012-06-12 09:30 - 2012-06-12 09:30 - 00978432 ____A C:\Users\Michael\Downloads\VDMSound-2.0.4-WinNT-i386 (1).msi
2012-06-12 09:27 - 2012-06-12 09:27 - 00978432 ____A C:\Users\Michael\Downloads\VDMSound-2.0.4-WinNT-i386.msi
2012-06-12 09:09 - 2012-06-12 09:09 - 02040144 ____A () C:\Users\Michael\Downloads\Glidos_v1_50.exe
2012-06-12 09:04 - 2012-06-12 09:04 - 00904412 ____A C:\Users\Michael\Downloads\DOSBoxForGlidos_1_2.exe
2012-06-12 08:51 - 2012-06-12 08:49 - 44240698 ____A C:\Users\Michael\Downloads\TES_Battlespire_OST.rar
2012-06-12 08:49 - 2012-06-12 08:49 - 00420566 ____A C:\Users\Michael\Downloads\TES2_Daggerfall.rar
2012-06-12 08:49 - 2012-06-12 08:49 - 00168957 ____A C:\Users\Michael\Downloads\TES1_Arena.zip
2012-06-12 08:42 - 2012-06-12 08:42 - 00159995 ____A C:\Users\Michael\Downloads\gzip124xN.exe
2012-06-12 08:32 - 2012-06-12 08:32 - 04039282 ____A (Hoo Technologies ) C:\Users\Michael\Downloads\wavmp3_converter.exe
2012-06-12 08:32 - 2012-06-12 08:32 - 00001095 ____A C:\Users\Public\Desktop\WAV MP3 Converter.lnk
2012-06-12 08:32 - 2012-06-12 08:32 - 00001095 ____A C:\Users\All Users\Desktop\WAV MP3 Converter.lnk
2012-06-12 08:31 - 2012-06-12 08:31 - 00140804 ____A C:\Users\Michael\Downloads\sample.au
2012-06-12 06:23 - 2012-06-12 06:23 - 00001142 ____A C:\Users\Michael\Desktop\Musicnotes Player.lnk
2012-06-12 06:22 - 2012-06-12 06:21 - 19213512 ____A (Musicnotes Inc. ) C:\Users\Michael\Downloads\musicnotesSuite.exe
2012-06-10 09:39 - 2012-06-10 09:39 - 00158176 ____A () C:\Users\Michael\Downloads\DVDShrink_downloader_by_DVDShrink.exe
2012-06-10 08:47 - 2012-06-10 08:47 - 00062965 ____A C:\Users\Michael\Downloads\EmiratesHarmony_NotesAndChords.zip
2012-06-09 14:55 - 2012-06-09 14:55 - 00762372 ____A C:\Users\Michael\Downloads\sdkhooks-2.1.0-windows.zip
2012-06-09 12:14 - 2012-06-09 12:14 - 00276736 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup (1).exe
2012-06-09 07:04 - 2012-02-21 13:57 - 00000128 ____A C:\Users\Michael\Downloads\GXSCCPreferences.bin
2012-06-09 07:02 - 2012-06-09 07:02 - 00063455 ____A C:\Users\Michael\Downloads\z64-gerudo.mid
2012-06-08 18:22 - 2012-01-25 15:30 - 00000987 ____A C:\Users\Michael\Desktop\Dropbox.lnk
2012-06-08 17:46 - 2012-06-08 17:46 - 00114352 ____A (GameRanger Technologies) C:\Users\Michael\Downloads\GameRangerSetup (1).exe
2012-06-08 17:46 - 2012-06-08 17:46 - 00001036 ____A C:\Users\Michael\Desktop\GameRanger.lnk
2012-06-08 17:46 - 2012-06-08 17:45 - 00114352 ____A (GameRanger Technologies) C:\Users\Michael\Downloads\GameRangerSetup.exe
2012-06-07 04:58 - 2012-06-07 04:57 - 10822491 ____A C:\Users\Michael\Downloads\GrimFandangoMural.zip
2012-06-03 17:35 - 2012-07-05 11:37 - 56731752 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-03 04:24 - 2012-06-03 04:24 - 00229472 ____A C:\Users\Michael\Downloads\The_Legend_Of_Korra_S01E08_When_Extremes_Meet_720p_HDTV_h264_OOO_mkv.exe
2012-06-03 04:24 - 2012-06-03 04:24 - 00017683 ____A C:\Users\Michael\Downloads\The.Legend.Of.Korra.S01E08.When.Extremes.Meet.720p.HDTV.h264-OOO.torrent
2012-06-02 17:19 - 2012-06-22 06:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 06:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 06:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 06:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 06:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 06:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 06:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 09:19 - 2012-06-22 06:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 09:15 - 2012-06-22 06:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 12:28 - 2012-06-01 12:28 - 00000743 ____A C:\Users\Michael\Downloads\Undergrund door.schematic
2012-05-30 12:57 - 2012-05-30 12:49 - 10259457 ____A C:\Users\Michael\Downloads\MCEdit-0.1.1.win32.zip
2012-05-27 10:46 - 2012-05-27 10:46 - 00278561 ____A C:\Users\Michael\Downloads\Minecraft.exe
2012-05-27 10:06 - 2012-05-27 10:04 - 43388617 ____A C:\Users\Michael\Downloads\Fear in a Handful of Dust 1_8.zip
2012-05-26 08:10 - 2012-05-26 08:10 - 12780479 ____A C:\Users\Michael\Downloads\pcsx2-0.9.8-r4600-setup.exe
2012-05-25 08:24 - 2012-05-25 08:24 - 00014935 ____A C:\Users\Michael\Downloads\50731CCEC7952151F0D4FCD8755224FDE76A0890.torrent
2012-05-25 08:19 - 2012-05-25 08:19 - 00274696 ____A (Premium) C:\Users\Michael\Downloads\DownloadSetup.exe
2012-05-20 18:47 - 2012-05-20 18:47 - 00261328 ____A C:\Users\Michael\My Documents\burkie.dae
2012-05-20 18:47 - 2012-05-20 18:47 - 00261328 ____A C:\Users\Michael\Documents\burkie.dae
2012-05-20 17:15 - 2012-05-20 17:14 - 31572960 ____A (Olson Software Limited ) C:\Users\Michael\Downloads\windsortour.exe
2012-05-20 13:20 - 2012-05-20 13:20 - 02158537 ____A C:\Users\Michael\Downloads\3D Modeling with Silhouettes.zip
2012-05-20 13:18 - 2012-05-20 13:18 - 00000397 ____A C:\Users\Michael\Downloads\download
2012-05-20 12:37 - 2012-05-20 12:36 - 33231558 ____A C:\Users\Michael\Downloads\blender-2.63a-release-windows64.exe
2012-05-17 21:47 - 2012-06-14 19:55 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-14 19:55 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-14 19:55 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-14 19:55 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-14 19:55 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-14 19:55 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-14 19:55 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-14 19:55 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-14 19:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-14 19:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-14 19:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-14 19:55 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-14 19:55 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-14 19:55 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-14 19:55 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-14 19:55 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-14 19:55 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-14 19:55 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-14 19:55 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-14 19:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-14 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-14 19:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-14 19:55 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-14 19:55 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-14 19:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-14 19:55 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-14 19:55 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-14 19:55 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 06:42 - 2012-05-17 06:42 - 00001113 ____A C:\Users\Michael\Desktop\Grim Fandango.lnk
