Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Win64/Patched.B.Gen trojan


  • This topic is locked This topic is locked
24 replies to this topic

#1 geejay

geejay

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 20 July 2012 - 06:23 PM

Well first of all I'm new here, I decided to register because I cant remove a virus called Win64/Patched.B.Gen trojan its beeing detected by ESETNOD 32 antivirus
this is the first virus i encountered which i can't remove myself so i decided to ask for help here seeing good feedback on the community.

BTW: I'm running on windows 7 if that matters

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 20 July 2012 - 11:47 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 21 July 2012 - 02:45 PM

Greetings Gringo

Here is my FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 21-07-2012 15:36:16
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [x]
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [1024000 2010-05-21] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880 2010-04-21] (Wireless Service)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2012-05-06] ()
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Joseph\...\Run: [Akamai NetSession Interface] "C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Joseph\...\Run: [Google Update] "C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-05] (Google Inc.)
HKU\Joseph\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [108136 2012-05-04] (Siber Systems)
HKU\Joseph\...\Run: [PlayNC Launcher] [x]
HKU\Kana\...\Run: [Google Update] "C:\Users\Kana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-04] (Google Inc.)
HKU\Kana\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [108136 2012-05-04] (Siber Systems)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Startup: C:\Users\Joseph\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 0134181336420400mcinstcleanup; C:\Windows\TEMP\013418~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [2083 2012-05-07] ()
2 D_Link_DWA-125; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [126976 2010-04-21] (Wireless Service)
2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-03-03] ()
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()

========================== Drivers (Whitelisted) =============

1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [29184 2012-03-01] (http://libusb-win32.sourceforge.net)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2011-05-25] (http://libusb-win32.sourceforge.net)
2 MySQL55; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 [9172 2012-05-31] ()
3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 11:23 - 2012-07-21 11:23 - 01437781 ____A (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2012-07-20 15:20 - 2012-07-20 15:20 - 00000026 ____A C:\Users\Joseph\Desktop\New Text Document.txt
2012-07-20 15:17 - 2012-07-20 15:32 - 567663507 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Campione! - 03 [1080p].mkv
2012-07-19 19:23 - 2012-07-19 19:54 - 298414715 ____A C:\Users\Joseph\Downloads\[Doki] Kono Naka ni Hitori, Imouto ga Iru! - 03 (1280x720 Hi10P AAC) [D3736653].mkv
2012-07-18 14:33 - 2012-07-19 19:23 - 00000000 ____D C:\Users\Joseph\Downloads\To Aru Majutsu no Index I
2012-07-17 20:00 - 2012-07-17 20:01 - 45795640 ____A C:\Users\Joseph\Downloads\[Staircase] Ebiten - Koritsu Ebisugawa Koukou Tenmon-Bu - 01 [288p x264 AAC][156413C0].mkv
2012-07-17 19:37 - 2012-07-17 19:37 - 00000000 ____D C:\Users\Joseph\Documents\Simpo PDF to PowerPoint
2012-07-17 19:36 - 2012-07-17 19:37 - 00000000 ____D C:\Program Files (x86)\Simpo PDF to PowerPoint
2012-07-17 19:36 - 2012-07-17 19:36 - 03529337 ____A (Simpo Technologies ) C:\Users\Joseph\Downloads\pdf2ppt_setup.exe
2012-07-17 19:36 - 2012-07-17 19:36 - 00001109 ____A C:\Users\Joseph\Desktop\Simpo PDF to PowerPoint.lnk
2012-07-17 16:49 - 2012-07-17 16:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\2K Sports
2012-07-17 16:47 - 2012-07-17 16:47 - 00001324 ____A C:\Users\Joseph\Desktop\Major League Baseball 2K12.lnk
2012-07-17 16:42 - 2012-07-17 16:42 - 00000000 ____D C:\Program Files (x86)\2K Sports
2012-07-17 16:38 - 2012-07-17 16:49 - 00000000 ____D C:\Users\Joseph\Downloads\MLB2k12
2012-07-15 19:10 - 2012-07-15 19:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 18:06 - 2012-07-14 18:09 - 278667117 ____A C:\Users\Joseph\Downloads\[SubDESU] Hagure Yuusha no Estetica - 02 (1280x720 x264 AAC) [B38E1F4D].mkv
2012-07-14 12:37 - 2012-07-14 12:57 - 337618177 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Sword Art Online - 02 [720p].mkv
2012-07-13 11:31 - 2012-07-13 13:33 - 343127631 ____A C:\Users\Joseph\Downloads\[SubDESU] Dakara Boku wa H ga Dekinai. - 02 (1280x720 x264 AAC) [DAD30586].mkv
2012-07-13 11:24 - 2012-07-13 11:49 - 253258434 ____A C:\Users\Joseph\Downloads\[Pomf] Koi to Senkyo to Chocolate - 02 [97981753].mkv
2012-07-13 11:24 - 2012-07-13 11:30 - 243742257 ____A C:\Users\Joseph\Downloads\[UTW]_Kono_Naka_ni_Hitori_Imouto_ga_Iru_-_02_[h264-720p][4333146D].mkv
2012-07-13 11:10 - 2012-07-13 13:13 - 567392003 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Campione! - 02 [1080p].mkv
2012-07-11 19:52 - 2012-07-11 19:52 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-07-11 19:52 - 2012-07-11 19:52 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-07-11 19:52 - 2012-07-11 19:52 - 00000000 ____D C:\Program Files (x86)\Canon
2012-07-11 19:50 - 2012-07-11 19:50 - 00000000 ___HD C:\Users\All Users\CanonIJFAX
2012-07-11 19:46 - 2012-07-11 19:46 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-07-11 19:46 - 2012-07-11 19:46 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-07-11 19:46 - 2012-07-11 19:46 - 00000000 ____D C:\Windows\System32\STRING
2012-07-11 19:46 - 2010-09-08 12:27 - 00328192 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-07-11 19:46 - 2010-09-08 12:27 - 00037376 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-07-11 19:46 - 2010-09-08 12:26 - 00342016 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2012-07-11 19:45 - 2012-07-11 19:45 - 00000000 ___HD C:\Program Files\CanonBJ
2012-07-11 19:45 - 2010-10-21 01:00 - 00302080 ____A (CANON INC.) C:\Windows\System32\CNCALAL.DLL
2012-07-11 19:45 - 2010-09-20 01:00 - 00374784 ____A (CANON INC.) C:\Windows\System32\CNMLMAL.DLL
2012-07-11 19:45 - 2010-09-13 10:44 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNC410U.dll
2012-07-11 19:45 - 2010-09-13 10:43 - 01368064 ____A (CANON INC.) C:\Windows\System32\CNC410C.dll
2012-07-11 19:45 - 2010-09-13 10:43 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNC410I.dll
2012-07-11 19:45 - 2010-09-07 06:58 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNMIUAL.DLL
2012-07-11 19:45 - 2010-09-06 13:04 - 00367104 ____A (CANON INC.) C:\Windows\System32\CNC410L.dll
2012-07-11 19:45 - 2010-09-06 13:03 - 00315392 ____A (CANON INC.) C:\Windows\SysWOW64\CNC410L.dll
2012-07-11 19:45 - 2010-06-03 11:11 - 00103424 ____A (Canon Inc.) C:\Windows\System32\CNC410O.dll
2012-07-11 19:45 - 2010-05-14 06:49 - 00015104 ____A C:\Windows\SysWOW64\CNC174ED.TBL
2012-07-11 19:45 - 2010-05-14 06:49 - 00015104 ____A C:\Windows\System32\CNC174ED.TBL
2012-07-11 19:45 - 2008-08-25 14:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2012-07-11 19:45 - 2008-08-25 14:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-07-11 19:43 - 2012-07-11 19:44 - 31626640 ____A C:\Users\Joseph\Downloads\mp68-win-mx410-1_00-ea24.exe
2012-07-10 20:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 19:59 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 19:59 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 19:59 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 19:59 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 19:59 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 19:59 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 19:59 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 19:59 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 19:59 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 19:59 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 19:59 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 19:59 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 19:59 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 19:59 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 19:59 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 19:59 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 19:59 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 19:59 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 19:59 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 19:59 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 19:59 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 19:59 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 19:59 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 19:59 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:58 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 19:58 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 19:58 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 19:58 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 12:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 12:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 12:04 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 12:04 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 12:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 12:04 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 12:04 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 12:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 12:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 12:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 12:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 12:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 12:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 12:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 12:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 12:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 12:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 12:04 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 12:04 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 20:59 - 2012-07-19 21:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
2012-07-09 20:59 - 2012-07-09 20:59 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-09 20:59 - 2012-07-09 20:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-07-09 20:55 - 2012-07-09 20:55 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Joseph\Downloads\SkypeSetup.exe
2012-07-09 17:18 - 2012-07-09 17:29 - 585450900 ____A C:\Users\Joseph\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv
2012-07-09 16:15 - 2012-07-09 16:24 - 584659754 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [1080p].mkv
2012-07-09 16:03 - 2012-07-09 16:13 - 579718144 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Oda Nobuna no Yabou - 01 [1080p].mkv
2012-07-08 18:59 - 2012-07-08 18:59 - 00001606 ____A C:\Users\Joseph\Desktop\Little Busters! English.lnk
2012-07-08 18:57 - 2012-07-08 18:58 - 25173517 ____A C:\Users\Joseph\Downloads\lb-english-6.0.exe
2012-07-08 18:02 - 2012-07-08 18:02 - 00000000 ____D C:\KEY
2012-07-07 21:52 - 2012-07-08 17:44 - 00000000 ____D C:\Users\Joseph\Downloads\????????!
2012-07-07 10:52 - 2012-07-07 11:14 - 566990906 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Kokoro Connect - 01 [1080p].mkv
2012-07-07 10:36 - 2012-07-07 10:48 - 567968732 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Sword Art Online - 01 [1080p].mkv
2012-07-06 21:59 - 2012-07-06 23:05 - 00000000 ____D C:\Users\Joseph\Downloads\Bartender
2012-07-06 18:41 - 2012-07-06 18:48 - 363670072 ____A C:\Users\Joseph\Downloads\[SubDESU]_Dakara_Boku_wa_H_ga_Dekinai._-_01_(1280x720_x264_AAC)_[AB1BBCCD].mkv
2012-07-06 12:24 - 2012-07-06 12:30 - 371684894 ____A C:\Users\Joseph\Downloads\[SubDESU]_Hagure_Yuusha_no_Estetica_-_01v0_(1280x720_x264_AAC)_[C3E634CC].mkv
2012-07-06 11:52 - 2012-07-06 11:57 - 271410344 ____A C:\Users\Joseph\Downloads\[UTW]_Kono_Naka_ni_Hitori_Imouto_ga_Iru_-_01_[h264-720p][33E59083].mkv
2012-07-06 11:29 - 2012-07-06 11:37 - 420620274 ____A C:\Users\Joseph\Downloads\[gg]_EUREKA_SEVEN_AO_-_12_[9561C42C].mkv
2012-07-05 19:16 - 2012-07-05 19:33 - 272876913 ____A C:\Users\Joseph\Downloads\[Hadena] Koi to Senkyo to Chocolate - 01 [720p][6D846746].mkv
2012-07-04 17:01 - 2012-07-04 17:01 - 00001169 ____A C:\Users\Kana\Desktop\Video Thumbnails Maker.lnk
2012-07-04 17:01 - 2012-07-04 17:01 - 00001169 ____A C:\Users\Joseph\Desktop\Video Thumbnails Maker.lnk
2012-07-04 17:01 - 2012-07-04 17:01 - 00000000 ____D C:\Program Files (x86)\Video Thumbnails Maker
2012-07-04 17:00 - 2012-07-04 17:01 - 00000000 ____D C:\Users\Joseph\Downloads\Screen Caps
2012-07-03 13:29 - 2012-07-03 14:41 - 209000000 ____A C:\Users\Joseph\Downloads\President.part01.rar
2012-07-01 13:51 - 2012-07-02 15:46 - 569495698 ____A C:\Users\Joseph\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv
2012-06-30 18:15 - 2012-06-30 18:21 - 174443034 ____A C:\Users\Joseph\Downloads\[FFF] Campione! - 01 [Preair][62BDDF11].mkv
2012-06-30 13:18 - 2012-06-30 13:18 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Media Player Classic
2012-06-29 12:35 - 2012-06-29 12:38 - 151776717 ____A C:\Users\Joseph\Downloads\[SubDESU-H]_Kiriya_Hakushakuke_no_Roku_Shimai_-_02_(10bit)_(720x480_x264_AAC)_[F709C4C0].mkv
2012-06-29 12:34 - 2012-06-29 12:34 - 00011956 ____A C:\Users\Joseph\Downloads\[SubDESU-H]_Kiriya_Hakushakuke_no_Roku_Shimai_-_02_(10bit)_(720x480_x264_AAC)_[F709C4C0].mkv.torrent
2012-06-29 12:20 - 2012-06-29 12:28 - 325084177 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_10_[720p][47BBE00A].mkv
2012-06-29 12:04 - 2012-06-29 12:04 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-06-29 12:03 - 2012-06-29 12:04 - 09889896 ____A (CCCP Project ) C:\Users\Joseph\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
2012-06-29 11:49 - 2012-06-29 11:56 - 373519525 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_09_[720p][5CBCD0CD].mkv
2012-06-29 11:42 - 2012-06-29 11:49 - 361806406 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_08_[720p][23E4B85A].mkv
2012-06-29 11:34 - 2012-06-29 11:42 - 475049105 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_07_[720p][D2403038].mkv
2012-06-29 11:25 - 2012-06-29 11:32 - 464660776 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_06_[720p][CD450656].mkv
2012-06-29 11:19 - 2012-06-29 11:25 - 339999245 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_05_[720p][886C4653].mkv
2012-06-29 10:59 - 2012-06-29 11:05 - 381419449 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_04_[720p][1A7ECC20].mkv
2012-06-29 10:39 - 2012-06-29 10:44 - 312443149 ____A C:\Users\Joseph\Downloads\[Hadena] Tasogare Otome x Amnesia - 03 [720p][DE53062D].mkv
2012-06-28 21:00 - 2012-06-28 21:06 - 34006014 ____A C:\Users\Joseph\Downloads\[ASL]_Faylan_-_Mirai_Nikki_OP_-_Dead_END_Soukyuu_no_Hikari_[MP3].rar
2012-06-28 20:53 - 2012-06-28 20:53 - 00024261 ____A C:\ads_err.adt
2012-06-28 20:53 - 2012-06-28 20:53 - 00006499 ____A C:\ads_err.dbf
2012-06-28 20:53 - 2012-06-28 20:53 - 00004559 ____A C:\ads_err.adm
2012-06-28 20:53 - 2012-06-28 20:53 - 00003072 ____A C:\ads_err.adi
2012-06-28 20:49 - 2012-06-28 20:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-06-28 20:49 - 2012-06-28 20:49 - 00000000 ____D C:\Users\Joseph\Documents\BlackBerry
2012-06-28 20:34 - 2012-06-28 21:15 - 00000000 ____D C:\Users\Joseph\Downloads\Anime
2012-06-28 19:59 - 2012-06-28 19:59 - 00002690 ____A C:\Users\Joseph\Downloads\[Nipponsei] BLEACH OP15 Single - HARUKAZE [SCANDAL].zip.torrent
2012-06-28 19:32 - 2012-06-28 21:18 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.Transcoder.Exception.log
2012-06-28 19:31 - 2012-06-28 21:18 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-28 19:31 - 2012-06-28 21:18 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-28 19:31 - 2012-06-28 19:32 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Research In Motion
2012-06-28 19:31 - 2012-06-28 19:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-06-28 19:31 - 2012-06-28 19:31 - 00000000 ____D C:\Users\Joseph\AppData\Local\Research In Motion
2012-06-28 19:30 - 2012-06-28 19:30 - 00002235 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-06-28 19:30 - 2012-06-28 19:30 - 00001153 ____A C:\Users\Joseph\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-28 19:30 - 2012-06-28 19:30 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-06-28 19:30 - 2012-06-28 19:30 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2012-06-28 19:30 - 2011-07-20 10:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-06-28 19:24 - 2012-06-28 19:27 - 116064632 ____A C:\Users\Joseph\Downloads\700_b060_multilanguage.exe
2012-06-28 17:16 - 2012-06-28 17:16 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-06-28 17:08 - 2012-06-28 17:08 - 00001136 ____A C:\Users\Public\Desktop\Adobe Flash Media Live Encoder 3.2.lnk
2012-06-28 17:05 - 2012-06-28 17:05 - 02403328 ____A C:\Users\Joseph\Downloads\VHScreenCapX86.msi
2012-06-28 17:04 - 2012-06-28 17:05 - 06537216 ____A C:\Users\Joseph\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
2012-06-25 17:26 - 2012-06-25 17:35 - 509315089 ____A C:\Users\Joseph\Downloads\[Hadena] Accel World - 11 [720p][3A5D1B3C].mkv
2012-06-25 17:25 - 2012-06-25 17:26 - 00019689 ____A C:\Users\Joseph\Downloads\[Hadena] Accel World - 11 [720p][3A5D1B3C].mkv.torrent
2012-06-24 16:59 - 2012-06-24 16:59 - 00000000 ____D C:\Users\Joseph\AppData\Local\SplitMediaLabs
2012-06-24 16:58 - 2012-06-24 16:58 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
2012-06-24 16:56 - 2012-06-24 16:56 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\SplitMediaLabs
2012-06-24 16:02 - 2012-06-24 16:03 - 24331504 ____A (SplitMediaLabs) C:\Users\Joseph\Downloads\xsplit_installer_v1.0.1206.0203.exe
2012-06-23 20:47 - 2012-07-04 13:37 - 00000095 ____A C:\Users\Joseph\Desktop\There goes my redemption.txt
2012-06-22 07:54 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 07:54 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 07:54 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 07:54 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 07:54 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 07:54 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 07:54 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 07:54 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 07:54 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 15:03 - 2012-07-16 14:57 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-21 15:03 - 2012-06-21 15:03 - 00000921 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-21 15:01 - 2012-06-21 15:01 - 01606656 ____A C:\Users\Joseph\Downloads\SteamInstall.msi


============ 3 Months Modified Files ========================

2012-07-21 11:29 - 2012-05-06 13:43 - 00000007 ____A C:\Windows\SysWOW64\ANIWZCSUSERNAME{7C93098C-B433-457B-8F8E-E58C729B8C1A}
2012-07-21 11:29 - 2012-02-02 02:17 - 01282009 ____A C:\Windows\WindowsUpdate.log
2012-07-21 11:29 - 2009-07-13 21:13 - 00779702 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-21 11:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 11:29 - 2009-07-13 20:51 - 00053435 ____A C:\Windows\setupact.log
2012-07-21 11:23 - 2012-07-21 11:23 - 01437781 ____A (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2012-07-21 11:09 - 2012-05-05 10:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002UA.job
2012-07-21 11:03 - 2012-05-04 15:58 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000UA.job
2012-07-21 10:47 - 2009-07-13 20:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 10:47 - 2009-07-13 20:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 10:44 - 2012-06-10 11:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-21 10:41 - 2012-05-06 16:39 - 00003284 ____A C:\Users\Joseph\AppData\Roaming\ANIWZCS{7C93098C-B433-457B-8F8E-E58C729B8C1A}
2012-07-21 10:41 - 2012-05-06 13:44 - 00003284 ____A C:\Windows\SysWOW64\ANIWZCS{7C93098C-B433-457B-8F8E-E58C729B8C1A}
2012-07-20 15:32 - 2012-07-20 15:17 - 567663507 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Campione! - 03 [1080p].mkv
2012-07-20 15:20 - 2012-07-20 15:20 - 00000026 ____A C:\Users\Joseph\Desktop\New Text Document.txt
2012-07-19 20:09 - 2012-05-05 10:59 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002Core.job
2012-07-19 19:54 - 2012-07-19 19:23 - 298414715 ____A C:\Users\Joseph\Downloads\[Doki] Kono Naka ni Hitori, Imouto ga Iru! - 03 (1280x720 Hi10P AAC) [D3736653].mkv
2012-07-18 16:03 - 2012-05-04 15:58 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000Core.job
2012-07-17 20:01 - 2012-07-17 20:00 - 45795640 ____A C:\Users\Joseph\Downloads\[Staircase] Ebiten - Koritsu Ebisugawa Koukou Tenmon-Bu - 01 [288p x264 AAC][156413C0].mkv
2012-07-17 19:36 - 2012-07-17 19:36 - 03529337 ____A (Simpo Technologies ) C:\Users\Joseph\Downloads\pdf2ppt_setup.exe
2012-07-17 19:36 - 2012-07-17 19:36 - 00001109 ____A C:\Users\Joseph\Desktop\Simpo PDF to PowerPoint.lnk
2012-07-17 16:49 - 2011-08-15 00:52 - 00028342 ____A C:\Windows\DirectX.log
2012-07-17 16:47 - 2012-07-17 16:47 - 00001324 ____A C:\Users\Joseph\Desktop\Major League Baseball 2K12.lnk
2012-07-14 18:09 - 2012-07-14 18:06 - 278667117 ____A C:\Users\Joseph\Downloads\[SubDESU] Hagure Yuusha no Estetica - 02 (1280x720 x264 AAC) [B38E1F4D].mkv
2012-07-14 12:57 - 2012-07-14 12:37 - 337618177 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Sword Art Online - 02 [720p].mkv
2012-07-13 13:33 - 2012-07-13 11:31 - 343127631 ____A C:\Users\Joseph\Downloads\[SubDESU] Dakara Boku wa H ga Dekinai. - 02 (1280x720 x264 AAC) [DAD30586].mkv
2012-07-13 13:13 - 2012-07-13 11:10 - 567392003 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Campione! - 02 [1080p].mkv
2012-07-13 11:49 - 2012-07-13 11:24 - 253258434 ____A C:\Users\Joseph\Downloads\[Pomf] Koi to Senkyo to Chocolate - 02 [97981753].mkv
2012-07-13 11:30 - 2012-07-13 11:24 - 243742257 ____A C:\Users\Joseph\Downloads\[UTW]_Kono_Naka_ni_Hitori_Imouto_ga_Iru_-_02_[h264-720p][4333146D].mkv
2012-07-12 19:17 - 2012-05-07 16:21 - 00002126 ____A C:\Users\Joseph\Desktop\Warcraft III eSK.lnk
2012-07-12 10:44 - 2012-05-04 16:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 10:44 - 2011-08-15 01:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 10:06 - 2012-05-05 11:01 - 00002405 ____A C:\Users\Joseph\Desktop\Google Chrome.lnk
2012-07-11 19:52 - 2012-07-11 19:52 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-07-11 19:44 - 2012-07-11 19:43 - 31626640 ____A C:\Users\Joseph\Downloads\mp68-win-mx410-1_00-ea24.exe
2012-07-11 04:09 - 2009-07-13 20:45 - 00287016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 19:59 - 2012-05-11 12:10 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 20:59 - 2012-07-09 20:59 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-09 20:55 - 2012-07-09 20:55 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Joseph\Downloads\SkypeSetup.exe
2012-07-09 17:29 - 2012-07-09 17:18 - 585450900 ____A C:\Users\Joseph\Downloads\[CR] Muv-Luv Alternative - Total Eclipse - 01 [1920x1080].mkv
2012-07-09 16:24 - 2012-07-09 16:15 - 584659754 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Muv-Luv Alternative - Total Eclipse - 02 [1080p].mkv
2012-07-09 16:13 - 2012-07-09 16:03 - 579718144 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Oda Nobuna no Yabou - 01 [1080p].mkv
2012-07-09 10:13 - 2012-05-05 10:30 - 00060800 ____A C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-08 18:59 - 2012-07-08 18:59 - 00001606 ____A C:\Users\Joseph\Desktop\Little Busters! English.lnk
2012-07-08 18:58 - 2012-07-08 18:57 - 25173517 ____A C:\Users\Joseph\Downloads\lb-english-6.0.exe
2012-07-07 11:14 - 2012-07-07 10:52 - 566990906 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Kokoro Connect - 01 [1080p].mkv
2012-07-07 10:48 - 2012-07-07 10:36 - 567968732 ____A C:\Users\Joseph\Downloads\[HorribleSubs] Sword Art Online - 01 [1080p].mkv
2012-07-06 18:48 - 2012-07-06 18:41 - 363670072 ____A C:\Users\Joseph\Downloads\[SubDESU]_Dakara_Boku_wa_H_ga_Dekinai._-_01_(1280x720_x264_AAC)_[AB1BBCCD].mkv
2012-07-06 12:30 - 2012-07-06 12:24 - 371684894 ____A C:\Users\Joseph\Downloads\[SubDESU]_Hagure_Yuusha_no_Estetica_-_01v0_(1280x720_x264_AAC)_[C3E634CC].mkv
2012-07-06 11:57 - 2012-07-06 11:52 - 271410344 ____A C:\Users\Joseph\Downloads\[UTW]_Kono_Naka_ni_Hitori_Imouto_ga_Iru_-_01_[h264-720p][33E59083].mkv
2012-07-06 11:37 - 2012-07-06 11:29 - 420620274 ____A C:\Users\Joseph\Downloads\[gg]_EUREKA_SEVEN_AO_-_12_[9561C42C].mkv
2012-07-05 19:33 - 2012-07-05 19:16 - 272876913 ____A C:\Users\Joseph\Downloads\[Hadena] Koi to Senkyo to Chocolate - 01 [720p][6D846746].mkv
2012-07-04 17:01 - 2012-07-04 17:01 - 00001169 ____A C:\Users\Kana\Desktop\Video Thumbnails Maker.lnk
2012-07-04 17:01 - 2012-07-04 17:01 - 00001169 ____A C:\Users\Joseph\Desktop\Video Thumbnails Maker.lnk
2012-07-04 13:37 - 2012-06-23 20:47 - 00000095 ____A C:\Users\Joseph\Desktop\There goes my redemption.txt
2012-07-03 14:41 - 2012-07-03 13:29 - 209000000 ____A C:\Users\Joseph\Downloads\President.part01.rar
2012-07-02 15:46 - 2012-07-01 13:51 - 569495698 ____A C:\Users\Joseph\Downloads\[HorribleSubs] La storia della Arcana Famiglia - 01 [1080p].mkv
2012-06-30 18:21 - 2012-06-30 18:15 - 174443034 ____A C:\Users\Joseph\Downloads\[FFF] Campione! - 01 [Preair][62BDDF11].mkv
2012-06-29 12:38 - 2012-06-29 12:35 - 151776717 ____A C:\Users\Joseph\Downloads\[SubDESU-H]_Kiriya_Hakushakuke_no_Roku_Shimai_-_02_(10bit)_(720x480_x264_AAC)_[F709C4C0].mkv
2012-06-29 12:34 - 2012-06-29 12:34 - 00011956 ____A C:\Users\Joseph\Downloads\[SubDESU-H]_Kiriya_Hakushakuke_no_Roku_Shimai_-_02_(10bit)_(720x480_x264_AAC)_[F709C4C0].mkv.torrent
2012-06-29 12:28 - 2012-06-29 12:20 - 325084177 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_10_[720p][47BBE00A].mkv
2012-06-29 12:04 - 2012-06-29 12:03 - 09889896 ____A (CCCP Project ) C:\Users\Joseph\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
2012-06-29 11:56 - 2012-06-29 11:49 - 373519525 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_09_[720p][5CBCD0CD].mkv
2012-06-29 11:49 - 2012-06-29 11:42 - 361806406 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_08_[720p][23E4B85A].mkv
2012-06-29 11:42 - 2012-06-29 11:34 - 475049105 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_07_[720p][D2403038].mkv
2012-06-29 11:32 - 2012-06-29 11:25 - 464660776 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_06_[720p][CD450656].mkv
2012-06-29 11:25 - 2012-06-29 11:19 - 339999245 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_05_[720p][886C4653].mkv
2012-06-29 11:05 - 2012-06-29 10:59 - 381419449 ____A C:\Users\Joseph\Downloads\[UTW-Underwater]_Tasogare_Otome_x_Amnesia_-_04_[720p][1A7ECC20].mkv
2012-06-29 10:44 - 2012-06-29 10:39 - 312443149 ____A C:\Users\Joseph\Downloads\[Hadena] Tasogare Otome x Amnesia - 03 [720p][DE53062D].mkv
2012-06-28 21:18 - 2012-06-28 19:32 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.Transcoder.Exception.log
2012-06-28 21:18 - 2012-06-28 19:31 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-28 21:18 - 2012-06-28 19:31 - 00000154 ____A C:\Users\Joseph\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-28 21:06 - 2012-06-28 21:00 - 34006014 ____A C:\Users\Joseph\Downloads\[ASL]_Faylan_-_Mirai_Nikki_OP_-_Dead_END_Soukyuu_no_Hikari_[MP3].rar
2012-06-28 20:53 - 2012-06-28 20:53 - 00024261 ____A C:\ads_err.adt
2012-06-28 20:53 - 2012-06-28 20:53 - 00006499 ____A C:\ads_err.dbf
2012-06-28 20:53 - 2012-06-28 20:53 - 00004559 ____A C:\ads_err.adm
2012-06-28 20:53 - 2012-06-28 20:53 - 00003072 ____A C:\ads_err.adi
2012-06-28 20:49 - 2012-06-28 20:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-06-28 19:59 - 2012-06-28 19:59 - 00002690 ____A C:\Users\Joseph\Downloads\[Nipponsei] BLEACH OP15 Single - HARUKAZE [SCANDAL].zip.torrent
2012-06-28 19:31 - 2012-06-28 19:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-06-28 19:30 - 2012-06-28 19:30 - 00002235 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-06-28 19:30 - 2012-06-28 19:30 - 00001153 ____A C:\Users\Joseph\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-28 19:27 - 2012-06-28 19:24 - 116064632 ____A C:\Users\Joseph\Downloads\700_b060_multilanguage.exe
2012-06-28 17:08 - 2012-06-28 17:08 - 00001136 ____A C:\Users\Public\Desktop\Adobe Flash Media Live Encoder 3.2.lnk
2012-06-28 17:05 - 2012-06-28 17:05 - 02403328 ____A C:\Users\Joseph\Downloads\VHScreenCapX86.msi
2012-06-28 17:05 - 2012-06-28 17:04 - 06537216 ____A C:\Users\Joseph\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
2012-06-25 17:35 - 2012-06-25 17:26 - 509315089 ____A C:\Users\Joseph\Downloads\[Hadena] Accel World - 11 [720p][3A5D1B3C].mkv
2012-06-25 17:26 - 2012-06-25 17:25 - 00019689 ____A C:\Users\Joseph\Downloads\[Hadena] Accel World - 11 [720p][3A5D1B3C].mkv.torrent
2012-06-24 16:03 - 2012-06-24 16:02 - 24331504 ____A (SplitMediaLabs) C:\Users\Joseph\Downloads\xsplit_installer_v1.0.1206.0203.exe
2012-06-21 15:03 - 2012-06-21 15:03 - 00000921 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-21 15:01 - 2012-06-21 15:01 - 01606656 ____A C:\Users\Joseph\Downloads\SteamInstall.msi
2012-06-19 20:33 - 2012-06-19 20:31 - 00001242 ____A C:\Users\Joseph\Desktop\Tabs.txt
2012-06-19 13:32 - 2012-06-19 13:32 - 00083650 ____A C:\Users\Joseph\Downloads\Villa Zeil.rar
2012-06-17 00:06 - 2012-05-07 13:42 - 00045270 ____A C:\Users\Joseph\AppData\Roaming\room_v3.dat
2012-06-16 23:07 - 2012-06-16 23:02 - 00000258 ____A C:\Users\Joseph\AppData\Roaming\ANICONFIG_{7C93098C-B433-457B-8F8E-E58C729B8C1A}.ini
2012-06-13 18:01 - 2012-06-13 18:01 - 00001098 ____A C:\Users\Joseph\Desktop\runserver-sql - Shortcut.lnk
2012-06-11 19:08 - 2012-07-10 20:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 18:23 - 2012-06-11 18:23 - 00000757 ____A C:\Users\Joseph\Desktop\BasureRO - Shortcut.lnk
2012-06-11 08:11 - 2012-06-11 08:11 - 00493520 ____A (Facebook Inc.) C:\Users\Joseph\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-06-09 14:57 - 2012-06-09 14:57 - 00002228 ____A C:\Users\Joseph\Desktop\PaintTool SAI.lnk
2012-06-09 14:56 - 2012-06-09 14:56 - 02114015 ____A C:\Users\Joseph\Downloads\sai-eng-pack-1.1.0-f1.exe
2012-06-08 21:43 - 2012-07-10 12:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 12:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 06:01 - 2012-06-06 06:01 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-06 05:57 - 2012-06-06 05:56 - 76761968 ____A (Apple Inc.) C:\Users\Joseph\Downloads\iTunes64Setup.exe
2012-06-05 22:06 - 2012-07-10 12:04 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 12:04 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 12:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 12:04 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 12:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 12:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 18:01 - 2012-06-05 18:01 - 00000040 ____A C:\Windows\System32\?Í
2012-06-05 17:24 - 2012-06-05 17:22 - 32733856 ____A (PremiumSoft CyberTech Ltd. ) C:\Users\Joseph\Downloads\navicat100_premium_en.exe
2012-06-05 14:13 - 2012-06-05 14:13 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-06-05 14:11 - 2012-06-05 14:11 - 03526040 ____A (TeamViewer GmbH) C:\Users\Joseph\Downloads\TeamViewer_Setup_en.exe
2012-06-05 13:57 - 2012-06-05 13:57 - 00002138 ____A C:\Users\Joseph\Desktop\Lineage II.lnk
2012-06-05 13:47 - 2012-06-05 13:47 - 00002032 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-06-05 13:45 - 2012-06-05 13:44 - 06523640 ____A (Macrovision Corporation) C:\Users\Joseph\Downloads\NCsoftLauncherSetup.exe
2012-06-05 12:04 - 2012-06-05 12:04 - 01117296 ____A C:\Users\Joseph\Downloads\ducsetup.exe
2012-06-05 06:54 - 2012-05-06 13:58 - 00000007 ____A C:\Windows\SysWOW64\ANIWZCSUSERNAME
2012-06-04 17:32 - 2012-06-04 17:32 - 00872029 ____A C:\Users\Joseph\Downloads\HxDSetupEN.zip
2012-06-03 17:47 - 2012-05-06 13:44 - 00003284 ____A C:\Users\Kana\AppData\Roaming\ANIWZCS{7C93098C-B433-457B-8F8E-E58C729B8C1A}
2012-06-03 13:31 - 2012-06-03 13:30 - 12780479 ____A C:\Users\Joseph\Downloads\pcsx2-0.9.8-r4600-setup.exe
2012-06-02 14:19 - 2012-06-22 07:54 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 07:54 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 07:54 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 07:54 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 07:54 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 07:54 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 07:54 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 07:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-22 07:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 19:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 19:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 19:59 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 19:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 19:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 19:59 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 19:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 19:59 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 19:59 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 19:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 19:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 19:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 19:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 19:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 19:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 19:59 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 19:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 19:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 19:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 19:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 19:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 19:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 19:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 19:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 19:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 19:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 19:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 12:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 12:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 12:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 12:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 12:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 12:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 12:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 12:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 12:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 20:48 - 2012-05-31 10:32 - 00764826 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-31 12:32 - 2012-05-31 12:32 - 00000238 ____A C:\Windows\ODBCINST.INI
2012-05-30 15:05 - 2010-11-20 19:47 - 00019830 ____A C:\Windows\PFRO.log
2012-05-29 16:50 - 2012-05-29 16:50 - 00000128 ____A C:\Windows\wininit.ini
2012-05-29 16:50 - 2012-05-11 15:32 - 00001023 ____A C:\Users\Joseph\Desktop\Dropbox.lnk
2012-05-29 14:47 - 2012-05-04 15:59 - 00002358 ____A C:\Users\Kana\Desktop\Google Chrome.lnk
2012-05-25 20:53 - 2012-05-25 20:53 - 00000694 ____A C:\Users\Joseph\Desktop\GDMO.lnk
2012-05-23 16:59 - 2012-05-23 16:59 - 00000811 ____A C:\Users\Joseph\Desktop\RF PoA Warriors of Light.lnk
2012-05-19 11:08 - 2012-05-19 11:08 - 00001785 ____A C:\Users\Joseph\Desktop\AssassinsCreedII - Shortcut.lnk
2012-05-19 10:40 - 2012-05-19 10:40 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-05-18 15:53 - 2012-05-18 15:53 - 00000688 ____A C:\Users\Joseph\Desktop\RF Online EQG.lnk
2012-05-16 20:12 - 2012-05-16 20:12 - 00001911 ____A C:\Users\Joseph\Desktop\RF-Prophecy - Shortcut.lnk
2012-05-16 19:55 - 2012-05-16 19:55 - 00001828 ____A C:\Users\Joseph\Desktop\RF - Shortcut.lnk
2012-05-16 19:02 - 2012-05-16 19:02 - 00001370 ____A C:\Users\Joseph\Desktop\KudoZ - Shortcut.lnk
2012-05-13 11:43 - 2012-05-13 11:43 - 00001929 ____A C:\Users\Joseph\Desktop\Heroes of Newerth.lnk
2012-05-11 23:16 - 2012-05-11 23:16 - 00002787 ____A C:\Users\Joseph\AppData\Local\recently-used.xbel
2012-05-11 17:24 - 2012-05-11 17:24 - 00000730 ____A C:\Users\Kana\Desktop\RanOnlineGS.lnk
2012-05-08 15:32 - 2012-05-11 17:24 - 00000730 ____A C:\Users\Joseph\Desktop\RanOnlineGS.lnk
2012-05-08 11:45 - 2012-05-08 11:45 - 00001279 ____A C:\Users\Joseph\Desktop\WarKey - Shortcut.lnk
2012-05-07 19:09 - 2012-05-07 19:09 - 00000896 ____A C:\Users\Joseph\Desktop\GIMP 2.lnk
2012-05-07 17:10 - 2012-05-07 17:10 - 00001721 ____A C:\Users\Joseph\Desktop\rgc - Shortcut.lnk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\zwjvhcytwbc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\xibfo.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\uivgphjr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\tzhdw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\togl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\tnlcyha
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zzmbkjttcv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zyowns
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zyadeizbstq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zxykwvw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zxntsmpkns
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zxlhpcxet
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zvybg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zvxxfsps
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zvxuplfqaiv.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zufsomdnqb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zprns
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zph
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\znubd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zmulmsalvp.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zmpm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zlvlgaoro.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zkvadtmlfi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zkgl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zhbezzk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zgtn.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zgdzvuq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zfxbo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zerryde
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zdo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zbu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\zayfbnltwb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yzvlitevcp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yztg.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ywjmsytb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ywcotf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yueiza
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yrvdebxgrzt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yruogei.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yqwnxmuqkr.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yqjwaqwjrgn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ypwgam
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ypn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ypb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ynbpico.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yjbyky
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yifbtom
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yhvfljhx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yft.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yfguqg.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yfddtyco.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yeubbz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yeqc.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ybnso
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ybcwdcj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yajdu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\yacxpunyz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xxfxt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xwolbkcl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xwfjdkdtixu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xuyoohmb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xsdi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xrjnqaxgslz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xrjmwls.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xratz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xogeiasqdx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xnrwoffi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xnaaiqyn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xlaoaq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xkiazoygsu.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xivldzk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xitroqxj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xhxj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xhliavnncf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xhjvdk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xhi.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xhepiahgu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xei.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xdu.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xdnu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xbwudob.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xbeumyws.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\xabxrnwognq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wztapis.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wvpmojcpagc.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wvmaql.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wuienx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wtkvqxla.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wriuwbh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wrfmrz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wqnbogohpa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wpushbesv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wpa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wooq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wnzrlwgymia
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wnwpuad
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wnwis
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wmsxmgb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wmcwjfwebcg.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wmcbsqz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wmaeoulj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wltgfaapaxg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wlagsxpfnjc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wkaig
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wjjkwjxof.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wjd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wio
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wgjy
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wgfzxqxc.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wgekhz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wchut
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\wbyqcoru
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vylysjgigsp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vydky
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vxamvnvecd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vwx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vwvpxtf.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vuzy.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vutlo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vtccpjjxhbl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vrt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vrb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vqzkhuu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vpymgh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vlzenqzgwi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vlv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vltbvctcek
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vlhw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vky.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vhuya
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vhgdwwy.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vgkauki
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vexcv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vekhfmquvd.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vedcfvtun
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\vcwbqe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uykjvcews
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uvhkeoo.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uuknvmo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\usbsjhq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\urupvqobgah
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\urfoeuqrrvx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\upwhfcfpq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\upqsk.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\umckcky
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\umblkiu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ukqsipcp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ujurc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ujupkolaxz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ujmb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ujemlvpjgb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uilhoi.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uhgxcxne.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ugh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\udixx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ubomomrwsdk.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\uaqqwmjt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\txkpazbbtc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tvumtdvg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tviuuwtwvs
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tubh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tttpgilubhz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\trpcwzo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\trjhziwhqax
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tqkrkktdw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tplabizkfi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tparier
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tmksiwyo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tmiduq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tmhmpisgrjb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tjerrruiu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tixbprzs.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tgysztaa.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tgp.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\teatwcjgoq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\tcu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\szanch.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sxngztzr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\swucw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\swrosmstc.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\swmx.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\svh.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\surl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\strlohjio
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sthnpbr.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\srt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\srceeuuzog
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sqrvkkbktxz.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sntlrnm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\slvwlpnaqo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\slfzi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\skjqlknoa.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\skcx.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sjzadmi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sjfso
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sghtkpu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sfxzlgg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sfsz.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sbm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\sao
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rzyxt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rzuc.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rybqxma
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rxlxmq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rwwmb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rwumiig
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rvitifkhda.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ruwy.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rumiqlhw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rtssxvscl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rtsquze.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rrbddpfknf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rquw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rpz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rnixg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rnaxcorvnpm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rmkgnn.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rlxrf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rkdkyehqiv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rjzxhrd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rilkwzwyil.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\riffaw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rifbww.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rhw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rhrrf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rfmfahwb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rfbddh.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rckntimj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rbw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rbou.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\rbc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qzegqoobxiy.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qxbus.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qwdspx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qvt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\quqsl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qttwzyei.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qswzofzltsi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qsopsnklrnj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qrpcq.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qqqt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qqqewpfdl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qqmnchoguw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qpghwlpi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qogqdj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qnretzig.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qncintxhpbv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qmlr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qldlx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qjhrojfdm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qhyfrlwcpck
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qheefqe.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qebywplco
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qcyfwezkrw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qcw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qbvhrrhf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qbt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qbqeurlah
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qbdvroefxtf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\qayekwvmsh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pwlwjlqf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pwalonerzam
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pwa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pvsbacopgo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\puxozpwjj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ptuhkoey
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ptfcgaof.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ptcwmepfq.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\psxulyb.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\psuezqksw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pqognjycvt.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pqjjgvrcrr.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ppmurgqnqi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pplmagu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pjtdqi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pjjipw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\phcioojd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pgsh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pgmxllhrgl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pffkxpns
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pepxq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pefaimbebk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pedcjlq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pdqrcouep
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pctk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pcpmvigyknw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pcnbisr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pclkwlz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pbzcnzjjax
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\pathdekgnl.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oylo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oybbndhpat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oxxpcqneqfk.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oxsta
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ousspnt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ourtunrnnc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\otvbczqzr.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\otorwgb.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\otngpkqlgc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oqljnan
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oqipw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\opnaypiuh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\opn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oofzxmm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oofsbkfk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oocihv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ooaomuyhvz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\onuhfaqdr.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\omgkwcqmzh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\olwz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\olvkvxg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\olhitsu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\olhdsirhbjm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\olcfhmx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\okbzdweogsf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ojlw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\oicryjbsxhd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ohfmfxmgnvd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ogn.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ogknbwh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\odpeuveeirg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\odklrkid
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\odieozehykz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ocduhsoaeky.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\obfbsckxiuv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nysjggwyrz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nybrohbe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nvolurg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nvdkhnrqwn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ntpp.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nreadmitf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nqxtrw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\npx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\npuailglpt.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\noyqt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nnzey
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\nlzvfpgxhuw.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\netcd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ndpxrjvfik.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\narceunvfsr.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mzquaye
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mxdvmytw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mwzhlh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mwuwz.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mvxgdkyrjxt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mvhxlyyr.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mvfhxic
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\msbwl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mrprxeehpe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mpvauzxwdz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mpuqpwyjjoe.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mpr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mlfml.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mkyszmt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\minowwpnhw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mimsxzkfsba
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mhymnl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mhefcltipun.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mftkul
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mfpfkyzrxe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mflohpswrxl.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mcrrrdylbyb.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mbufohzbd.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mbpbf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\mbcuyqp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\maynwlp.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lzjqvgauzfs
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lxjydaq.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lwohwwxa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lwcnbd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lvzw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lvjfqnrfy.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ltm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ltcbbxm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lrwldsbcq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lrotxpqhol
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lqya.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lqpksm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lptdlhqltgj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lnuzijew
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lnm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lmti
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lmkwvtfa.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lljl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lklnirnii
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\litvwn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\liif.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lhlcj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lffhqjpt.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lfdwrke
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lervczxc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lepkgvz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ldypa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ldna.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\lbial
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kza
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kykkyyjuomq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kxfziwiehxe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ktkvvqws.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kppamcnflm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kokjkgnayl.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\knkpjcuzkb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\knk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kmgbr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kkxlvn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kkrk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kjvzwobzke.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kjvgkvsar
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kjj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\khzpcmbe
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kgqeevfnt.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kfzlj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kfkegdfzsmf.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kffzqte
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kdi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kcd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kblu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kagoeryt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\kaddzumq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jxvemnjznu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jxqxva.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jvpytddxshm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jvanbm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\junn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jtdznq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jsslx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jsgzsb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jscxtijpp.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jresfclof
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jmpx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jkne
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jhvyfmljeob
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jfuwpyqkkiu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jfilvhux
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jes
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jeoc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jecbuzopv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jdlshte
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jclas
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\jazdltqdat.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iyao
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ixrmyzmuf.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ivz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iuzsgndntd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\itshnv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ithugwck.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\isnvgwxvzx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ipldozicq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ipdnxhip
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iooy
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iobspad
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\imisiwl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ilppyukvb.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ikvd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ikugogpknz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ikitzfwrlzd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ihxkhtew
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\igy
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\igwyc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ifwyys
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ifvbafbi.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ifhfyantlzc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ifh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iecx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\idzfxu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iduxw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ict.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ibqvywo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\iarssnndg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hzooveshuhi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hznd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hxpuo.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hxokmtz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hwsfdvw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hvbzrysf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hulemjbpzih.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\huiqk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\htzs.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\htubwk.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\htmhmor
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hsxps
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hrqwp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hrfumedgw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hqwxnfwmq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hqofa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hoboh.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hmzimwaq.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hiushfclfla.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\higwf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hhxjfatux.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hgu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hgdxppghmnp.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hfbtzuzg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hfaptb.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hbqnkzjqm.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\hbduxvmv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gzswrdxw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gxveh.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gxiglgpq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gwyphivwam
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gwegf.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gwcogj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gvsgjc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gtkrjpla
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gsztiwpu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gswxesatox.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gswssvrjl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gqr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gksspjwk.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gjrxn.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gityrsbrb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\giemuzl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ghgeryzg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ghdvcccqxcv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ggjxmqh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gfgr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gecrm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gdsbvd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gck
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gcgii.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gbx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\gazeenlg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ganwg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fzzu.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fyvyvw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fxwpiwys
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fxhn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fsopbrrnag
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fsjfcnvfjr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\frznpwqgbxt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fqat.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fonbotjzdzr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fnyj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fnxe.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fnwncbqssp.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fmlgoxxnn.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fkuuzbgv.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fjpkjgod
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fhsongrcc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fhg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fhagevihj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\fcibhhrxsu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ezafudvoiyt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\evpk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eswjlbv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\erauoi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eqartqwjeg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\epvvbcvej
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\epuzw.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eng
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eiwxqfsa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ehe.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\egskehx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\egeegu
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\efwxeovrva
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eesejbzog.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eebifxejokv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\edsljcdivuy.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\edovnmlhmu.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ecqooiby
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ebwmf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ebeblkboibi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\eafryqglx
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dzna
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dxrnzku.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dqeavzgp.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dqajfj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dpfrqyaznoo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dows
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dogequdlcho
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dmuuqmc.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dmtlsnues.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dkfd.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\djzobvavx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dizbniz.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dgppwo.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dgckkqqq.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dfswulgomz.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dfdenbmhi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\detwvkklv.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\defhdp.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\dbsbm
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\daltzc
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\daflhn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cxoab
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cwr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ctxnogspj.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ctsn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cqbt.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cprceg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cntaml.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cjsvjsn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cixpn
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\civwzqm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cguaohd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cfclssx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cdntf.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cbqynozbpo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cbgvboorrjj.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\cakqt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bzyz.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bzkhikmncyf
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\byoqvakieh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bycuny
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bxqecmpfn.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bulcyfilrrd.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bsxkwl.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bsmobir.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bpajjydv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bmpedqmgmxo
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\blxcchdo.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bloulzqvnrd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bfsdlrscmiv
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\betjex.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\bacdzugy
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\azuxhafgo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\azepwokxctz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ayyyufnvi.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\axxvniyw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\auqopa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\auemdu.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aso.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\arsimaqa
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\arembuqqlhl.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aqluxxpvzxz
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\apluecjxljh.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aotnjwxb.xml
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\alswcpnkwg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\alpzadzk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\akophcvl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\akjgqsepny.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ajnzyssdz.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ajfm.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aihwg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\ahlkupje
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\agd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\afocvlmwd
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aesvs.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\adpgegoatcl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aclcvmx.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\abqj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\SysWOW64\aaydghedumh
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\rnni.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\refyhravcw.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\qgqkumwr.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\pxluctu.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\pnaphwmzlgp
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\oaap
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\nhs
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\lzuovdq
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\lyi
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\lqrbl
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\kragnbr.dat
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\jnpltjziixr
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\iurduaasebj
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\hihw
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\grgqrvb
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\fas.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\err.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\ejxebk
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\eewo.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\ecisfvuhpa.ini
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\dwbwxg
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\dehidfjtpt
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\cpznhdhikek
2012-05-07 16:23 - 2012-05-07 16:23 - 00000028 ____A C:\Windows\baxqskha.dat
2012-05-07 16:10 - 2012-05-07 16:10 - 00000999 ____A C:\Users\Kana\Desktop\NodLogin Force.lnk
2012-05-07 16:10 - 2012-05-07 16:10 - 00000985 ____A C:\Users\Kana\Desktop\NodLogin normal.lnk
2012-05-07 14:30 - 2012-05-04 15:35 - 00059824 ____A C:\Users\Kana\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-07 13:50 - 2012-05-07 13:50 - 00274960 ____A C:\Windows\Minidump\050712-25506-01.dmp
2012-05-07 13:50 - 2012-05-05 10:17 - 402748048 ____A C:\Windows\MEMORY.DMP
2012-05-07 13:27 - 2012-05-07 13:27 - 00001067 ____A C:\Users\Public\Desktop\Garena Plus.lnk
2012-05-06 19:11 - 2012-05-06 19:11 - 00606662 ____A C:\Users\Joseph\Downloads\redraw-test.7z
2012-05-06 18:58 - 2012-05-06 18:58 - 00001552 ____A C:\Users\Joseph\Desktop\PhotoshopPortable.lnk
2012-05-06 17:49 - 2012-05-06 17:49 - 00000531 ____A C:\Windows\KB893803v2.log
2012-05-06 16:55 - 2012-05-06 16:55 - 00002238 ____A C:\Users\Public\Desktop\Autodesk SketchBook Express 2011 sp2.lnk
2012-05-06 16:48 - 2012-05-06 16:48 - 00001880 ____A C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
2012-05-06 16:42 - 2012-05-06 16:37 - 00001033 ____A C:\Users\Public\Desktop\Bamboo Dock.lnk
2012-05-06 16:37 - 2012-05-06 16:37 - 00000002 ____A C:\Users\Joseph\.bdockinstall.log
2012-05-06 13:44 - 2012-05-06 13:44 - 00002045 ____A C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2012-05-06 13:43 - 2012-05-06 13:42 - 00003919 ____A C:\Windows\System32\RaCoInst.log
2012-05-06 12:53 - 2012-05-06 12:52 - 00004594 ____A C:\Windows\DPINST.LOG
2012-05-06 12:53 - 2012-05-04 15:36 - 00001007 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-05-05 13:57 - 2012-05-05 13:57 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
2012-05-05 10:19 - 2012-05-05 10:19 - 00000020 ___SH C:\Users\Joseph\ntuser.ini
2012-05-05 10:18 - 2012-05-05 10:18 - 00274848 ____A C:\Windows\Minidump\050512-22105-01.dmp
2012-05-04 23:08 - 2012-05-04 23:08 - 00295742 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-05-04 23:08 - 2012-05-04 23:07 - 00295754 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-05-04 21:58 - 2011-08-15 00:20 - 00002622 ____A C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2012-05-04 20:10 - 2012-05-04 20:09 - 00008427 ____A C:\Users\Kana\Downloads\IORRT 3.5.cmd
2012-05-04 17:40 - 2012-05-04 16:28 - 2641623040 ____A C:\Users\Kana\Downloads\Microsoft Office 2010 Professional Plus x86 & X64 SP1.iso
2012-05-04 16:43 - 2012-05-04 16:43 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-04 16:43 - 2012-05-04 16:43 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 16:43 - 2012-05-04 16:43 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-04 16:43 - 2012-05-04 16:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-04 16:43 - 2012-05-04 16:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 16:39 - 2012-05-04 16:39 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Kana\Downloads\jxpiinstall.exe
2012-05-04 16:12 - 2012-05-04 16:12 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 16:02 - 2012-05-04 16:02 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-04 15:47 - 2011-08-15 01:03 - 00023413 ____A C:\Windows\patch.log
2012-05-04 15:42 - 2012-05-04 15:42 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-04 15:42 - 2012-05-04 15:42 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-04 15:42 - 2012-05-04 15:42 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-04 15:42 - 2012-05-04 15:42 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-04 15:42 - 2012-05-04 15:42 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-04 15:42 - 2012-05-04 15:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-04 15:42 - 2012-05-04 15:42 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-04 15:42 - 2012-05-04 15:42 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-04 15:42 - 2012-05-04 15:42 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-04 15:42 - 2012-05-04 15:40 - 00003253 ____A C:\Windows\IE9_main.log
2012-05-04 15:36 - 2012-05-04 15:36 - 00001930 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-05-04 15:35 - 2012-05-04 15:35 - 00002609 ____A C:\Users\Public\Desktop\eBay.lnk
2012-05-04 15:35 - 2012-05-04 15:35 - 00000020 ___SH C:\Users\Kana\ntuser.ini
2012-05-04 03:06 - 2012-06-13 16:47 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 16:47 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 16:47 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 16:47 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 16:47 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 16:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 16:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 16:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 16:47 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 16:47 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 16:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 16:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\@
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\L
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\L\00000004.@
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\L\1afb2d56
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U\00000004.@
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U\000000cb.@
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U\80000032.@
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U\80000064.@