2012-05-14 20:32 - 2012-06-14 06:39 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 19:11 - 2012-05-14 19:11 - 00001162 ____A C:\Users\Public\Desktop\Bigasoft iTunes Video Converter.lnk
2012-05-14 19:11 - 2012-05-14 19:11 - 00001162 ____A C:\Users\All Users\Desktop\Bigasoft iTunes Video Converter.lnk
2012-05-14 18:38 - 2012-05-14 18:38 - 00001162 ____A C:\Users\Public\Desktop\Boilsoft Video Splitter.lnk
2012-05-14 18:38 - 2012-05-14 18:38 - 00001162 ____A C:\Users\All Users\Desktop\Boilsoft Video Splitter.lnk
2012-05-14 18:17 - 2012-05-14 18:17 - 00001140 ____A C:\Users\Public\Desktop\AimOne Video Splitter.lnk
2012-05-14 18:17 - 2012-05-14 18:17 - 00001140 ____A C:\Users\All Users\Desktop\AimOne Video Splitter.lnk
2012-05-12 22:44 - 2012-05-12 22:44 - 00001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-12 22:44 - 2012-05-12 22:44 - 00001072 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-05-12 06:31 - 2012-07-02 11:42 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-05-09 11:20 - 2012-05-09 11:20 - 00226396 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-09 10:53 - 2012-05-09 10:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-07 09:22 - 2012-05-07 09:22 - 00001024 ____A C:\Users\Public\Desktop\Common.lnk
2012-05-07 09:22 - 2012-05-07 09:22 - 00001024 ____A C:\Users\All Users\Desktop\Common.lnk
2012-05-07 06:46 - 2012-05-07 06:46 - 00000047 ____A C:\Windows\NeroDigital.ini
2012-05-05 19:08 - 2012-05-05 19:08 - 00000100 ____A C:\Windows\bsacmd.INI
2012-05-04 08:24 - 2012-05-04 08:21 - 00038435 ____A C:\Users\Michael\Application Data\Comma Separated Values (Windows).ADR
2012-05-04 08:24 - 2012-05-04 08:21 - 00038435 ____A C:\Users\Michael\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-05-04 08:21 - 2012-05-04 08:21 - 00002025 ____A C:\Users\Michael\My Documents\contacts.CSV
2012-05-04 08:21 - 2012-05-04 08:21 - 00002025 ____A C:\Users\Michael\Documents\contacts.CSV
2012-05-04 06:06 - 2012-06-14 06:39 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-14 06:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-14 06:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-14 06:39 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 22:55 - 2012-06-14 06:39 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 05:33 - 2012-04-27 05:33 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-27 05:33 - 2012-04-27 05:33 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-26 00:41 - 2012-06-14 06:39 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-14 06:39 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-14 06:39 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:37 - 2012-06-14 06:39 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-14 06:39 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-14 06:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-14 06:39 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-14 06:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-14 06:39 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 09:39 - 2012-04-22 09:39 - 936911753 ____A C:\Users\Michael\Downloads\The.Legend.Of.Korra.S01E03.The.Revelation.720p.HDTV.h264-OOO.mkv
2012-04-21 05:34 - 2012-04-21 05:34 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-21 05:34 - 2012-04-21 05:34 - 00002214 ____A C:\Users\All Users\Desktop\Google Earth.lnk
2012-04-20 13:25 - 2012-04-20 13:24 - 58071968 ____A C:\Users\Michael\Downloads\MTEAMMURDER.rar
2012-04-19 11:56 - 2012-04-19 11:56 - 00241820 ____A C:\Users\Michael\Downloads\OptiFine_1.2.5_HD_MT_A2.zip
2012-04-19 11:44 - 2012-04-19 11:44 - 00003211 ____A C:\Users\Michael\Downloads\hungergames.txt
2012-04-17 11:18 - 2012-04-17 11:18 - 00294912 ____A C:\Users\Michael\Downloads\minutor.msi
2012-04-17 03:12 - 2012-05-31 03:24 - 00055296 ____N C:\Users\Michael\Downloads\mcedit.exe
2012-04-16 10:32 - 2009-07-14 00:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-15 14:52 - 2012-03-25 07:45 - 00003584 ____A C:\Users\Michael\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-15 14:52 - 2012-03-25 07:45 - 00003584 ____A C:\Users\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-15 14:52 - 2012-03-25 07:45 - 00003584 ____A C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-15 09:14 - 2012-04-15 09:14 - 00000564 ____A C:\Users\Michael\Desktop\Fraps.lnk
2012-04-14 07:43 - 2012-04-14 07:43 - 00001924 ____A C:\Users\Public\Desktop\DOSBox 0.74.lnk
2012-04-14 07:43 - 2012-04-14 07:43 - 00001924 ____A C:\Users\All Users\Desktop\DOSBox 0.74.lnk
2012-04-12 09:47 - 2009-07-13 21:34 - 00000510 ____A C:\Windows\win.ini
2012-04-07 07:31 - 2012-06-14 06:39 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-14 06:39 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\1afb2d56
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\55490ac4
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 4002.05 MB
Available physical RAM: 3073.63 MB
Total Pagefile: 4000.25 MB
Available Pagefile: 3062.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:194.87 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7677 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Recovery NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7676 MB 28 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7676 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-29 04:15