ZeroAccess:
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\@
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\L
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3540.69 MB
Available physical RAM: 2833.13 MB
Total Pagefile: 3538.89 MB
Available Pagefile: 2831.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:914.41 GB) (Free:742.96 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:17 GB) (Free:5.57 GB) NTFS
6 Drive i: () (Removable) (Total:3.89 GB) (Free:3.58 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 4000 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 17 GB 1024 KB
Partition 2 Primary 100 MB 17 GB
Partition 3 Primary 914 GB 17 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 17 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 914 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3992 MB 31 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 3992 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-11 04:38

======================= End Of Log ==========================

While here is my Search.txt

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-21 15:38:35
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Edited by geejay, 21 July 2012 - 02:45 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 21 July 2012 - 03:25 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 21 July 2012 - 03:59 PM

Hello again, here is the contents of my Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-21 16:55:03 Run:1
Running from I:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\Installer\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c} moved successfully.
C:\Users\Joseph\AppData\Local\{a964fb1f-0ecb-5d80-b9c5-b4c0c546c42c} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 21 July 2012 - 04:04 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 21 July 2012 - 04:12 PM

Hmmmm Combofix is saying that my antivirus is still on, while i turned it off. Here is a screenshot

Posted Image

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 21 July 2012 - 04:20 PM

go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 21 July 2012 - 05:16 PM

It took a while for the logs to finish. here it is, i think its all better now cause in the first place it didn't slow that much i just noticed the virus because the arrangement of my desktop changed

ComboFix 12-07-21.01 - Joseph 21/07/2012 17:24:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3541.2255 [GMT -4:00]
Running from: c:\users\Joseph\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joseph\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 23:36 . 2012-07-21 23:36 -------- d-----w- C:\FRST
2012-07-21 21:38 . 2012-07-21 21:38 -------- d-----w- c:\users\Kana\AppData\Local\temp
2012-07-21 21:38 . 2012-07-21 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 03:36 . 2012-07-18 03:37 -------- d-----w- c:\program files (x86)\Simpo PDF to PowerPoint
2012-07-18 00:49 . 2012-07-18 00:49 -------- d-----w- c:\users\Joseph\AppData\Roaming\2K Sports
2012-07-18 00:42 . 2012-07-18 00:42 -------- d-----w- c:\program files (x86)\2K Sports
2012-07-16 03:10 . 2012-07-16 03:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 17:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B019A01-23BF-4BDB-AC59-E9A1CA46AF63}\mpengine.dll
2012-07-12 03:52 . 2012-07-12 03:52 -------- d-----w- c:\programdata\Canon IJ Network Tool
2012-07-12 03:52 . 2012-07-12 03:52 -------- d-----w- c:\program files (x86)\Canon
2012-07-12 03:50 . 2012-07-12 03:50 -------- d--h--w- c:\programdata\CanonIJFAX
2012-07-12 03:46 . 2012-07-12 03:46 -------- d-----w- c:\windows\system32\STRING
2012-07-12 03:46 . 2010-09-08 20:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2012-07-12 03:46 . 2010-09-08 20:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2012-07-12 03:46 . 2010-09-08 20:26 342016 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL
2012-07-12 03:46 . 2012-07-12 03:46 -------- d--h--w- c:\programdata\CanonBJ
2012-07-12 03:46 . 2010-09-20 09:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAL.DLL
2012-07-12 03:46 . 2010-09-20 09:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAL.DLL
2012-07-12 03:46 . 2012-07-12 03:46 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-12 03:45 . 2010-09-13 18:43 1368064 ----a-w- c:\windows\system32\CNC410C.dll
2012-07-12 03:45 . 2010-09-13 18:43 112128 ----a-w- c:\windows\system32\CNC410I.dll
2012-07-12 03:45 . 2010-09-13 18:44 106496 ----a-w- c:\windows\SysWow64\CNC410U.dll
2012-07-12 03:45 . 2010-09-06 21:04 367104 ----a-w- c:\windows\system32\CNC410L.dll
2012-07-12 03:45 . 2010-09-06 21:03 315392 ----a-w- c:\windows\SysWow64\CNC410L.dll
2012-07-12 03:45 . 2008-08-25 22:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-07-12 03:45 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-07-12 03:45 . 2010-09-20 09:00 374784 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-07-12 03:45 . 2010-10-21 09:00 302080 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-07-12 03:45 . 2010-09-07 14:58 248320 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-07-12 03:45 . 2010-06-03 19:11 103424 ----a-w- c:\windows\system32\CNC410O.dll
2012-07-12 03:45 . 2012-07-12 03:45 -------- d--h--w- c:\program files\CanonBJ
2012-07-11 04:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:58 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-11 03:58 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-11 03:58 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 03:58 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-10 04:59 . 2012-07-20 05:30 -------- d-----w- c:\users\Joseph\AppData\Roaming\Skype
2012-07-10 04:59 . 2012-07-10 04:59 -------- d-----r- c:\program files (x86)\Skype
2012-07-10 04:59 . 2012-07-10 04:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-09 02:02 . 2012-07-09 02:02 -------- d-----w- C:\KEY
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 01:01 . 2012-07-05 01:01 -------- d-----w- c:\program files (x86)\Video Thumbnails Maker
2012-06-30 21:18 . 2012-06-30 21:18 -------- d-----w- c:\users\Joseph\AppData\Roaming\Media Player Classic
2012-06-29 20:04 . 2012-06-29 20:04 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-06-29 03:31 . 2012-06-29 03:31 -------- d-----w- c:\users\Joseph\AppData\Local\Research In Motion
2012-06-29 03:31 . 2012-06-29 03:32 -------- d-----w- c:\users\Joseph\AppData\Roaming\Research In Motion
2012-06-29 03:30 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\programdata\Research In Motion
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Research In Motion
2012-06-29 01:16 . 2012-06-29 01:16 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-06-25 00:59 . 2012-06-25 00:59 -------- d-----w- c:\users\Joseph\AppData\Local\SplitMediaLabs
2012-06-25 00:58 . 2012-06-25 00:58 -------- d-----w- c:\programdata\SplitMediaLabs
2012-06-25 00:56 . 2012-06-25 00:56 -------- d-----w- c:\users\Joseph\AppData\Roaming\SplitMediaLabs
2012-06-22 15:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 15:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 15:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 15:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 15:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 15:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 15:54 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 15:54 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:03 . 2012-06-21 23:03 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-21 23:03 . 2012-07-16 22:57 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:44 . 2012-05-05 00:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 18:44 . 2011-08-15 09:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 03:59 . 2012-05-11 20:10 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-01 04:45 . 2012-05-31 18:36 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-05-05 00:43 . 2012-05-05 00:43 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 00:43 . 2012-05-05 00:43 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 23:55 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 23:42 . 2012-05-04 23:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-04 23:42 . 2012-05-04 23:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-04 23:42 . 2012-05-04 23:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-04 23:42 . 2012-05-04 23:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-04 23:42 . 2012-05-04 23:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-04 23:42 . 2012-05-04 23:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-04 23:42 . 2012-05-04 23:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-04 23:42 . 2012-05-04 23:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-04 23:42 . 2012-05-04 23:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-04 23:42 . 2012-05-04 23:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-04 23:42 . 2012-05-04 23:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-04 23:42 . 2012-05-04 23:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-04 23:42 . 2012-05-04 23:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-04 23:42 . 2012-05-04 23:42 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-04 23:42 . 2012-05-04 23:42 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-04 23:42 . 2012-05-04 23:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-04 23:42 . 2012-05-04 23:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-04 23:42 . 2012-05-04 23:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-04 23:42 . 2012-05-04 23:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 23:42 . 2012-05-04 23:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-04 23:42 . 2012-05-04 23:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-04 23:42 . 2012-05-04 23:42 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-04 23:42 . 2012-05-04 23:42 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-04 23:42 . 2012-05-04 23:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-04 23:42 . 2012-05-04 23:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-04 23:42 . 2012-05-04 23:42 448512 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:42 . 2012-05-04 23:42 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-04 23:42 . 2012-05-04 23:42 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-04 23:42 . 2012-05-04 23:42 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-04 23:42 . 2012-05-04 23:42 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-04 23:42 . 2012-05-04 23:42 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-04 23:42 . 2012-05-04 23:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-04 23:42 . 2012-05-04 23:42 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-04 23:42 . 2012-05-04 23:42 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-04 23:42 . 2012-05-04 23:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-04 23:42 . 2012-05-04 23:42 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-04 23:42 . 2012-05-04 23:42 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-04 23:42 . 2012-05-04 23:42 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-04 23:42 . 2012-05-04 23:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-04 23:42 . 2012-05-04 23:42 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-04 23:42 . 2012-05-04 23:42 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-04 23:42 . 2012-05-04 23:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-04 23:42 . 2012-05-04 23:42 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-04 23:42 . 2012-05-04 23:42 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-04 23:42 . 2012-05-04 23:42 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-04 23:42 . 2012-05-04 23:42 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-04 23:42 . 2012-05-04 23:42 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-04 23:42 . 2012-05-04 23:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-04 23:42 . 2012-05-04 23:42 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-04 23:42 . 2012-05-04 23:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-04 23:42 . 2012-05-04 23:42 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-04 23:42 . 2012-05-04 23:42 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-04 11:06 . 2012-06-14 00:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 00:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 00:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 00:47 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 00:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 00:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 00:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 00:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 00:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 00:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 00:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 00:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 00:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 00:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 20:12 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Joseph\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-05-05 108136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-21 122880]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-05-07 646232]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0134181336420400mcinstcleanup;McAfee Application Installer Cleanup (0134181336420400);c:\windows\TEMP\013418~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [2010-04-21 126976]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-15 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-15 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-15 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2010-03-03 53248]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-07-05 6581624]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-07-05 528760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2010-05-05 1119072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 18:44]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000Core.job
- c:\users\Kana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 23:58]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000UA.job
- c:\users\Kana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 23:58]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002Core.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 18:59]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002UA.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={74B107FD-A5D5-4668-B7A4-8C08C47E3DDD}&mid=56bb67a997e047d0994c294607a55059-2864384930bf4c3ebc516b16f73bba59e54e2274&lang=en&ds=st011&pr=sa&d=2012-05-19 14:40&v=11.1.0.7&sap=hp
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.100.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\clv6m05g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
AddRemove-{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-07-21 18:11:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-21 22:10
.
Pre-Run: 797,568,327,680 bytes free
Post-Run: 797,825,593,344 bytes free
.
- - End Of File - - 7FE917FCCFDF414B0B99D2CDE9298315

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 21 July 2012 - 09:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 22 July 2012 - 06:21 PM

I dont know if its just your servers but the download is incredibly slow, here is the TDSSKiller report btw