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 05 July 2012 - 02:20 PM

Hello Dovahkiin,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
HKLM-x32\...\Run: [] [x]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



2.
We need to find a replacement file on your system

Please do the following:


[*]boot into System Recovery Options and run FRST64.

[*]Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe


Click Search button and post the log it makes to your reply.

Edited by fireman4it, 05 July 2012 - 02:23 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Dovahkiin

Dovahkiin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 July 2012 - 09:13 AM

Thanks

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-06 17:00:05 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} moved successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

==== End of Fixlog ====

Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-06 17:00:42
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 06 July 2012 - 05:00 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Dovahkiin

Dovahkiin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 07 July 2012 - 04:51 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-07 13:50:30 Run:2
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 07 July 2012 - 09:29 AM

Hello,

Now that we have replaced that bad file lets go ahead and run some tools in normal mode. Please post their logs along with how your machine is running.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your computer running now?

Edited by fireman4it, 07 July 2012 - 09:30 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Dovahkiin

Dovahkiin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 08 July 2012 - 05:07 AM

13:31:48.0473 6996 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:31:48.0566 6996 ============================================================
13:31:48.0566 6996 Current date / time: 2012/07/08 13:31:48.0566
13:31:48.0566 6996 SystemInfo:
13:31:48.0566 6996
13:31:48.0566 6996 OS Version: 6.1.7601 ServicePack: 1.0
13:31:48.0566 6996 Product type: Workstation
13:31:48.0566 6996 ComputerName: MICHAEL-PC
13:31:48.0566 6996 UserName: Michael
13:31:48.0566 6996 Windows directory: C:\windows
13:31:48.0566 6996 System windows directory: C:\windows
13:31:48.0566 6996 Running under WOW64
13:31:48.0566 6996 Processor architecture: Intel x64
13:31:48.0566 6996 Number of processors: 4
13:31:48.0566 6996 Page size: 0x1000
13:31:48.0566 6996 Boot type: Normal boot
13:31:48.0566 6996 ============================================================
13:31:51.0312 6996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:31:51.0327 6996 ============================================================
13:31:51.0327 6996 \Device\Harddisk0\DR0:
13:31:51.0327 6996 MBR partitions:
13:31:51.0327 6996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
13:31:51.0327 6996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
13:31:51.0327 6996 ============================================================
13:31:51.0452 6996 C: <-> \Device\Harddisk0\DR0\Partition1
13:31:51.0452 6996 ============================================================
13:31:51.0452 6996 Initialize success
13:31:51.0452 6996 ============================================================
13:31:54.0713 4060 ============================================================
13:31:54.0713 4060 Scan started
13:31:54.0713 4060 Mode: Manual;
13:31:54.0713 4060 ============================================================
10:32:02.0811 4060 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:32:02.0858 4060 1394ohci - ok
10:32:03.0310 4060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:32:03.0373 4060 ACPI - ok
10:32:03.0560 4060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:32:03.0575 4060 AcpiPmi - ok
10:32:05.0011 4060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
10:32:05.0057 4060 adp94xx - ok
10:32:05.0978 4060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
10:32:06.0025 4060 adpahci - ok
10:32:06.0477 4060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
10:32:06.0539 4060 adpu320 - ok
10:32:06.0649 4060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:32:06.0649 4060 AeLookupSvc - ok
10:32:07.0007 4060 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:32:07.0007 4060 AESTFilters - ok
10:32:08.0099 4060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:32:08.0349 4060 AFD - ok
10:32:08.0536 4060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:32:08.0661 4060 agp440 - ok
10:32:08.0957 4060 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:32:09.0020 4060 ALG - ok
10:32:09.0067 4060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:32:09.0269 4060 aliide - ok
10:32:09.0301 4060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:32:09.0316 4060 amdide - ok
10:32:09.0472 4060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
10:32:09.0503 4060 AmdK8 - ok
10:32:09.0706 4060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
10:32:09.0831 4060 AmdPPM - ok
10:32:10.0065 4060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:32:10.0112 4060 amdsata - ok
10:32:10.0502 4060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
10:32:10.0611 4060 amdsbs - ok
10:32:10.0751 4060 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:32:10.0798 4060 amdxata - ok
10:32:11.0516 4060 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys
10:32:11.0656 4060 AMPPAL - ok
10:32:11.0734 4060 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys
10:32:11.0750 4060 AMPPALP - ok
10:32:13.0840 4060 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:32:13.0903 4060 AMPPALR3 - ok
10:32:15.0057 4060 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
10:32:15.0104 4060 ApfiltrService - ok
10:32:15.0291 4060 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:32:15.0322 4060 AppID - ok
10:32:15.0416 4060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:32:15.0463 4060 AppIDSvc - ok
10:32:15.0665 4060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:32:15.0681 4060 Appinfo - ok
10:32:16.0289 4060 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:32:16.0399 4060 Apple Mobile Device - ok
10:32:16.0601 4060 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
10:32:16.0664 4060 arc - ok
10:32:16.0835 4060 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
10:32:16.0882 4060 arcsas - ok
10:32:17.0537 4060 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:32:17.0709 4060 aspnet_state - ok
10:32:17.0818 4060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:32:17.0849 4060 AsyncMac - ok
10:32:17.0990 4060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:32:18.0005 4060 atapi - ok
10:32:18.0629 4060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:32:18.0645 4060 AudioEndpointBuilder - ok
10:32:18.0661 4060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:32:18.0661 4060 AudioSrv - ok
10:32:18.0910 4060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:32:18.0926 4060 AxInstSV - ok
10:32:19.0113 4060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
10:32:19.0207 4060 b06bdrv - ok
10:32:19.0612 4060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:32:19.0768 4060 b57nd60a - ok
10:32:19.0971 4060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:32:19.0987 4060 BDESVC - ok
10:32:20.0002 4060 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:32:20.0018 4060 Beep - ok
10:32:20.0813 4060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
10:32:20.0829 4060 BITS - ok
10:32:20.0969 4060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
10:32:20.0969 4060 blbdrive - ok
10:32:21.0515 4060 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:32:21.0515 4060 Bluetooth Device Monitor - ok
10:32:21.0609 4060 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:32:21.0609 4060 Bluetooth Media Service - ok
10:32:21.0765 4060 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:32:21.0765 4060 Bluetooth OBEX Service - ok
10:32:22.0124 4060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:32:22.0124 4060 Bonjour Service - ok
10:32:22.0389 4060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:32:22.0389 4060 bowser - ok
10:32:22.0420 4060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
10:32:22.0420 4060 BrFiltLo - ok
10:32:22.0436 4060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
10:32:22.0436 4060 BrFiltUp - ok
10:32:22.0483 4060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:32:22.0483 4060 Browser - ok
10:32:22.0514 4060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:32:22.0529 4060 Brserid - ok
10:32:22.0545 4060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:32:22.0561 4060 BrSerWdm - ok
10:32:22.0561 4060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:32:22.0576 4060 BrUsbMdm - ok
10:32:22.0576 4060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:32:22.0576 4060 BrUsbSer - ok
10:32:22.0654 4060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
10:32:22.0654 4060 BthEnum - ok
10:32:22.0670 4060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
10:32:22.0685 4060 BTHMODEM - ok
10:32:22.0701 4060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
10:32:22.0717 4060 BthPan - ok
10:32:23.0091 4060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
10:32:23.0200 4060 BTHPORT - ok
10:32:23.0372 4060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:32:23.0372 4060 bthserv - ok
10:32:23.0575 4060 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:32:23.0590 4060 BTHSSecurityMgr - ok
10:32:23.0606 4060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
10:32:23.0621 4060 BTHUSB - ok
10:32:23.0653 4060 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
10:32:23.0668 4060 btmaudio - ok
10:32:23.0684 4060 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
10:32:23.0684 4060 btmaux - ok
10:32:23.0715 4060 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys
10:32:23.0731 4060 btmhsf - ok
10:32:23.0902 4060 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:32:23.0996 4060 cdfs - ok
10:32:24.0027 4060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
10:32:24.0043 4060 cdrom - ok
10:32:24.0074 4060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:32:24.0089 4060 CertPropSvc - ok
10:32:24.0105 4060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
10:32:24.0121 4060 circlass - ok
10:32:24.0355 4060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:32:24.0370 4060 CLFS - ok
10:32:24.0542 4060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:32:24.0573 4060 clr_optimization_v2.0.50727_32 - ok
10:32:24.0807 4060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:32:24.0823 4060 clr_optimization_v2.0.50727_64 - ok
10:32:24.0979 4060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:32:25.0010 4060 clr_optimization_v4.0.30319_32 - ok
10:32:25.0057 4060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:32:25.0166 4060 clr_optimization_v4.0.30319_64 - ok
10:32:25.0197 4060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
10:32:25.0197 4060 CmBatt - ok
10:32:25.0228 4060 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:32:25.0228 4060 cmdide - ok
10:32:25.0369 4060 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:32:25.0384 4060 CNG - ok
10:32:25.0415 4060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
10:32:25.0415 4060 Compbatt - ok
10:32:25.0462 4060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
10:32:25.0462 4060 CompositeBus - ok
10:32:25.0618 4060 COMSysApp - ok
10:32:25.0696 4060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
10:32:25.0712 4060 crcdisk - ok
10:32:25.0993 4060 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
10:32:26.0039 4060 CryptSvc - ok
10:32:26.0242 4060 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
10:32:26.0273 4060 CtClsFlt - ok
10:32:26.0398 4060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:32:26.0414 4060 DcomLaunch - ok
10:32:26.0445 4060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:32:26.0476 4060 defragsvc - ok
10:32:26.0492 4060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:32:26.0507 4060 DfsC - ok
10:32:26.0617 4060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:32:26.0632 4060 Dhcp - ok
10:32:26.0663 4060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:32:26.0663 4060 discache - ok
10:32:26.0710 4060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
10:32:26.0710 4060 Disk - ok
10:32:26.0866 4060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:32:26.0866 4060 Dnscache - ok
10:32:26.0882 4060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:32:26.0913 4060 dot3svc - ok
10:32:26.0929 4060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:32:26.0944 4060 DPS - ok
10:32:27.0069 4060 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:32:27.0085 4060 drmkaud - ok
10:32:27.0194 4060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
10:32:27.0241 4060 DXGKrnl - ok
10:32:27.0256 4060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:32:27.0272 4060 EapHost - ok
10:32:27.0490 4060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
10:32:27.0584 4060 ebdrv - ok
10:32:27.0740 4060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:32:27.0755 4060 EFS - ok
10:32:28.0052 4060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:32:28.0161 4060 ehRecvr - ok
10:32:28.0255 4060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:32:28.0286 4060 ehSched - ok
10:32:28.0411 4060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
10:32:28.0442 4060 elxstor - ok
10:32:28.0457 4060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:32:28.0457 4060 ErrDev - ok
10:32:28.0504 4060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:32:28.0520 4060 EventSystem - ok
10:32:28.0801 4060 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:32:28.0863 4060 EvtEng - ok
10:32:29.0331 4060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:32:29.0425 4060 exfat - ok
10:32:29.0612 4060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:32:29.0627 4060 fastfat - ok
10:32:29.0768 4060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:32:29.0783 4060 Fax - ok
10:32:29.0799 4060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
10:32:29.0815 4060 fdc - ok
10:32:29.0861 4060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:32:29.0861 4060 fdPHost - ok
10:32:29.0908 4060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:32:29.0908 4060 FDResPub - ok
10:32:29.0939 4060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:32:29.0939 4060 FileInfo - ok
10:32:29.0971 4060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:32:29.0986 4060 Filetrace - ok
10:32:30.0033 4060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
10:32:30.0049 4060 flpydisk - ok
10:32:30.0095 4060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:32:30.0111 4060 FltMgr - ok
10:32:30.0189 4060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:32:30.0220 4060 FontCache - ok
10:32:30.0392 4060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:32:30.0392 4060 FontCache3.0.0.0 - ok
10:32:30.0657 4060 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:32:30.0673 4060 FsDepends - ok
10:32:30.0782 4060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:32:30.0782 4060 Fs_Rec - ok
10:32:30.0891 4060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:32:30.0891 4060 fvevol - ok
10:32:31.0094 4060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
10:32:31.0156 4060 gagp30kx - ok
10:32:31.0187 4060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:32:31.0203 4060 GEARAspiWDM - ok
10:32:31.0265 4060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:32:31.0297 4060 gpsvc - ok
10:32:31.0811 4060 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:32:31.0811 4060 gupdate - ok
10:32:31.0827 4060 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:32:31.0843 4060 gupdatem - ok
10:32:31.0983 4060 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
10:32:31.0999 4060 hamachi - ok
10:32:32.0279 4060 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
10:32:32.0342 4060 Hamachi2Svc - ok
10:32:32.0498 4060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:32:32.0513 4060 hcw85cir - ok
10:32:32.0716 4060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:32:32.0732 4060 HdAudAddService - ok
10:32:32.0872 4060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
10:32:32.0872 4060 HDAudBus - ok
10:32:32.0888 4060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
10:32:32.0888 4060 HidBatt - ok
10:32:32.0919 4060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
10:32:32.0919 4060 HidBth - ok
10:32:33.0013 4060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
10:32:33.0028 4060 HidIr - ok
10:32:33.0044 4060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
10:32:33.0044 4060 hidserv - ok
10:32:33.0106 4060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
10:32:33.0106 4060 HidUsb - ok
10:32:33.0137 4060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:32:33.0169 4060 hkmsvc - ok
10:32:33.0200 4060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:32:33.0215 4060 HomeGroupListener - ok
10:32:33.0340 4060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:32:33.0356 4060 HomeGroupProvider - ok
10:32:33.0371 4060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:32:33.0371 4060 HpSAMD - ok
10:32:33.0496 4060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:32:33.0512 4060 HTTP - ok
10:32:33.0527 4060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:32:33.0543 4060 hwpolicy - ok
10:32:33.0590 4060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
10:32:33.0605 4060 i8042prt - ok
10:32:33.0808 4060 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
10:32:33.0808 4060 iaStor - ok
10:32:34.0183 4060 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:32:34.0183 4060 IAStorDataMgrSvc - ok
10:32:34.0370 4060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:32:34.0448 4060 iaStorV - ok
10:32:34.0510 4060 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys
10:32:34.0526 4060 iBtFltCoex - ok
10:32:34.0729 4060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:32:34.0775 4060 idsvc - ok
10:32:35.0446 4060 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
10:32:35.0774 4060 igfx - ok
10:32:36.0055 4060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
10:32:36.0055 4060 iirsp - ok
10:32:36.0320 4060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:32:36.0445 4060 IKEEXT - ok
10:32:36.0491 4060 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
10:32:36.0507 4060 intaud_WaveExtensible - ok
10:32:36.0679 4060 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
10:32:36.0710 4060 IntcDAud - ok
10:32:36.0741 4060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:32:36.0757 4060 intelide - ok
10:32:36.0881 4060 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:32:36.0881 4060 intelppm - ok
10:32:36.0928 4060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:32:36.0928 4060 IPBusEnum - ok
10:32:36.0944 4060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:32:36.0959 4060 IpFilterDriver - ok
10:32:36.0975 4060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:32:36.0991 4060 IPMIDRV - ok
10:32:37.0022 4060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:32:37.0037 4060 IPNAT - ok
10:32:37.0240 4060 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:32:37.0271 4060 iPod Service - ok
10:32:37.0334 4060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:32:37.0349 4060 IRENUM - ok
10:32:37.0365 4060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:32:37.0381 4060 isapnp - ok
10:32:37.0412 4060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:32:37.0443 4060 iScsiPrt - ok
10:32:37.0459 4060 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
10:32:37.0474 4060 iwdbus - ok
10:32:37.0568 4060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
10:32:37.0583 4060 kbdclass - ok
10:32:37.0615 4060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
10:32:37.0630 4060 kbdhid - ok
10:32:37.0833 4060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:32:37.0833 4060 KeyIso - ok