18:45:16.0654 4208 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:45:17.0064 4208 ============================================================
18:45:17.0064 4208 Current date / time: 2012/07/22 18:45:17.0064
18:45:17.0064 4208 SystemInfo:
18:45:17.0064 4208
18:45:17.0064 4208 OS Version: 6.1.7601 ServicePack: 1.0
18:45:17.0064 4208 Product type: Workstation
18:45:17.0064 4208 ComputerName: KANA-PC
18:45:17.0064 4208 UserName: Joseph
18:45:17.0064 4208 Windows directory: C:\Windows
18:45:17.0064 4208 System windows directory: C:\Windows
18:45:17.0064 4208 Running under WOW64
18:45:17.0064 4208 Processor architecture: Intel x64
18:45:17.0064 4208 Number of processors: 4
18:45:17.0064 4208 Page size: 0x1000
18:45:17.0064 4208 Boot type: Normal boot
18:45:17.0064 4208 ============================================================
18:45:17.0655 4208 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:17.0665 4208 Drive \Device\Harddisk3\DR3 - Size: 0xFA000200 (3.91 Gb), SectorSize: 0x200, Cylinders: 0x1FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:45:17.0675 4208 ============================================================
18:45:17.0675 4208 \Device\Harddisk0\DR0:
18:45:17.0675 4208 MBR partitions:
18:45:17.0675 4208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
18:45:17.0675 4208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x724D3800
18:45:17.0675 4208 \Device\Harddisk3\DR3:
18:45:17.0675 4208 MBR partitions:
18:45:17.0675 4208 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7CC57E
18:45:17.0675 4208 ============================================================
18:45:17.0705 4208 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:17.0705 4208 ============================================================
18:45:17.0705 4208 Initialize success
18:45:17.0705 4208 ============================================================
18:45:20.0025 6904 ============================================================
18:45:20.0025 6904 Scan started
18:45:20.0025 6904 Mode: Manual;
18:45:20.0025 6904 ============================================================
18:45:20.0495 6904 0134181336420400mcinstcleanup - ok
18:45:20.0605 6904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:45:20.0655 6904 1394ohci - ok
18:45:20.0675 6904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:45:20.0675 6904 ACPI - ok
18:45:20.0695 6904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:45:20.0705 6904 AcpiPmi - ok
18:45:20.0815 6904 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
18:45:20.0825 6904 AdobeActiveFileMonitor9.0 - ok
18:45:20.0955 6904 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:20.0965 6904 AdobeFlashPlayerUpdateSvc - ok
18:45:20.0995 6904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:45:21.0035 6904 adp94xx - ok
18:45:21.0065 6904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:45:21.0095 6904 adpahci - ok
18:45:21.0105 6904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:45:21.0105 6904 adpu320 - ok
18:45:21.0125 6904 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:45:21.0125 6904 AeLookupSvc - ok
18:45:21.0185 6904 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:45:21.0185 6904 AFD - ok
18:45:21.0195 6904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:45:21.0215 6904 agp440 - ok
18:45:21.0225 6904 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:45:21.0235 6904 ALG - ok
18:45:21.0235 6904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:45:21.0255 6904 aliide - ok
18:45:21.0295 6904 AMD External Events Utility (2fdcb3e855076ce97ccb58e2cf8f2a09) C:\Windows\system32\atiesrxx.exe
18:45:21.0305 6904 AMD External Events Utility - ok
18:45:21.0325 6904 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
18:45:21.0335 6904 amdhub30 - ok
18:45:21.0335 6904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:45:21.0355 6904 amdide - ok
18:45:21.0365 6904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:45:21.0375 6904 AmdK8 - ok
18:45:21.0785 6904 amdkmdag (9920704bf815a5b42da5264f013aaeb7) C:\Windows\system32\DRIVERS\atikmdag.sys
18:45:22.0025 6904 amdkmdag - ok
18:45:22.0155 6904 amdkmdap (0d1055a47a8f5dc1caa2701831293ebb) C:\Windows\system32\DRIVERS\atikmpag.sys
18:45:22.0185 6904 amdkmdap - ok
18:45:22.0235 6904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:45:22.0235 6904 AmdPPM - ok
18:45:22.0265 6904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:45:22.0315 6904 amdsata - ok
18:45:22.0325 6904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:45:22.0335 6904 amdsbs - ok
18:45:22.0365 6904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:45:22.0375 6904 amdxata - ok
18:45:22.0395 6904 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
18:45:22.0405 6904 amdxhc - ok
18:45:22.0445 6904 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
18:45:22.0445 6904 amd_sata - ok
18:45:22.0455 6904 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
18:45:22.0475 6904 amd_xata - ok
18:45:22.0495 6904 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
18:45:22.0505 6904 anodlwf - ok
18:45:22.0515 6904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:45:22.0535 6904 AppID - ok
18:45:22.0575 6904 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:45:22.0575 6904 AppIDSvc - ok
18:45:22.0595 6904 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:45:22.0595 6904 Appinfo - ok
18:45:22.0725 6904 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:45:22.0765 6904 Apple Mobile Device - ok
18:45:22.0785 6904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:45:22.0805 6904 arc - ok
18:45:22.0805 6904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:45:22.0815 6904 arcsas - ok
18:45:22.0895 6904 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:45:22.0925 6904 aspnet_state - ok
18:45:22.0925 6904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:22.0945 6904 AsyncMac - ok
18:45:22.0975 6904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:45:22.0995 6904 atapi - ok
18:45:23.0025 6904 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
18:45:23.0045 6904 AtiHDAudioService - ok
18:45:23.0115 6904 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:45:23.0175 6904 AudioEndpointBuilder - ok
18:45:23.0185 6904 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:45:23.0195 6904 AudioSrv - ok
18:45:23.0265 6904 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:45:23.0265 6904 AxInstSV - ok
18:45:23.0315 6904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:45:23.0325 6904 b06bdrv - ok
18:45:23.0345 6904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:45:23.0385 6904 b57nd60a - ok
18:45:23.0455 6904 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:45:23.0465 6904 BBSvc - ok
18:45:23.0505 6904 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:45:23.0515 6904 BBUpdate - ok
18:45:23.0535 6904 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:45:23.0545 6904 BDESVC - ok
18:45:23.0575 6904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:45:23.0575 6904 Beep - ok
18:45:23.0635 6904 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:45:23.0655 6904 BFE - ok
18:45:23.0715 6904 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:45:23.0765 6904 BITS - ok
18:45:23.0825 6904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:45:23.0845 6904 blbdrive - ok
18:45:23.0895 6904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:45:23.0915 6904 Bonjour Service - ok
18:45:23.0935 6904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:45:23.0965 6904 bowser - ok
18:45:23.0975 6904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:45:23.0975 6904 BrFiltLo - ok
18:45:23.0985 6904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:45:23.0985 6904 BrFiltUp - ok
18:45:24.0005 6904 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:45:24.0015 6904 BridgeMP - ok
18:45:24.0035 6904 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:45:24.0035 6904 Browser - ok
18:45:24.0045 6904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:45:24.0065 6904 Brserid - ok
18:45:24.0075 6904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:45:24.0085 6904 BrSerWdm - ok
18:45:24.0085 6904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:45:24.0105 6904 BrUsbMdm - ok
18:45:24.0105 6904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:45:24.0115 6904 BrUsbSer - ok
18:45:24.0155 6904 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
18:45:24.0165 6904 BthEnum - ok
18:45:24.0175 6904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:45:24.0185 6904 BTHMODEM - ok
18:45:24.0225 6904 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:45:24.0235 6904 BthPan - ok
18:45:24.0275 6904 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
18:45:24.0305 6904 BTHPORT - ok
18:45:24.0325 6904 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:45:24.0335 6904 bthserv - ok
18:45:24.0355 6904 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
18:45:24.0375 6904 BTHUSB - ok
18:45:24.0385 6904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:45:24.0385 6904 cdfs - ok
18:45:24.0405 6904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:45:24.0425 6904 cdrom - ok
18:45:24.0455 6904 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:45:24.0455 6904 CertPropSvc - ok
18:45:24.0465 6904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:45:24.0465 6904 circlass - ok
18:45:24.0495 6904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:45:24.0495 6904 CLFS - ok
18:45:24.0545 6904 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:24.0555 6904 clr_optimization_v2.0.50727_32 - ok
18:45:24.0565 6904 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:24.0575 6904 clr_optimization_v2.0.50727_64 - ok
18:45:24.0615 6904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:24.0765 6904 clr_optimization_v4.0.30319_32 - ok
18:45:24.0805 6904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:24.0855 6904 clr_optimization_v4.0.30319_64 - ok
18:45:24.0865 6904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:45:24.0885 6904 CmBatt - ok
18:45:24.0895 6904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:45:24.0925 6904 cmdide - ok
18:45:24.0965 6904 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:45:24.0985 6904 CNG - ok
18:45:25.0005 6904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:45:25.0025 6904 Compbatt - ok
18:45:25.0045 6904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:45:25.0045 6904 CompositeBus - ok
18:45:25.0045 6904 COMSysApp - ok
18:45:25.0055 6904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:45:25.0055 6904 crcdisk - ok
18:45:25.0095 6904 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:45:25.0095 6904 CryptSvc - ok
18:45:25.0155 6904 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:45:25.0155 6904 DcomLaunch - ok
18:45:25.0195 6904 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:45:25.0195 6904 defragsvc - ok
18:45:25.0225 6904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:45:25.0225 6904 DfsC - ok
18:45:25.0255 6904 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:45:25.0255 6904 Dhcp - ok
18:45:25.0265 6904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:45:25.0275 6904 discache - ok
18:45:25.0285 6904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:45:25.0295 6904 Disk - ok
18:45:25.0315 6904 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:45:25.0315 6904 Dnscache - ok
18:45:25.0345 6904 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:45:25.0355 6904 dot3svc - ok
18:45:25.0365 6904 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:45:25.0365 6904 DPS - ok
18:45:25.0375 6904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:45:25.0395 6904 drmkaud - ok
18:45:25.0515 6904 dump_wmimmc - ok
18:45:25.0585 6904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:45:25.0595 6904 DXGKrnl - ok
18:45:25.0635 6904 D_Link_DWA-125 (f195fbc375342bd25c936982245a8fb0) C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe
18:45:25.0645 6904 D_Link_DWA-125 - ok
18:45:25.0665 6904 D_Link_DWA-125_WPS (c062a2b158ed9c643d24f8e33a607c9f) C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
18:45:25.0675 6904 D_Link_DWA-125_WPS - ok
18:45:25.0705 6904 EagleX64 - ok
18:45:25.0745 6904 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
18:45:25.0745 6904 eamonm - ok
18:45:25.0765 6904 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:45:25.0775 6904 EapHost - ok
18:45:25.0935 6904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:45:26.0075 6904 ebdrv - ok
18:45:26.0135 6904 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:45:26.0145 6904 EFS - ok
18:45:26.0195 6904 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:45:26.0205 6904 EgisTec Ticket Service - ok
18:45:26.0245 6904 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
18:45:26.0275 6904 ehdrv - ok
18:45:26.0365 6904 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:45:26.0385 6904 ehRecvr - ok
18:45:26.0405 6904 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:45:26.0405 6904 ehSched - ok
18:45:26.0525 6904 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
18:45:26.0535 6904 ekrn - ok
18:45:26.0615 6904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:45:26.0635 6904 elxstor - ok
18:45:26.0665 6904 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:45:26.0665 6904 epfwwfpr - ok
18:45:26.0675 6904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:45:26.0695 6904 ErrDev - ok
18:45:26.0725 6904 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:45:26.0735 6904 EventSystem - ok
18:45:26.0745 6904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:45:26.0785 6904 exfat - ok
18:45:26.0805 6904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:45:26.0835 6904 fastfat - ok
18:45:26.0875 6904 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:45:26.0895 6904 Fax - ok
18:45:26.0905 6904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:45:26.0945 6904 fdc - ok
18:45:26.0975 6904 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:45:26.0975 6904 fdPHost - ok
18:45:26.0975 6904 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:45:26.0985 6904 FDResPub - ok
18:45:26.0995 6904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:45:27.0015 6904 FileInfo - ok
18:45:27.0025 6904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:45:27.0045 6904 Filetrace - ok
18:45:27.0055 6904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:45:27.0065 6904 flpydisk - ok
18:45:27.0085 6904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:45:27.0115 6904 FltMgr - ok
18:45:27.0175 6904 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:45:27.0195 6904 FontCache - ok
18:45:27.0245 6904 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:45:27.0245 6904 FontCache3.0.0.0 - ok
18:45:27.0265 6904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:45:27.0295 6904 FsDepends - ok
18:45:27.0305 6904 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:45:27.0325 6904 Fs_Rec - ok
18:45:27.0335 6904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:45:27.0335 6904 fvevol - ok
18:45:27.0356 6904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:45:27.0396 6904 gagp30kx - ok
18:45:27.0476 6904 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:45:27.0486 6904 GamesAppService - ok
18:45:27.0536 6904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:45:27.0546 6904 GEARAspiWDM - ok
18:45:27.0566 6904 GGSAFERDriver - ok
18:45:27.0616 6904 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:45:27.0636 6904 gpsvc - ok
18:45:27.0666 6904 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:45:27.0666 6904 GREGService - ok
18:45:27.0686 6904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:45:27.0696 6904 hcw85cir - ok
18:45:27.0736 6904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:45:27.0766 6904 HdAudAddService - ok
18:45:27.0786 6904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:45:27.0786 6904 HDAudBus - ok
18:45:27.0796 6904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:45:27.0836 6904 HidBatt - ok
18:45:27.0846 6904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:45:27.0856 6904 HidBth - ok
18:45:27.0866 6904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:45:27.0886 6904 HidIr - ok
18:45:27.0896 6904 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:45:27.0896 6904 hidserv - ok
18:45:27.0916 6904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:45:27.0926 6904 HidUsb - ok
18:45:27.0966 6904 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:45:27.0966 6904 hkmsvc - ok
18:45:27.0996 6904 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:45:27.0996 6904 HomeGroupListener - ok
18:45:28.0026 6904 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:45:28.0026 6904 HomeGroupProvider - ok
18:45:28.0036 6904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:45:28.0036 6904 HpSAMD - ok
18:45:28.0086 6904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:45:28.0086 6904 HTTP - ok
18:45:28.0096 6904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:45:28.0096 6904 hwpolicy - ok
18:45:28.0106 6904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:45:28.0126 6904 i8042prt - ok
18:45:28.0156 6904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:45:28.0186 6904 iaStorV - ok
18:45:28.0236 6904 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:45:28.0256 6904 idsvc - ok
18:45:28.0266 6904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:45:28.0266 6904 iirsp - ok
18:45:28.0326 6904 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:45:28.0346 6904 IKEEXT - ok
18:45:28.0526 6904 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
18:45:28.0556 6904 IntcAzAudAddService - ok
18:45:28.0626 6904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:45:28.0626 6904 intelide - ok
18:45:28.0636 6904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:45:28.0656 6904 intelppm - ok
18:45:28.0676 6904 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:45:28.0676 6904 IPBusEnum - ok
18:45:28.0686 6904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:28.0686 6904 IpFilterDriver - ok
18:45:28.0736 6904 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:45:28.0746 6904 iphlpsvc - ok
18:45:28.0756 6904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:45:28.0756 6904 IPMIDRV - ok
18:45:28.0766 6904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:45:28.0786 6904 IPNAT - ok
18:45:28.0866 6904 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:45:28.0876 6904 iPod Service - ok
18:45:28.0896 6904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:45:28.0896 6904 IRENUM - ok
18:45:28.0906 6904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:45:28.0916 6904 isapnp - ok
18:45:28.0936 6904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:45:28.0956 6904 iScsiPrt - ok
18:45:28.0966 6904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:45:28.0976 6904 kbdclass - ok
18:45:28.0986 6904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:45:28.0986 6904 kbdhid - ok
18:45:29.0006 6904 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:45:29.0006 6904 KeyIso - ok
18:45:29.0046 6904 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:45:29.0046 6904 KSecDD - ok
18:45:29.0066 6904 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:45:29.0076 6904 KSecPkg - ok
18:45:29.0096 6904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:45:29.0106 6904 ksthunk - ok
18:45:29.0146 6904 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:45:29.0146 6904 KtmRm - ok
18:45:29.0186 6904 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:45:29.0196 6904 LanmanServer - ok
18:45:29.0216 6904 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:45:29.0226 6904 LanmanWorkstation - ok
18:45:29.0256 6904 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
18:45:29.0256 6904 libusb0 - ok
18:45:29.0296 6904 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:45:29.0296 6904 Live Updater Service - ok
18:45:29.0306 6904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:45:29.0326 6904 lltdio - ok
18:45:29.0356 6904 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:45:29.0366 6904 lltdsvc - ok
18:45:29.0376 6904 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:45:29.0386 6904 lmhosts - ok
18:45:29.0406 6904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:45:29.0426 6904 LSI_FC - ok
18:45:29.0436 6904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:45:29.0456 6904 LSI_SAS - ok
18:45:29.0456 6904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:45:29.0476 6904 LSI_SAS2 - ok
18:45:29.0486 6904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:45:29.0506 6904 LSI_SCSI - ok
18:45:29.0516 6904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:45:29.0526 6904 luafv - ok
18:45:29.0546 6904 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:45:29.0546 6904 Mcx2Svc - ok
18:45:29.0556 6904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:45:29.0576 6904 megasas - ok
18:45:29.0596 6904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:45:29.0616 6904 MegaSR - ok
18:45:29.0636 6904 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:45:29.0636 6904 MMCSS - ok
18:45:29.0656 6904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:45:29.0656 6904 Modem - ok
18:45:29.0676 6904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:45:29.0676 6904 monitor - ok
18:45:29.0686 6904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:45:29.0686 6904 mouclass - ok
18:45:29.0706 6904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:45:29.0706 6904 mouhid - ok
18:45:29.0726 6904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:45:29.0726 6904 mountmgr - ok
18:45:29.0776 6904 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:45:29.0786 6904 MozillaMaintenance - ok
18:45:29.0806 6904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:45:29.0816 6904 mpio - ok
18:45:29.0826 6904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:45:29.0846 6904 mpsdrv - ok
18:45:29.0916 6904 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:45:29.0996 6904 MpsSvc - ok
18:45:30.0026 6904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:45:30.0026 6904 MRxDAV - ok
18:45:30.0046 6904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:30.0056 6904 mrxsmb - ok
18:45:30.0086 6904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:30.0136 6904 mrxsmb10 - ok
18:45:30.0146 6904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:30.0166 6904 mrxsmb20 - ok
18:45:30.0176 6904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:45:30.0196 6904 msahci - ok
18:45:30.0206 6904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:45:30.0216 6904 msdsm - ok
18:45:30.0246 6904 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:45:30.0246 6904 MSDTC - ok
18:45:30.0266 6904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:45:30.0276 6904 Msfs - ok
18:45:30.0286 6904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:45:30.0286 6904 mshidkmdf - ok
18:45:30.0296 6904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:45:30.0316 6904 msisadrv - ok
18:45:30.0336 6904 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:45:30.0336 6904 MSiSCSI - ok
18:45:30.0346 6904 msiserver - ok
18:45:30.0366 6904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:45:30.0366 6904 MSKSSRV - ok
18:45:30.0366 6904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:30.0376 6904 MSPCLOCK - ok
18:45:30.0376 6904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:45:30.0386 6904 MSPQM - ok
18:45:30.0426 6904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:45:30.0426 6904 MsRPC - ok
18:45:30.0446 6904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:45:30.0446 6904 mssmbios - ok
18:45:30.0446 6904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:45:30.0446 6904 MSTEE - ok
18:45:30.0456 6904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:45:30.0456 6904 MTConfig - ok
18:45:30.0466 6904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:45:30.0486 6904 Mup - ok
18:45:30.0496 6904 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:45:30.0516 6904 mwlPSDFilter - ok
18:45:30.0516 6904 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:45:30.0536 6904 mwlPSDNServ - ok
18:45:30.0556 6904 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:45:30.0566 6904 mwlPSDVDisk - ok
18:45:30.0626 6904 MySQL55 - ok
18:45:30.0676 6904 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:45:30.0686 6904 napagent - ok
18:45:30.0706 6904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:45:30.0756 6904 NativeWifiP - ok
18:45:30.0816 6904 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
18:45:30.0826 6904 NAUpdate - ok
18:45:30.0876 6904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:45:30.0886 6904 NDIS - ok
18:45:30.0906 6904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:45:30.0916 6904 NdisCap - ok
18:45:30.0946 6904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:30.0946 6904 NdisTapi - ok
18:45:30.0966 6904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:30.0966 6904 Ndisuio - ok
18:45:30.0976 6904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:30.0996 6904 NdisWan - ok
18:45:31.0006 6904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:45:31.0036 6904 NDProxy - ok
18:45:31.0046 6904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:45:31.0066 6904 NetBIOS - ok
18:45:31.0086 6904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:45:31.0086 6904 NetBT - ok
18:45:31.0106 6904 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:45:31.0106 6904 Netlogon - ok
18:45:31.0146 6904 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:45:31.0156 6904 Netman - ok
18:45:31.0216 6904 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:45:31.0256 6904 NetMsmqActivator - ok
18:45:31.0276 6904 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:45:31.0276 6904 NetPipeActivator - ok
18:45:31.0296 6904 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:45:31.0306 6904 netprofm - ok
18:45:31.0426 6904 netr28ux (fad5127b44a089bb420bd0db48f2075f) C:\Windows\system32\DRIVERS\Dnetr28ux.sys
18:45:31.0466 6904 netr28ux - ok
18:45:31.0526 6904 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
18:45:31.0556 6904 netr28x - ok
18:45:31.0586 6904 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:45:31.0586 6904 NetTcpActivator - ok
18:45:31.0586 6904 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:45:31.0596 6904 NetTcpPortSharing - ok
18:45:31.0606 6904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:45:31.0626 6904 nfrd960 - ok
18:45:31.0666 6904 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:45:31.0666 6904 NlaSvc - ok
18:45:31.0796 6904 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:45:31.0836 6904 NOBU - ok
18:45:31.0926 6904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:45:31.0936 6904 Npfs - ok
18:45:31.0956 6904 npggsvc - ok
18:45:31.0966 6904 NPPTNT2 - ok
18:45:31.0996 6904 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:45:31.0996 6904 nsi - ok
18:45:32.0006 6904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:45:32.0006 6904 nsiproxy - ok
18:45:32.0186 6904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:45:32.0296 6904 Ntfs - ok
18:45:32.0326 6904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:45:32.0336 6904 Null - ok
18:45:32.0366 6904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:45:32.0376 6904 nvraid - ok
18:45:32.0386 6904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:45:32.0416 6904 nvstor - ok
18:45:32.0436 6904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:45:32.0446 6904 nv_agp - ok
18:45:32.0456 6904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:45:32.0476 6904 ohci1394 - ok
18:45:32.0506 6904 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:45:32.0506 6904 p2pimsvc - ok
18:45:32.0536 6904 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:45:32.0546 6904 p2psvc - ok
18:45:32.0546 6904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:45:32.0566 6904 Parport - ok
18:45:32.0606 6904 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:45:32.0626 6904 partmgr - ok
18:45:32.0636 6904 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:45:32.0636 6904 PcaSvc - ok
18:45:32.0686 6904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:45:32.0706 6904 pci - ok
18:45:32.0756 6904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:45:32.0786 6904 pciide - ok
18:45:32.0816 6904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:45:32.0856 6904 pcmcia - ok
18:45:32.0866 6904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:45:32.0876 6904 pcw - ok
18:45:32.0916 6904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:45:32.0936 6904 PEAUTH - ok
18:45:33.0006 6904 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:45:33.0006 6904 PerfHost - ok
18:45:33.0226 6904 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:45:33.0246 6904 pla - ok
18:45:33.0386 6904 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:45:33.0426 6904 PlugPlay - ok
18:45:33.0456 6904 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:45:33.0456 6904 PNRPAutoReg - ok
18:45:33.0516 6904 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:45:33.0526 6904 PNRPsvc - ok
18:45:33.0716 6904 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:45:33.0786 6904 PolicyAgent - ok
18:45:33.0826 6904 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:45:33.0826 6904 Power - ok
18:45:33.0956 6904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:45:34.0046 6904 PptpMiniport - ok
18:45:34.0056 6904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:45:34.0076 6904 Processor - ok
18:45:34.0126 6904 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:45:34.0136 6904 ProfSvc - ok
18:45:34.0176 6904 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:45:34.0186 6904 ProtectedStorage - ok
18:45:34.0206 6904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:45:34.0206 6904 Psched - ok
18:45:34.0246 6904 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:45:34.0286 6904 PxHlpa64 - ok
18:45:34.0427 6904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:45:34.0457 6904 ql2300 - ok
18:45:34.0527 6904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:45:34.0537 6904 ql40xx - ok
18:45:34.0577 6904 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:45:34.0587 6904 QWAVE - ok
18:45:34.0627 6904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:45:34.0637 6904 QWAVEdrv - ok
18:45:34.0647 6904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:45:34.0657 6904 RasAcd - ok
18:45:34.0727 6904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:45:34.0737 6904 RasAgileVpn - ok
18:45:34.0777 6904 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:45:34.0777 6904 RasAuto - ok
18:45:34.0817 6904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:34.0857 6904 Rasl2tp - ok
18:45:34.0937 6904 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:45:34.0937 6904 RasMan - ok
18:45:34.0967 6904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:34.0967 6904 RasPppoe - ok
18:45:34.0977 6904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:45:34.0997 6904 RasSstp - ok
18:45:35.0027 6904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:45:35.0037 6904 rdbss - ok
18:45:35.0047 6904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:45:35.0067 6904 rdpbus - ok
18:45:35.0097 6904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:35.0097 6904 RDPCDD - ok
18:45:35.0147 6904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:45:35.0147 6904 RDPENCDD - ok
18:45:35.0167 6904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:45:35.0177 6904 RDPREFMP - ok
18:45:35.0317 6904 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:45:35.0367 6904 RDPWD - ok
18:45:35.0407 6904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:45:35.0417 6904 rdyboost - ok
18:45:35.0457 6904 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:45:35.0467 6904 RemoteAccess - ok
18:45:35.0487 6904 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:45:35.0497 6904 RemoteRegistry - ok
18:45:35.0577 6904 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:45:35.0597 6904 RFCOMM - ok
18:45:35.0677 6904 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:45:35.0687 6904 RimUsb - ok
18:45:35.0767 6904 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:45:35.0777 6904 RimVSerPort - ok
18:45:35.0807 6904 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:45:35.0817 6904 ROOTMODEM - ok
18:45:35.0837 6904 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:45:35.0847 6904 RpcEptMapper - ok
18:45:35.0887 6904 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:45:35.0887 6904 RpcLocator - ok
18:45:35.0967 6904 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:45:35.0977 6904 RpcSs - ok
18:45:36.0057 6904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:45:36.0087 6904 rspndr - ok
18:45:36.0137 6904 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:45:36.0137 6904 RTL8167 - ok
18:45:36.0157 6904 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:45:36.0157 6904 SamSs - ok
18:45:36.0177 6904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:45:36.0197 6904 sbp2port - ok
18:45:36.0217 6904 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:45:36.0217 6904 SCardSvr - ok
18:45:36.0257 6904 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
18:45:36.0277 6904 SCDEmu - ok
18:45:36.0287 6904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:45:36.0297 6904 scfilter - ok
18:45:36.0347 6904 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:45:36.0357 6904 Schedule - ok
18:45:36.0437 6904 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:45:36.0437 6904 SCPolicySvc - ok
18:45:36.0507 6904 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:45:36.0517 6904 SDRSVC - ok
18:45:36.0567 6904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:45:36.0577 6904 secdrv - ok
18:45:36.0627 6904 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:45:36.0627 6904 seclogon - ok
18:45:36.0677 6904 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:45:36.0677 6904 SENS - ok
18:45:36.0717 6904 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:45:36.0717 6904 SensrSvc - ok
18:45:36.0727 6904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:45:36.0737 6904 Serenum - ok
18:45:36.0767 6904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:45:36.0817 6904 Serial - ok
18:45:36.0867 6904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:45:36.0887 6904 sermouse - ok
18:45:36.0907 6904 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:45:36.0917 6904 SessionEnv - ok
18:45:36.0927 6904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:45:36.0937 6904 sffdisk - ok
18:45:36.0947 6904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:45:36.0957 6904 sffp_mmc - ok
18:45:36.0967 6904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:45:36.0967 6904 sffp_sd - ok
18:45:36.0977 6904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:45:36.0987 6904 sfloppy - ok
18:45:37.0067 6904 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:45:37.0077 6904 SharedAccess - ok
18:45:37.0107 6904 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:45:37.0107 6904 ShellHWDetection - ok
18:45:37.0127 6904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:45:37.0157 6904 SiSRaid2 - ok
18:45:37.0157 6904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:45:37.0177 6904 SiSRaid4 - ok
18:45:37.0367 6904 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:45:37.0417 6904 Skype C2C Service - ok
18:45:37.0467 6904 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:45:37.0467 6904 SkypeUpdate - ok
18:45:37.0527 6904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:45:37.0527 6904 Smb - ok
18:45:37.0547 6904 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:45:37.0547 6904 SNMPTRAP - ok
18:45:37.0567 6904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:45:37.0577 6904 spldr - ok
18:45:37.0597 6904 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:45:37.0607 6904 Spooler - ok
18:45:37.0797 6904 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:45:37.0857 6904 sppsvc - ok
18:45:37.0897 6904 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:45:37.0897 6904 sppuinotify - ok
18:45:37.0927 6904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:45:37.0967 6904 srv - ok
18:45:37.0987 6904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:45:38.0007 6904 srv2 - ok
18:45:38.0037 6904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:45:38.0047 6904 srvnet - ok
18:45:38.0057 6904 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:45:38.0057 6904 SSDPSRV - ok
18:45:38.0087 6904 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:45:38.0097 6904 SstpSvc - ok
18:45:38.0137 6904 Steam Client Service - ok
18:45:38.0157 6904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:45:38.0157 6904 stexstor - ok
18:45:38.0207 6904 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:45:38.0237 6904 stisvc - ok
18:45:38.0257 6904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:45:38.0277 6904 swenum - ok
18:45:38.0307 6904 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:45:38.0327 6904 swprv - ok
18:45:38.0397 6904 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:45:38.0417 6904 SysMain - ok
18:45:38.0437 6904 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:45:38.0447 6904 TabletInputService - ok
18:45:38.0707 6904 TabletServicePen (7c7e4d7eac200630de8581c8b67d36ab) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
18:45:38.0807 6904 TabletServicePen - ok
18:45:38.0847 6904 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:45:38.0857 6904 TapiSrv - ok
18:45:38.0857 6904 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:45:38.0867 6904 TBS - ok
18:45:38.0967 6904 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:45:38.0987 6904 Tcpip - ok
18:45:39.0097 6904 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:45:39.0107 6904 TCPIP6 - ok
18:45:39.0147 6904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:45:39.0147 6904 tcpipreg - ok
18:45:39.0157 6904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:45:39.0177 6904 TDPIPE - ok
18:45:39.0197 6904 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:45:39.0207 6904 TDTCP - ok
18:45:39.0227 6904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:45:39.0247 6904 tdx - ok
18:45:39.0397 6904 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:45:39.0407 6904 TeamViewer7 - ok
18:45:39.0447 6904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:45:39.0467 6904 TermDD - ok
18:45:39.0507 6904 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:45:39.0517 6904 TermService - ok
18:45:39.0527 6904 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:45:39.0527 6904 Themes - ok
18:45:39.0557 6904 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:45:39.0557 6904 THREADORDER - ok
18:45:39.0617 6904 TouchServicePen (c4f3c11a5c4f413d16b09a33dcf7554c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
18:45:39.0637 6904 TouchServicePen - ok
18:45:39.0717 6904 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:45:39.0727 6904 TrkWks - ok
18:45:39.0777 6904 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:45:39.0777 6904 TrustedInstaller - ok
18:45:39.0797 6904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:39.0797 6904 tssecsrv - ok
18:45:39.0807 6904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:45:39.0837 6904 TsUsbFlt - ok
18:45:39.0837 6904 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:45:39.0847 6904 TsUsbGD - ok
18:45:39.0867 6904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:45:39.0887 6904 tunnel - ok
18:45:39.0897 6904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:45:39.0917 6904 uagp35 - ok
18:45:39.0947 6904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:45:39.0947 6904 udfs - ok
18:45:39.0977 6904 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:45:39.0977 6904 UI0Detect - ok
18:45:39.0987 6904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:45:40.0007 6904 uliagpkx - ok
18:45:40.0027 6904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:45:40.0047 6904 umbus - ok
18:45:40.0057 6904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:45:40.0077 6904 UmPass - ok
18:45:40.0587 6904 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:45:40.0657 6904 upnphost - ok
18:45:40.0817 6904 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:45:40.0837 6904 USBAAPL64 - ok
18:45:40.0857 6904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:45:40.0877 6904 usbccgp - ok
18:45:40.0897 6904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:45:40.0897 6904 usbcir - ok
18:45:40.0917 6904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:45:40.0937 6904 usbehci - ok
18:45:40.0997 6904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
18:45:41.0007 6904 usbhub - ok
18:45:41.0037 6904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:45:41.0047 6904 usbohci - ok
18:45:41.0077 6904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:45:41.0087 6904 usbprint - ok
18:45:41.0147 6904 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:45:41.0147 6904 usbscan - ok
18:45:41.0177 6904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:41.0207 6904 USBSTOR - ok
18:45:41.0217 6904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:45:41.0217 6904 usbuhci - ok
18:45:41.0257 6904 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:45:41.0277 6904 usbvideo - ok
18:45:41.0317 6904 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:45:41.0317 6904 UxSms - ok
18:45:41.0337 6904 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:45:41.0337 6904 VaultSvc - ok
18:45:41.0367 6904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:45:41.0388 6904 vdrvroot - ok
18:45:41.0498 6904 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:45:41.0528 6904 vds - ok
18:45:41.0558 6904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:41.0558 6904 vga - ok
18:45:41.0568 6904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:45:41.0588 6904 VgaSave - ok
18:45:41.0598 6904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:45:41.0618 6904 vhdmp - ok
18:45:41.0618 6904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:45:41.0638 6904 viaide - ok
18:45:41.0678 6904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:45:41.0698 6904 volmgr - ok
18:45:41.0768 6904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:45:41.0778 6904 volmgrx - ok
18:45:41.0788 6904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:45:41.0818 6904 volsnap - ok
18:45:41.0858 6904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:45:41.0878 6904 vsmraid - ok
18:45:42.0108 6904 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:45:42.0168 6904 VSS - ok
18:45:42.0748 6904 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
18:45:42.0788 6904 vToolbarUpdater11.2.0 - ok
18:45:42.0878 6904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:45:42.0898 6904 vwifibus - ok
18:45:42.0918 6904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:45:42.0928 6904 vwififlt - ok
18:45:42.0948 6904 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:45:42.0958 6904 vwifimp - ok
18:45:42.0998 6904 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:45:43.0008 6904 W32Time - ok
18:45:43.0028 6904 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
18:45:43.0038 6904 wacommousefilter - ok
18:45:43.0068 6904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:45:43.0068 6904 WacomPen - ok
18:45:43.0098 6904 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
18:45:43.0108 6904 wacomvhid - ok
18:45:43.0148 6904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:43.0158 6904 WANARP - ok
18:45:43.0168 6904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:43.0168 6904 Wanarpv6 - ok
18:45:43.0508 6904 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:45:43.0558 6904 WatAdminSvc - ok
18:45:43.0628 6904 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:45:43.0648 6904 wbengine - ok
18:45:43.0698 6904 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:45:43.0698 6904 WbioSrvc - ok
18:45:43.0728 6904 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:45:43.0738 6904 wcncsvc - ok
18:45:43.0818 6904 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:45:43.0838 6904 WcsPlugInService - ok
18:45:43.0838 6904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:45:43.0838 6904 Wd - ok
18:45:43.0878 6904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:45:43.0888 6904 Wdf01000 - ok
18:45:43.0908 6904 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:45:43.0918 6904 WdiServiceHost - ok
18:45:43.0918 6904 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:45:43.0918 6904 WdiSystemHost - ok
18:45:43.0938 6904 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:45:43.0948 6904 WebClient - ok
18:45:43.0968 6904 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:45:43.0978 6904 Wecsvc - ok
18:45:43.0988 6904 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:45:43.0998 6904 wercplsupport - ok
18:45:44.0018 6904 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:45:44.0018 6904 WerSvc - ok
18:45:44.0038 6904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:45:44.0058 6904 WfpLwf - ok
18:45:44.0068 6904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:45:44.0078 6904 WIMMount - ok
18:45:44.0128 6904 WinDefend - ok
18:45:44.0158 6904 WinHttpAutoProxySvc - ok
18:45:44.0208 6904 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:45:44.0208 6904 Winmgmt - ok
18:45:44.0458 6904 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:45:44.0508 6904 WinRM - ok
18:45:44.0618 6904 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:45:44.0638 6904 Wlansvc - ok
18:45:44.0708 6904 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:45:44.0708 6904 wlcrasvc - ok
18:45:45.0238 6904 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:45:45.0328 6904 wlidsvc - ok
18:45:45.0398 6904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:45:45.0398 6904 WmiAcpi - ok
18:45:45.0478 6904 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:45:45.0488 6904 wmiApSrv - ok
18:45:45.0538 6904 WMPNetworkSvc - ok
18:45:45.0558 6904 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:45:45.0558 6904 WPCSvc - ok
18:45:45.0578 6904 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:45:45.0578 6904 WPDBusEnum - ok
18:45:45.0608 6904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:45:45.0608 6904 ws2ifsl - ok
18:45:45.0758 6904 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:45:45.0768 6904 wscsvc - ok
18:45:45.0778 6904 WSearch - ok
18:45:45.0958 6904 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:45:45.0998 6904 wuauserv - ok
18:45:46.0068 6904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:45:46.0098 6904 WudfPf - ok
18:45:46.0138 6904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:46.0168 6904 WUDFRd - ok
18:45:46.0188 6904 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:45:46.0198 6904 wudfsvc - ok
18:45:46.0238 6904 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:45:46.0248 6904 WwanSvc - ok
18:45:46.0288 6904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:45:47.0258 6904 \Device\Harddisk0\DR0 - ok
18:45:47.0268 6904 MBR (0x1B8) (2bdbc086f60bc3ca3e44f97d87ab1e64) \Device\Harddisk3\DR3
18:45:57.0319 6904 \Device\Harddisk3\DR3 - ok
18:45:57.0359 6904 Boot (0x1200) (fcbe47f0e7fb6f742a5db7b8965f0024) \Device\Harddisk0\DR0\Partition0
18:45:57.0409 6904 \Device\Harddisk0\DR0\Partition0 - ok
18:45:57.0429 6904 Boot (0x1200) (62635947576ab23727bfbf86710471f5) \Device\Harddisk0\DR0\Partition1
18:45:57.0429 6904 \Device\Harddisk0\DR0\Partition1 - ok
18:45:57.0439 6904 Boot (0x1200) (e46d2dabecded6dcf3accf37ca511648) \Device\Harddisk3\DR3\Partition0
18:45:57.0439 6904 \Device\Harddisk3\DR3\Partition0 - ok
18:45:57.0449 6904 ============================================================
18:45:57.0449 6904 Scan finished
18:45:57.0449 6904 ============================================================
18:45:57.0459 6908 Detected object count: 0
18:45:57.0459 6908 Actual detected object count: 0