10:32:37.0895 4060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:32:37.0895 4060 KSecDD - ok
10:32:38.0129 4060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:32:38.0129 4060 KSecPkg - ok
10:32:38.0254 4060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:32:38.0270 4060 ksthunk - ok
10:32:38.0348 4060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:32:38.0441 4060 KtmRm - ok
10:32:38.0488 4060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
10:32:38.0488 4060 LanmanServer - ok
10:32:38.0504 4060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:32:38.0519 4060 LanmanWorkstation - ok
10:32:38.0691 4060 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:32:38.0738 4060 LBTServ - ok
10:32:38.0769 4060 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\windows\system32\DRIVERS\LEqdUsb.Sys
10:32:38.0769 4060 LEqdUsb - ok
10:32:38.0831 4060 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\windows\system32\DRIVERS\LHidEqd.Sys
10:32:38.0847 4060 LHidEqd - ok
10:32:38.0863 4060 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\windows\system32\DRIVERS\LHidFilt.Sys
10:32:38.0878 4060 LHidFilt - ok
10:32:38.0925 4060 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:32:38.0925 4060 lltdio - ok
10:32:38.0972 4060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:32:38.0987 4060 lltdsvc - ok
10:32:39.0128 4060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:32:39.0128 4060 lmhosts - ok
10:32:39.0190 4060 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\windows\system32\DRIVERS\LMouFilt.Sys
10:32:39.0206 4060 LMouFilt - ok
10:32:39.0315 4060 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:32:39.0315 4060 LMS - ok
10:32:39.0346 4060 lnjmgsdy - ok
10:32:39.0424 4060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
10:32:39.0440 4060 LSI_FC - ok
10:32:39.0471 4060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
10:32:39.0487 4060 LSI_SAS - ok
10:32:39.0487 4060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
10:32:39.0502 4060 LSI_SAS2 - ok
10:32:39.0518 4060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
10:32:39.0549 4060 LSI_SCSI - ok
10:32:39.0580 4060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:32:39.0596 4060 luafv - ok
10:32:39.0674 4060 McAWFwk - ok
10:32:39.0736 4060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:32:39.0752 4060 Mcx2Svc - ok
10:32:39.0830 4060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
10:32:39.0830 4060 megasas - ok
10:32:39.0877 4060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
10:32:39.0908 4060 MegaSR - ok
10:32:39.0939 4060 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
10:32:39.0955 4060 MEIx64 - ok
10:32:40.0095 4060 Microsoft SharePoint Workspace Audit Service - ok
10:32:40.0126 4060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:32:40.0142 4060 MMCSS - ok
10:32:40.0157 4060 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:32:40.0173 4060 Modem - ok
10:32:40.0267 4060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:32:40.0267 4060 monitor - ok
10:32:40.0329 4060 MotioninJoyXFilter (c030f9e822a057c1a7a9bb4ea3e8877e) C:\windows\system32\DRIVERS\MijXfilt.sys
10:32:40.0345 4060 MotioninJoyXFilter - ok
10:32:40.0360 4060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
10:32:40.0376 4060 mouclass - ok
10:32:40.0391 4060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:32:40.0391 4060 mouhid - ok
10:32:40.0407 4060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:32:40.0407 4060 mountmgr - ok
10:32:40.0501 4060 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
10:32:40.0516 4060 MpFilter - ok
10:32:40.0547 4060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:32:40.0563 4060 mpio - ok
10:32:40.0579 4060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:32:40.0579 4060 mpsdrv - ok
10:32:40.0610 4060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:32:40.0610 4060 MRxDAV - ok
10:32:40.0657 4060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:32:40.0657 4060 mrxsmb - ok
10:32:40.0750 4060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:32:40.0844 4060 mrxsmb10 - ok
10:32:40.0969 4060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:32:40.0969 4060 mrxsmb20 - ok
10:32:41.0047 4060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
10:32:41.0047 4060 msahci - ok
10:32:41.0125 4060 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:32:41.0156 4060 msdsm - ok
10:32:41.0405 4060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:32:41.0437 4060 MSDTC - ok
10:32:41.0530 4060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:32:41.0546 4060 Msfs - ok
10:32:41.0546 4060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:32:41.0561 4060 mshidkmdf - ok
10:32:41.0577 4060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:32:41.0577 4060 msisadrv - ok
10:32:41.0608 4060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:32:41.0624 4060 MSiSCSI - ok
10:32:41.0639 4060 msiserver - ok
10:32:41.0655 4060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:32:41.0671 4060 MSKSSRV - ok
10:32:41.0905 4060 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:32:41.0905 4060 MsMpSvc - ok
10:32:41.0936 4060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:32:41.0936 4060 MSPCLOCK - ok
10:32:41.0967 4060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:32:41.0967 4060 MSPQM - ok
10:32:41.0998 4060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:32:42.0014 4060 MsRPC - ok
10:32:42.0029 4060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
10:32:42.0029 4060 mssmbios - ok
10:32:42.0045 4060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:32:42.0045 4060 MSTEE - ok
10:32:42.0076 4060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
10:32:42.0076 4060 MTConfig - ok
10:32:42.0201 4060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:32:42.0217 4060 Mup - ok
10:32:42.0466 4060 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:32:42.0560 4060 MyWiFiDHCPDNS - ok
10:32:42.0794 4060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:32:42.0809 4060 napagent - ok
10:32:42.0841 4060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:32:42.0856 4060 NativeWifiP - ok
10:32:42.0997 4060 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
10:32:43.0012 4060 NAUpdate - ok
10:32:43.0106 4060 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
10:32:43.0121 4060 NDIS - ok
10:32:43.0246 4060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:32:43.0277 4060 NdisCap - ok
10:32:43.0355 4060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:32:43.0371 4060 NdisTapi - ok
10:32:43.0387 4060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:32:43.0387 4060 Ndisuio - ok
10:32:43.0402 4060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:32:43.0418 4060 NdisWan - ok
10:32:43.0433 4060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:32:43.0449 4060 NDProxy - ok
10:32:43.0465 4060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:32:43.0480 4060 NetBIOS - ok
10:32:43.0511 4060 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:32:43.0527 4060 NetBT - ok
10:32:43.0621 4060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:32:43.0636 4060 Netlogon - ok
10:32:43.0745 4060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:32:43.0761 4060 Netman - ok
10:32:43.0917 4060 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:32:43.0948 4060 NetMsmqActivator - ok
10:32:43.0964 4060 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:32:43.0964 4060 NetPipeActivator - ok
10:32:43.0995 4060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:32:44.0026 4060 netprofm - ok
10:32:44.0026 4060 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:32:44.0026 4060 NetTcpActivator - ok
10:32:44.0026 4060 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:32:44.0026 4060 NetTcpPortSharing - ok
10:32:44.0978 4060 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys
10:32:45.0227 4060 NETwNs64 - ok
10:32:45.0461 4060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
10:32:45.0477 4060 nfrd960 - ok
10:32:45.0508 4060 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
10:32:45.0524 4060 NisDrv - ok
10:32:45.0664 4060 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:32:45.0695 4060 NisSrv - ok
10:32:45.0773 4060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:32:45.0789 4060 NlaSvc - ok
10:32:46.0163 4060 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
10:32:46.0210 4060 NOBU - ok
10:32:46.0522 4060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:32:46.0553 4060 Npfs - ok
10:32:46.0600 4060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:32:46.0600 4060 nsi - ok
10:32:46.0694 4060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:32:46.0709 4060 nsiproxy - ok
10:32:46.0803 4060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:32:46.0834 4060 Ntfs - ok
10:32:47.0053 4060 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:32:47.0068 4060 Null - ok
10:32:47.0099 4060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:32:47.0115 4060 nvraid - ok
10:32:47.0240 4060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:32:47.0255 4060 nvstor - ok
10:32:47.0349 4060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:32:47.0365 4060 nv_agp - ok
10:32:47.0443 4060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:32:47.0458 4060 ohci1394 - ok
10:32:47.0536 4060 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:32:47.0567 4060 ose - ok
10:32:48.0082 4060 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:32:49.0065 4060 osppsvc - ok
10:32:49.0517 4060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:32:49.0549 4060 p2pimsvc - ok
10:32:49.0580 4060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:32:49.0611 4060 p2psvc - ok
10:32:49.0658 4060 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
10:32:49.0673 4060 Parport - ok
10:32:49.0751 4060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:32:49.0751 4060 partmgr - ok
10:32:49.0783 4060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:32:49.0783 4060 PcaSvc - ok
10:32:49.0798 4060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:32:49.0814 4060 pci - ok
10:32:49.0829 4060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
10:32:49.0829 4060 pciide - ok
10:32:49.0861 4060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
10:32:49.0876 4060 pcmcia - ok
10:32:49.0892 4060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:32:49.0892 4060 pcw - ok
10:32:50.0063 4060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:32:50.0079 4060 PEAUTH - ok
10:32:50.0219 4060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:32:50.0235 4060 PerfHost - ok
10:32:50.0500 4060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:32:50.0563 4060 pla - ok
10:32:50.0672 4060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:32:50.0719 4060 PlugPlay - ok
10:32:50.0734 4060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:32:50.0750 4060 PNRPAutoReg - ok
10:32:50.0765 4060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:32:50.0781 4060 PNRPsvc - ok
10:32:50.0875 4060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:32:50.0906 4060 PolicyAgent - ok
10:32:50.0953 4060 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll
10:32:50.0968 4060 Power - ok
10:32:51.0093 4060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:32:51.0093 4060 PptpMiniport - ok
10:32:51.0109 4060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
10:32:51.0124 4060 Processor - ok
10:32:51.0171 4060 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
10:32:51.0171 4060 ProfSvc - ok
10:32:51.0187 4060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:32:51.0187 4060 ProtectedStorage - ok
10:32:51.0218 4060 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:32:51.0233 4060 Psched - ok
10:32:51.0327 4060 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
10:32:51.0327 4060 PxHlpa64 - ok
10:32:51.0405 4060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
10:32:51.0467 4060 ql2300 - ok
10:32:51.0873 4060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
10:32:51.0889 4060 ql40xx - ok
10:32:51.0935 4060 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:32:52.0045 4060 QWAVE - ok
10:32:52.0107 4060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:32:52.0123 4060 QWAVEdrv - ok
10:32:52.0201 4060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:32:52.0216 4060 RasAcd - ok
10:32:52.0435 4060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:32:52.0466 4060 RasAgileVpn - ok
10:32:52.0606 4060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:32:52.0700 4060 RasAuto - ok
10:32:52.0731 4060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:32:52.0747 4060 Rasl2tp - ok
10:32:52.0840 4060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:32:52.0856 4060 RasMan - ok
10:32:52.0887 4060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:32:52.0903 4060 RasPppoe - ok
10:32:52.0918 4060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:32:52.0934 4060 RasSstp - ok
10:32:53.0027 4060 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:32:53.0043 4060 rdbss - ok
10:32:53.0059 4060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
10:32:53.0059 4060 rdpbus - ok
10:32:53.0074 4060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:32:53.0090 4060 RDPCDD - ok
10:32:53.0090 4060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:32:53.0105 4060 RDPENCDD - ok
10:32:53.0105 4060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:32:53.0121 4060 RDPREFMP - ok
10:32:53.0183 4060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
10:32:53.0199 4060 RDPWD - ok
10:32:53.0277 4060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:32:53.0293 4060 rdyboost - ok
10:32:53.0417 4060 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:32:53.0449 4060 RegSrvc - ok
10:32:53.0527 4060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:32:53.0542 4060 RemoteAccess - ok
10:32:53.0558 4060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:32:53.0573 4060 RemoteRegistry - ok
10:32:53.0714 4060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
10:32:53.0714 4060 RFCOMM - ok
10:32:54.0119 4060 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:32:54.0229 4060 RoxMediaDB12OEM - ok
10:32:54.0291 4060 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:32:54.0291 4060 RoxWatch12 - ok
10:32:54.0431 4060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:32:54.0447 4060 RpcEptMapper - ok
10:32:54.0478 4060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:32:54.0478 4060 RpcLocator - ok
10:32:54.0525 4060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:32:54.0525 4060 RpcSs - ok
10:32:54.0634 4060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:32:54.0634 4060 rspndr - ok
10:32:54.0681 4060 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
10:32:54.0697 4060 RSUSBSTOR - ok
10:32:54.0853 4060 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
10:32:54.0884 4060 RTL8167 - ok
10:32:54.0915 4060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:32:54.0915 4060 SamSs - ok
10:32:54.0946 4060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:32:54.0962 4060 sbp2port - ok
10:32:55.0024 4060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:32:55.0055 4060 SCardSvr - ok
10:32:55.0071 4060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:32:55.0071 4060 scfilter - ok
10:32:55.0133 4060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:32:55.0165 4060 Schedule - ok
10:32:55.0352 4060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:32:55.0352 4060 SCPolicySvc - ok
10:32:55.0445 4060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:32:55.0492 4060 SDRSVC - ok
10:32:55.0539 4060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:32:55.0539 4060 secdrv - ok
10:32:55.0555 4060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:32:55.0570 4060 seclogon - ok
10:32:55.0726 4060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
10:32:55.0726 4060 SENS - ok
10:32:55.0757 4060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:32:55.0773 4060 SensrSvc - ok
10:32:55.0851 4060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
10:32:55.0882 4060 Serenum - ok
10:32:55.0882 4060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
10:32:55.0898 4060 Serial - ok
10:32:55.0913 4060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
10:32:55.0913 4060 sermouse - ok
10:32:55.0945 4060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:32:55.0960 4060 SessionEnv - ok
10:32:55.0960 4060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:32:55.0976 4060 sffdisk - ok
10:32:55.0991 4060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:32:56.0007 4060 sffp_mmc - ok
10:32:56.0007 4060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:32:56.0023 4060 sffp_sd - ok
10:32:56.0179 4060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
10:32:56.0210 4060 sfloppy - ok
10:32:56.0631 4060 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:32:56.0647 4060 SftService - ok
10:32:56.0709 4060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:32:56.0725 4060 ShellHWDetection - ok
10:32:56.0756 4060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
10:32:56.0771 4060 SiSRaid2 - ok
10:32:56.0787 4060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
10:32:56.0803 4060 SiSRaid4 - ok
10:32:56.0927 4060 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:32:56.0927 4060 SkypeUpdate - ok
10:32:56.0974 4060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:32:56.0990 4060 Smb - ok
10:32:57.0021 4060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:32:57.0037 4060 SNMPTRAP - ok
10:32:57.0052 4060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:32:57.0052 4060 spldr - ok
10:32:57.0146 4060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:32:57.0161 4060 Spooler - ok
10:32:57.0302 4060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:32:57.0317 4060 sppsvc - ok
10:32:57.0520 4060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:32:57.0536 4060 sppuinotify - ok
10:32:57.0583 4060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:32:57.0614 4060 srv - ok
10:32:57.0707 4060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:32:57.0723 4060 srv2 - ok
10:32:57.0739 4060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:32:57.0739 4060 srvnet - ok
10:32:57.0770 4060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:32:57.0770 4060 SSDPSRV - ok
10:32:57.0785 4060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:32:57.0801 4060 SstpSvc - ok
10:32:57.0973 4060 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
10:32:58.0019 4060 STacSV - ok
10:32:58.0129 4060 Steam Client Service - ok
10:32:58.0160 4060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
10:32:58.0160 4060 stexstor - ok
10:32:58.0222 4060 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
10:32:58.0253 4060 STHDA - ok
10:32:58.0285 4060 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
10:32:58.0300 4060 StillCam - ok
10:32:58.0456 4060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:32:58.0519 4060 stisvc - ok
10:32:58.0550 4060 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:32:58.0565 4060 stllssvr - ok
10:32:58.0597 4060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
10:32:58.0612 4060 swenum - ok
10:32:58.0753 4060 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:32:58.0768 4060 SwitchBoard - ok
10:32:58.0815 4060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:32:58.0846 4060 swprv - ok
10:32:59.0002 4060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:32:59.0049 4060 SysMain - ok
10:32:59.0314 4060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:32:59.0330 4060 TabletInputService - ok
10:32:59.0361 4060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:32:59.0392 4060 TapiSrv - ok
10:32:59.0455 4060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:32:59.0470 4060 TBS - ok
10:33:00.0172 4060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:33:00.0219 4060 Tcpip - ok
10:33:00.0609 4060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:33:00.0640 4060 TCPIP6 - ok