Here is for aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 18:50:31
-----------------------------
18:50:31.586 OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:31.586 Number of processors: 4 586 0x100
18:50:31.586 ComputerName: KANA-PC UserName: Joseph
18:50:33.446 Initialize success
19:13:49.992 AVAST engine defs: 12072201
19:14:02.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
19:14:02.373 Disk 0 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 11
19:14:02.373 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000008c
19:14:02.383 Disk 3 Vendor: Size: 953869MB BusType: 0
19:14:02.393 Disk 0 MBR read successfully
19:14:02.403 Disk 0 MBR scan
19:14:02.443 Disk 0 Windows 7 default MBR code
19:14:02.453 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
19:14:02.483 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
19:14:02.513 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
19:14:02.543 Disk 0 scanning C:\Windows\system32\drivers
19:14:12.268 Service scanning
19:14:30.109 Modules scanning
19:14:30.123 Disk 0 trace - called modules:
19:14:30.144 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:14:30.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046d4060]
19:14:30.158 3 CLASSPNP.SYS[fffff880019c643f] -> nt!IofCallDriver -> [0xfffffa800447eac0]
19:14:30.166 5 amd_xata.sys[fffff880010f3a1d] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800447a060]
19:14:33.414 AVAST engine scan C:\Windows
19:14:39.191 AVAST engine scan C:\Windows\system32
19:17:39.146 AVAST engine scan C:\Windows\system32\drivers
19:17:49.838 AVAST engine scan C:\Users\Joseph
19:20:09.261 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Desktop\MBR.dat"
19:20:09.271 The log file has been saved successfully to "C:\Users\Joseph\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 22 July 2012 - 08:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 22 July 2012 - 10:56 PM