10:33:00.0812 4060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:33:00.0812 4060 tcpipreg - ok
10:33:00.0827 4060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:33:00.0827 4060 TDPIPE - ok
10:33:00.0874 4060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:33:00.0874 4060 TDTCP - ok
10:33:00.0890 4060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:33:00.0905 4060 tdx - ok
10:33:00.0921 4060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
10:33:00.0983 4060 TermDD - ok
10:33:01.0046 4060 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:33:01.0093 4060 TermService - ok
10:33:01.0108 4060 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:33:01.0108 4060 Themes - ok
10:33:01.0249 4060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:33:01.0264 4060 THREADORDER - ok
10:33:01.0311 4060 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
10:33:01.0327 4060 tihub3 - ok
10:33:01.0373 4060 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
10:33:01.0405 4060 tixhci - ok
10:33:01.0514 4060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:33:01.0529 4060 TrkWks - ok
10:33:01.0639 4060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:33:01.0654 4060 TrustedInstaller - ok
10:33:01.0685 4060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:33:01.0717 4060 tssecsrv - ok
10:33:02.0013 4060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:33:02.0122 4060 TsUsbFlt - ok
10:33:02.0325 4060 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
10:33:02.0341 4060 TsUsbGD - ok
10:33:02.0450 4060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:33:02.0465 4060 tunnel - ok
10:33:02.0497 4060 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
10:33:02.0497 4060 TurboB - ok
10:33:02.0543 4060 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:33:02.0559 4060 TurboBoost - ok
10:33:02.0637 4060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
10:33:02.0653 4060 uagp35 - ok
10:33:02.0668 4060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:33:02.0699 4060 udfs - ok
10:33:02.0731 4060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:33:02.0746 4060 UI0Detect - ok
10:33:02.0762 4060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:33:02.0777 4060 uliagpkx - ok
10:33:02.0793 4060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
10:33:02.0809 4060 umbus - ok
10:33:02.0809 4060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
10:33:02.0809 4060 UmPass - ok
10:33:03.0136 4060 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:33:03.0199 4060 UNS - ok
10:33:03.0355 4060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:33:03.0386 4060 upnphost - ok
10:33:03.0479 4060 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
10:33:03.0479 4060 USBAAPL64 - ok
10:33:03.0526 4060 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
10:33:03.0542 4060 usbaudio - ok
10:33:03.0573 4060 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
10:33:03.0589 4060 usbccgp - ok
10:33:03.0667 4060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:33:03.0682 4060 usbcir - ok
10:33:03.0698 4060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
10:33:03.0698 4060 usbehci - ok
10:33:03.0745 4060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
10:33:03.0776 4060 usbhub - ok
10:33:03.0791 4060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:33:03.0807 4060 usbohci - ok
10:33:03.0823 4060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
10:33:03.0823 4060 usbprint - ok
10:33:03.0885 4060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:33:03.0901 4060 USBSTOR - ok
10:33:03.0901 4060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
10:33:03.0916 4060 usbuhci - ok
10:33:03.0947 4060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
10:33:03.0963 4060 usbvideo - ok
10:33:03.0979 4060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:33:03.0994 4060 UxSms - ok
10:33:04.0010 4060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:33:04.0010 4060 VaultSvc - ok
10:33:04.0119 4060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:33:04.0119 4060 vdrvroot - ok
10:33:04.0150 4060 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:33:04.0166 4060 vds - ok
10:33:04.0181 4060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:33:04.0197 4060 vga - ok
10:33:04.0197 4060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:33:04.0213 4060 VgaSave - ok
10:33:04.0244 4060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:33:04.0259 4060 vhdmp - ok
10:33:04.0306 4060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:33:04.0322 4060 viaide - ok
10:33:04.0525 4060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:33:04.0618 4060 volmgr - ok
10:33:04.0837 4060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:33:04.0852 4060 volmgrx - ok
10:33:04.0993 4060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
10:33:05.0008 4060 volsnap - ok
10:33:05.0149 4060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
10:33:05.0180 4060 vsmraid - ok
10:33:05.0258 4060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:33:05.0336 4060 VSS - ok
10:33:05.0476 4060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:33:05.0476 4060 vwifibus - ok
10:33:05.0507 4060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:33:05.0507 4060 vwififlt - ok
10:33:05.0523 4060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
10:33:05.0539 4060 vwifimp - ok
10:33:05.0632 4060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:33:05.0648 4060 W32Time - ok
10:33:05.0679 4060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
10:33:05.0695 4060 WacomPen - ok
10:33:05.0726 4060 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:33:05.0741 4060 WANARP - ok
10:33:05.0741 4060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:33:05.0741 4060 Wanarpv6 - ok
10:33:05.0929 4060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
10:33:06.0303 4060 WatAdminSvc - ok
10:33:06.0599 4060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:33:06.0724 4060 wbengine - ok
10:33:07.0239 4060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:33:07.0426 4060 WbioSrvc - ok
10:33:07.0535 4060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:33:07.0551 4060 wcncsvc - ok
10:33:07.0567 4060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:33:07.0598 4060 WcsPlugInService - ok
10:33:07.0629 4060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
10:33:07.0645 4060 Wd - ok
10:33:07.0801 4060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:33:07.0816 4060 Wdf01000 - ok
10:33:07.0832 4060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:33:07.0832 4060 WdiServiceHost - ok
10:33:07.0832 4060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:33:07.0847 4060 WdiSystemHost - ok
10:33:07.0957 4060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:33:07.0988 4060 WebClient - ok
10:33:08.0019 4060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:33:08.0050 4060 Wecsvc - ok
10:33:08.0128 4060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:33:08.0159 4060 wercplsupport - ok
10:33:08.0237 4060 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:33:08.0253 4060 WerSvc - ok
10:33:08.0315 4060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:33:08.0315 4060 WfpLwf - ok
10:33:08.0347 4060 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
10:33:08.0362 4060 WimFltr - ok
10:33:08.0378 4060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:33:08.0393 4060 WIMMount - ok
10:33:08.0456 4060 WinHttpAutoProxySvc - ok
10:33:08.0581 4060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:33:08.0581 4060 Winmgmt - ok
10:33:08.0752 4060 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:33:08.0908 4060 WinRM - ok
10:33:09.0158 4060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
10:33:09.0173 4060 WinUsb - ok
10:33:09.0392 4060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:33:09.0407 4060 Wlansvc - ok
10:33:10.0203 4060 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:33:10.0250 4060 wlidsvc - ok
10:33:10.0499 4060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
10:33:10.0499 4060 WmiAcpi - ok
10:33:10.0562 4060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:33:10.0577 4060 wmiApSrv - ok
10:33:10.0593 4060 WMPNetworkSvc - ok
10:33:10.0624 4060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:33:10.0640 4060 WPCSvc - ok
10:33:10.0702 4060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:33:10.0702 4060 WPDBusEnum - ok
10:33:10.0733 4060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:33:10.0733 4060 ws2ifsl - ok
10:33:10.0780 4060 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
10:33:10.0796 4060 WSDPrintDevice - ok
10:33:10.0796 4060 WSearch - ok
10:33:11.0045 4060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
10:33:11.0092 4060 wuauserv - ok
10:33:11.0279 4060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:33:11.0295 4060 WudfPf - ok
10:33:11.0326 4060 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:33:11.0342 4060 WUDFRd - ok
10:33:11.0373 4060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:33:11.0373 4060 wudfsvc - ok
10:33:11.0467 4060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:33:11.0498 4060 WwanSvc - ok
10:33:11.0545 4060 xusb21 (9176c0822faa649e45121875be32f5d2) C:\windows\system32\DRIVERS\xusb21.sys
10:33:11.0560 4060 xusb21 - ok
10:33:11.0607 4060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:33:12.0028 4060 \Device\Harddisk0\DR0 - ok
10:33:12.0028 4060 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
10:33:12.0028 4060 \Device\Harddisk0\DR0\Partition0 - ok
10:33:12.0044 4060 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
10:33:12.0044 4060 \Device\Harddisk0\DR0\Partition1 - ok
10:33:12.0044 4060 ============================================================
10:33:12.0044 4060 Scan finished
10:33:12.0044 4060 ============================================================
10:33:12.0059 7036 Detected object count: 0
10:33:12.0059 7036 Actual detected object count: 0
10:33:39.0609 6312 Deinitialize success


ComboFix 12-07-07.04 - Michael 08/07/2012 10:43:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4002.2408 [GMT 1:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Michael\AppData\Local\TempDIR
c:\users\Michael\AppData\Local\TempDIR\BetterInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 09:55 . 2012-07-08 09:55 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E949D9B6-C061-4A43-9D47-AFF43EB51EAE}\offreg.dll
2012-07-08 09:54 . 2012-07-08 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 00:19 . 2012-07-06 00:19 -------- d-----w- C:\FRST
2012-07-05 17:12 . 2012-07-05 17:12 50392 ----a-w- c:\windows\system32\drivers\nkfepeql.sys
2012-07-05 17:12 . 2012-07-05 17:12 328704 ----a-w- c:\windows\system32\services.exe.D46079DD59368411
2012-07-05 17:10 . 2012-07-05 17:10 328704 ----a-w- c:\windows\system32\services.exe.C15616C898E03733
2012-07-05 17:07 . 2012-07-05 17:07 328704 ----a-w- c:\windows\system32\services.exe.1C0B10EE720EE904
2012-07-05 17:02 . 2012-07-05 17:02 328704 ----a-w- c:\windows\system32\services.exe.596FC0CA0DC96AA5
2012-07-05 16:58 . 2012-07-05 16:58 328704 ----a-w- c:\windows\system32\services.exe.430548ACF8393F99
2012-07-05 16:55 . 2012-07-05 16:55 328704 ----a-w- c:\windows\system32\services.exe.02F2DC6341416CED
2012-07-05 16:41 . 2012-07-05 16:41 328704 ----a-w- c:\windows\system32\services.exe.323656F4916338BB
2012-07-05 16:37 . 2012-07-05 16:37 328704 ----a-w- c:\windows\system32\services.exe.8035DFEFFEBC5880
2012-07-05 16:34 . 2012-07-05 16:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-05 16:31 . 2012-07-05 16:31 328704 ----a-w- c:\windows\system32\services.exe.E436048432878EEF
2012-07-05 16:25 . 2012-07-05 16:25 328704 ----a-w- c:\windows\system32\services.exe.5A2DA677FC66BC12
2012-07-05 16:18 . 2012-07-05 16:18 328704 ----a-w- c:\windows\system32\services.exe.37E2E7F58DFDE7AF
2012-07-05 16:14 . 2012-07-05 16:14 328704 ----a-w- c:\windows\system32\services.exe.20968F09C9BC2A33
2012-07-05 16:11 . 2012-07-05 16:11 328704 ----a-w- c:\windows\system32\services.exe.940AA3AFC58326D5
2012-07-05 16:05 . 2012-07-05 16:05 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ADD4D-5774-46BF-9AF1-C461E04FAB0F}\gapaengine.dll
2012-07-05 16:05 . 2012-05-30 20:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E949D9B6-C061-4A43-9D47-AFF43EB51EAE}\mpengine.dll
2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-05 16:04 . 2012-07-05 16:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-04 01:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-02 22:01 . 2012-07-02 22:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-02 16:42 . 2012-07-02 16:42 -------- d-----w- c:\users\Michael\AppData\Roaming\MotioninJoy
2012-07-02 16:42 . 2011-12-07 18:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2012-07-02 16:42 . 2012-07-02 16:42 -------- d-----w- c:\program files\MotioninJoy
2012-07-02 16:42 . 2012-05-12 11:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-02 16:42 . 2011-12-07 18:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-07-02 12:30 . 2012-07-02 12:30 -------- d-----w- c:\program files (x86)\PCSX2 0.9.8
2012-06-22 11:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:11 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:11 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:54 . 2012-06-21 08:54 -------- d-----w- c:\windows\en
2012-06-21 08:48 . 2012-06-21 08:48 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a95dcb1b1cd4f8a01\DSETUP.dll
2012-06-21 08:48 . 2012-06-21 08:48 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a95dcb1b1cd4f8a01\DXSETUP.exe
2012-06-21 08:48 . 2012-06-21 08:48 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a95dcb1b1cd4f8a01\dsetup32.dll
2012-06-21 08:48 . 2012-06-21 08:48 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a9a360a01cd4f8a02\MeshBetaRemover.exe
2012-06-19 11:51 . 2012-06-19 11:51 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-19 11:46 . 2012-06-19 11:50 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-19 11:30 . 2012-06-19 11:30 -------- d-----w- c:\users\Michael\Photos
2012-06-18 15:41 . 2012-06-18 15:41 -------- d-----w- c:\users\Michael\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-18 15:41 . 2012-06-18 15:41 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-06-18 15:41 . 2012-06-18 15:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-12 15:18 . 2012-06-12 15:24 -------- d-----w- c:\users\Michael\AppData\Roaming\PDFlite
2012-06-12 15:17 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\redmonnt.dll
2012-06-12 15:17 . 2005-03-12 00:07 46080 ----a-w- c:\windows\system32\unredmon.exe
2012-06-12 15:17 . 2012-06-12 15:17 -------- d-----w- c:\program files (x86)\PDFlite
2012-06-12 14:28 . 2012-06-12 14:32 -------- d-----w- c:\program files (x86)\VDMSound
2012-06-12 14:22 . 2012-06-12 19:33 -------- d-----w- c:\program files (x86)\Redguard
2012-06-12 14:22 . 1998-07-30 12:51 305152 ----a-w- c:\windows\IsUninst.exe
2012-06-12 14:22 . 2012-06-12 14:22 -------- d-----w- c:\windows\_ISTMP3.DIR
2012-06-12 14:22 . 2012-06-12 14:22 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-06-12 14:05 . 2012-06-12 14:09 -------- d-----w- c:\program files (x86)\Glidos
2012-06-12 13:32 . 2012-06-12 13:32 -------- d-----w- c:\program files (x86)\WAV MP3 Converter 4
2012-06-10 14:40 . 2012-06-10 14:40 -------- d-----w- c:\programdata\DVD Shrink
2012-06-10 14:40 . 2012-06-10 14:40 -------- d-----w- c:\program files (x86)\DVD Shrink
2012-06-08 22:46 . 2012-06-08 22:46 -------- d-----w- c:\users\Michael\AppData\Roaming\GameRanger
2012-06-08 22:45 . 2012-06-08 22:45 -------- d-----w- c:\users\Michael\AppData\Roaming\Doublefine
2012-06-08 22:25 . 2012-06-08 22:25 -------- d-----w- c:\program files (x86)\A.O.E.C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-29 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-02-10 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-1-26 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lnjmgsdy;lnjmgsdy;c:\windows\system32\drivers\lnjmgsdy.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-09-18 8604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 22:23]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 22:23]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626413248-2488451622-3878233316-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 19:22]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1626413248-2488451622-3878233316-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-08 11:02:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-08 10:02
.
Pre-Run: 228,920,238,080 bytes free
Post-Run: 237,770,629,120 bytes free
.
- - End Of File - - 7A2C8DC65DB374AE119F4ECBF730FD52

Seems better, just a tad worried Thanks so much for all the helps, see any more problems?

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 08 July 2012 - 10:39 AM

Hello,

All looks good!
Lets run a couple other scanners for any leftovers hiding. The infection has been found and deactivated. We are just looking for any leftover files.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

Edited by fireman4it, 10 July 2012 - 03:23 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 10 July 2012 - 03:24 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:41 AM

Posted 12 July 2012 - 01:28 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users