Greetings, new combofix logs

ComboFix 12-07-21.01 - Joseph 22/07/2012 22:32:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3541.2478 [GMT -4:00]
Running from: c:\users\Joseph\Desktop\ComboFix.exe
Command switches used :: c:\users\Joseph\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 02:49 . 2012-07-23 02:49 -------- d-----w- c:\users\Kana\AppData\Local\temp
2012-07-23 02:49 . 2012-07-23 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 23:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56807F2E-75CC-4759-8D68-ABB07EB52694}\mpengine.dll
2012-07-21 23:36 . 2012-07-21 23:36 -------- d-----w- C:\FRST
2012-07-18 03:36 . 2012-07-18 03:37 -------- d-----w- c:\program files (x86)\Simpo PDF to PowerPoint
2012-07-18 00:49 . 2012-07-18 00:49 -------- d-----w- c:\users\Joseph\AppData\Roaming\2K Sports
2012-07-18 00:42 . 2012-07-18 00:42 -------- d-----w- c:\program files (x86)\2K Sports
2012-07-16 03:10 . 2012-07-16 03:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 03:52 . 2012-07-12 03:52 -------- d-----w- c:\programdata\Canon IJ Network Tool
2012-07-12 03:52 . 2012-07-12 03:52 -------- d-----w- c:\program files (x86)\Canon
2012-07-12 03:50 . 2012-07-12 03:50 -------- d--h--w- c:\programdata\CanonIJFAX
2012-07-12 03:46 . 2012-07-12 03:46 -------- d-----w- c:\windows\system32\STRING
2012-07-12 03:46 . 2010-09-08 20:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2012-07-12 03:46 . 2010-09-08 20:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2012-07-12 03:46 . 2010-09-08 20:26 342016 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL
2012-07-12 03:46 . 2012-07-12 03:46 -------- d--h--w- c:\programdata\CanonBJ
2012-07-12 03:46 . 2010-09-20 09:00 88576 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAL.DLL
2012-07-12 03:46 . 2010-09-20 09:00 29696 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAL.DLL
2012-07-12 03:46 . 2012-07-12 03:46 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-12 03:45 . 2010-09-13 18:43 1368064 ----a-w- c:\windows\system32\CNC410C.dll
2012-07-12 03:45 . 2010-09-13 18:43 112128 ----a-w- c:\windows\system32\CNC410I.dll
2012-07-12 03:45 . 2010-09-13 18:44 106496 ----a-w- c:\windows\SysWow64\CNC410U.dll
2012-07-12 03:45 . 2010-09-06 21:04 367104 ----a-w- c:\windows\system32\CNC410L.dll
2012-07-12 03:45 . 2010-09-06 21:03 315392 ----a-w- c:\windows\SysWow64\CNC410L.dll
2012-07-12 03:45 . 2008-08-25 22:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-07-12 03:45 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-07-12 03:45 . 2010-09-20 09:00 374784 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-07-12 03:45 . 2010-10-21 09:00 302080 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-07-12 03:45 . 2010-09-07 14:58 248320 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-07-12 03:45 . 2010-06-03 19:11 103424 ----a-w- c:\windows\system32\CNC410O.dll
2012-07-12 03:45 . 2012-07-12 03:45 -------- d--h--w- c:\program files\CanonBJ
2012-07-11 04:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:58 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-11 03:58 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-11 03:58 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 03:58 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-10 04:59 . 2012-07-20 05:30 -------- d-----w- c:\users\Joseph\AppData\Roaming\Skype
2012-07-10 04:59 . 2012-07-10 04:59 -------- d-----r- c:\program files (x86)\Skype
2012-07-10 04:59 . 2012-07-10 04:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-09 02:02 . 2012-07-09 02:02 -------- d-----w- C:\KEY
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 01:01 . 2012-07-05 01:01 -------- d-----w- c:\program files (x86)\Video Thumbnails Maker
2012-06-30 21:18 . 2012-06-30 21:18 -------- d-----w- c:\users\Joseph\AppData\Roaming\Media Player Classic
2012-06-29 20:04 . 2012-06-29 20:04 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-06-29 03:31 . 2012-06-29 03:31 -------- d-----w- c:\users\Joseph\AppData\Local\Research In Motion
2012-06-29 03:31 . 2012-06-29 03:32 -------- d-----w- c:\users\Joseph\AppData\Roaming\Research In Motion
2012-06-29 03:30 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\programdata\Research In Motion
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-06-29 03:30 . 2012-06-29 03:30 -------- d-----w- c:\program files (x86)\Research In Motion
2012-06-29 01:16 . 2012-06-29 01:16 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-06-25 00:59 . 2012-06-25 00:59 -------- d-----w- c:\users\Joseph\AppData\Local\SplitMediaLabs
2012-06-25 00:58 . 2012-06-25 00:58 -------- d-----w- c:\programdata\SplitMediaLabs
2012-06-25 00:56 . 2012-06-25 00:56 -------- d-----w- c:\users\Joseph\AppData\Roaming\SplitMediaLabs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:44 . 2012-05-05 00:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 18:44 . 2011-08-15 09:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 03:59 . 2012-05-11 20:10 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 15:54 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:54 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 15:54 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:54 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:54 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 15:54 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 15:54 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 15:54 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 15:54 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 04:45 . 2012-05-31 18:36 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 00:43 . 2012-05-05 00:43 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 00:43 . 2012-05-05 00:43 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 23:55 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 23:42 . 2012-05-04 23:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-04 23:42 . 2012-05-04 23:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-04 23:42 . 2012-05-04 23:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-04 23:42 . 2012-05-04 23:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-04 23:42 . 2012-05-04 23:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-04 23:42 . 2012-05-04 23:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-04 23:42 . 2012-05-04 23:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-04 23:42 . 2012-05-04 23:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-04 23:42 . 2012-05-04 23:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-04 23:42 . 2012-05-04 23:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-04 23:42 . 2012-05-04 23:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-04 23:42 . 2012-05-04 23:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-04 23:42 . 2012-05-04 23:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-04 23:42 . 2012-05-04 23:42 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-04 23:42 . 2012-05-04 23:42 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-04 23:42 . 2012-05-04 23:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-04 23:42 . 2012-05-04 23:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-04 23:42 . 2012-05-04 23:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-04 23:42 . 2012-05-04 23:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 23:42 . 2012-05-04 23:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-04 23:42 . 2012-05-04 23:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-04 23:42 . 2012-05-04 23:42 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-04 23:42 . 2012-05-04 23:42 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-04 23:42 . 2012-05-04 23:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-04 23:42 . 2012-05-04 23:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-04 23:42 . 2012-05-04 23:42 448512 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:42 . 2012-05-04 23:42 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-04 23:42 . 2012-05-04 23:42 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-04 23:42 . 2012-05-04 23:42 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-04 23:42 . 2012-05-04 23:42 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-04 23:42 . 2012-05-04 23:42 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-04 23:42 . 2012-05-04 23:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-04 23:42 . 2012-05-04 23:42 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-04 23:42 . 2012-05-04 23:42 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-04 23:42 . 2012-05-04 23:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-04 23:42 . 2012-05-04 23:42 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-04 23:42 . 2012-05-04 23:42 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-04 23:42 . 2012-05-04 23:42 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-04 23:42 . 2012-05-04 23:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-04 23:42 . 2012-05-04 23:42 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-04 23:42 . 2012-05-04 23:42 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-04 23:42 . 2012-05-04 23:42 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-04 23:42 . 2012-05-04 23:42 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-04 23:42 . 2012-05-04 23:42 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-04 23:42 . 2012-05-04 23:42 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-04 23:42 . 2012-05-04 23:42 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-04 23:42 . 2012-05-04 23:42 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-04 23:42 . 2012-05-04 23:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-04 23:42 . 2012-05-04 23:42 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-04 23:42 . 2012-05-04 23:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-04 23:42 . 2012-05-04 23:42 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-04 23:42 . 2012-05-04 23:42 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-04 11:06 . 2012-06-14 00:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 00:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 00:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 00:47 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 00:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 00:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 00:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 00:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 00:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 00:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 00:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 00:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 00:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 00:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-21_21.41.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-22 22:42 55356 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 22:42 34976 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-07 19:48 . 2012-07-22 22:39 55736 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2012-05-07 19:48 . 2012-07-21 21:40 55736 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2012-05-04 23:38 . 2012-07-21 23:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-04 23:38 . 2012-07-20 23:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-11 04:03 . 2012-07-22 06:52 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-07 19:50 . 2012-07-22 22:42 9416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-655604278-1068270298-633902376-1002_UserData.bin
- 2012-07-21 21:39 . 2012-07-21 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 22:39 . 2012-07-22 22:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-21 21:39 . 2012-07-21 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 22:39 . 2012-07-22 22:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-22 22:39 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-21 20:40 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-21 21:02 664782 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-23 01:34 664782 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-21 21:02 125228 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-23 01:34 125228 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-21 21:39 245268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-22 06:52 245268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-21 20:40 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 22:39 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-21 20:40 3014656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 22:39 3014656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-05 23:53 . 2012-07-21 21:39 32235064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-655604278-1068270298-633902376-1002-12288.dat
+ 2012-05-05 23:53 . 2012-07-22 06:52 32235064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-655604278-1068270298-633902376-1002-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 20:12 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Joseph\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-05-05 108136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2010-05-21 1024000]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" [2010-04-21 122880]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-05-07 646232]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joseph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0134181336420400mcinstcleanup;McAfee Application Installer Cleanup (0134181336420400);c:\windows\TEMP\013418~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [2010-04-21 126976]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 29184]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-15 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-15 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-15 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2010-03-03 53248]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-07-05 6581624]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-07-05 528760]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2010-05-05 1119072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 35819063
*NewlyCreated* - ASWMBR
*Deregistered* - 35819063
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 18:44]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000Core.job
- c:\users\Kana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 23:58]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1000UA.job
- c:\users\Kana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 23:58]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002Core.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 18:59]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-655604278-1068270298-633902376-1002UA.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Joseph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [BU]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={74B107FD-A5D5-4668-B7A4-8C08C47E3DDD}&mid=56bb67a997e047d0994c294607a55059-2864384930bf4c3ebc516b16f73bba59e54e2274&lang=en&ds=st011&pr=sa&d=2012-05-19 14:40&v=11.1.0.7&sap=hp
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.100.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\clv6m05g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Toolbar-Locked - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 23:22:01
ComboFix-quarantined-files.txt 2012-07-23 03:21
ComboFix2.txt 2012-07-21 22:11
.
Pre-Run: 789,531,226,112 bytes free
Post-Run: 789,348,360,192 bytes free
.
- - End Of File - - C618AE0D2EADB0872DED285DAAA227BC

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 22 July 2012 - 10:58 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 geejay

geejay
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 22 July 2012 - 11:07 PM

Here it is

clear.fi
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Community Help
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Reader X MUI
Agatha Christie - Death on the Nile
Akamai NetSession Interface
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Assassin's Creed II
µTorrent
Autodesk SketchBook Express 2011 sp2
AVG Security Toolbar
Bamboo Dock
Bejeweled 2 Deluxe
Bing Bar
BlackBerry Desktop Software 7.0
Build-a-lot 4 - Power Source
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
clear.fi
clear.fi Client
Color Efex Pro 3.0 Wacom Edition 3
Combined Community Codec Pack 2011-11-11
Corel Painter Essentials 4
Cradle of Rome 2
D-Link DWA-125
D3DX10
Dora's World Adventure
DragonNest
Dropbox
eBay Worldwide
Elements 9 Organizer
Elements STI Installer
Evernote v. 4.5.1
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Garena Plus
Google Chrome
Governor of Poker 2 Premium Edition
Heroes of Newerth
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotkey Utility
HxD Hex Editor version 1.7.7.0
Identity Card
Java Auto Updater
Java™ 6 Update 32
Jewel Match 3
Junk Mail filter update
Kobo
Lineage II
Major League Baseball 2K12
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector J
MySQL Connector Net 6.5.4
MySQL Documents 5.5
MySQL Examples and Samples 5.5
MySQL Installer
MySQL Server 5.0
MySQL Tools for 5.0
MySQL Workbench 5.2 CE
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
NCsoft Launcher
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nexon Game Manager
No-IP DUC
Norton Online Backup
NVIDIA PhysX
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
PowerISO
PremiumSoft Navicat Premium 10.0
RanOnlineGS 1.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RF Online EQG
RF PoA Warriors of Light 1.23
RoboForm 7-7-4 (All Users)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Shredder
Simpo PDF to PowerPoint
Skype Click to Call
Skype™ 5.10
SplitMediaLabs VH Screen Capture Driver (x86)
Steam
System Requirements Lab CYRI
TeamViewer 7
Torchlight
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
uTorrentControl2 Toolbar
Video Thumbnails Maker by Scorp (remove only)
Virtual Villagers 5 - New Believers
Warcraft III eSK 1.26.0.6401
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users