Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start in Safe Mode


  • This topic is locked This topic is locked
47 replies to this topic

#1 apached

apached

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 05:33 AM

The instructions for removing the Malware required starting in Safe Mode. But on a PC with Win7, pressing F8 does not bring up the Boot Menu.
It only gives an option to check the disk because it was not shutdown properly. If that option is rejected it just starts Windows.
Tried Restart and holding down the F8, but its still the same option to check the disk.
Please H E L P.
Thanks.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:31 AM

Posted 03 August 2012 - 06:09 AM

Starting in Safe Mode, Win 7, http://windows.microsoft.com/en-us/windows7/start-your-computer-in-safe-mode .

You followed the above procedures?

Louis

#3 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 06:42 AM

Yes. When I Restart while holding the F8 function key, it wants to checking the file system, which can be bypassed by pressing any key. But then is just continues with startup and opens the login screen. And its back to restart and the whole cycle repeats.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:31 PM

Posted 03 August 2012 - 07:11 PM

When I Restart while holding the F8 function key, it wants to checking the file system

Hello -
Please let at least one run of the Check Disk program finish as you, or someome else may have caused a minor problem.
It never hurts to run the check and it may find and correct a minor error as the program runs - I run it monthly on both computers.
But just allow anything from 1 to 2 hours for the check to finish all 5 stages, and do not power down during the scan.

Thank You -

#5 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 07:52 PM

Finally managed to enter Safe Mode. Had to tap F8 instead of Holding down.
Have run Malwarebytes AM and the scan found and removed 14 objects. It appeared I had regained control of the system, but now have a new problem.
Have reinstalled MSE and have been trying to do another full scan in normal mode, but a pane appears saying;
Windows had encountered a critical problem and will restart in one minute... blah ...blah...blah.
It then shutsdown and restarts. This has happened 3 times, about 3 minutes after restart. Also seem to get a total blackout of screen for a few seconds soon after starting up.
I am just fed up with Windows! Not sure what to do next.

#6 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:08:31 AM

Posted 03 August 2012 - 07:55 PM

boot menu is usually f10-11 or 12 depending on model ,not f8

My answers are my opinion only,usually


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 AM

Posted 03 August 2012 - 08:28 PM

It then shutsdown and restarts. This has happened 3 times, about 3 minutes after restart. Also seem to get a total blackout of screen for a few seconds soon after starting up.


Let me ask a malware response team member to assist you

good luck

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 AM

Posted 03 August 2012 - 08:54 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:31 AM

Posted 03 August 2012 - 09:03 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 09:54 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

.....
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Have downloaded Frst and will follow the procedure and return shortly.
Thanks.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 AM

Posted 03 August 2012 - 09:58 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 10:25 PM

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 04-08-2012 13:15:40
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [dsapc] rundll32.exe "C:\Users\Eagle\AppData\Roaming\dsapc.dll",PszSkipWhiteW [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [771968 2011-08-28] (Splashtop Inc.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-14] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-12] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKU\Eagle\...\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe" [200767 2002-07-16] (Microsoft Corporation)
HKU\Eagle\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-16] (InstallShield Software Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\EasySetPackage.lnk
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()

==================== Services (Whitelisted) ======

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-05] ()
3 ICCS; "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe" [160256 2011-08-29] (Intel Corporation)
2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [607456 2011-12-07] (Intel® Corporation)
2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [363800 2011-12-15] (Intel Corporation)
2 VIAKaraokeService; C:\Windows\System32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

========================== Drivers (Whitelisted) =============

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-01] ()
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-02] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-08-02] ()
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-27] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-27] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-27] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
3 SMIUSBAVCALL; C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys [147072 2011-08-30] (Windows ® Win 7 DDK provider)
3 LGDDCDevice; \??\C:\Windows\system32\LGI2CDriver.sys [x]
3 LGII2CDevice; \??\C:\Windows\system32\LGPII2CDriver.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 13:15 - 2012-08-04 13:15 - 00000000 ____D C:\FRST
2012-08-03 16:19 - 2012-08-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E984032E517E05EB
2012-08-03 16:14 - 2012-08-03 16:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D443BA52A1420552
2012-08-03 16:10 - 2012-08-03 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05092DD7BEC56804
2012-08-03 15:56 - 2012-08-03 15:57 - 00003203 ____A C:\Windows\WindowsUpdate.log
2012-08-03 15:56 - 2012-08-03 15:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-03 15:56 - 2012-08-03 15:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-03 14:22 - 2012-08-03 14:22 - 00005010 ____A C:\Windows\PFRO.log
2012-08-03 14:00 - 2012-08-03 14:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-03 14:00 - 2012-08-03 14:00 - 00000000 ____D C:\Users\Eagle\AppData\Roaming\Malwarebytes
2012-08-03 14:00 - 2012-08-03 14:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-03 14:00 - 2012-08-03 14:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 14:00 - 2012-07-02 19:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-03 13:59 - 2012-08-03 14:00 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Eagle\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-03 13:52 - 2012-08-03 13:52 - 00001238 ____A C:\Users\Eagle\Desktop\FixExec.txt
2012-08-02 23:41 - 2012-08-03 19:07 - 00001008 ____A C:\Windows\setupact.log
2012-08-02 23:41 - 2012-08-02 23:41 - 00000000 ____A C:\Windows\setuperr.log
2012-08-02 23:39 - 2012-08-02 23:39 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-02 23:36 - 2012-08-02 23:36 - 00000000 ____D C:\Users\All Users\7531CCCB00492C96025EA4F9F875F002
2012-08-02 23:35 - 2012-08-02 23:35 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\isobEdit.dll
2012-08-02 23:34 - 2012-08-02 23:34 - 00000000 ____D C:\Windows\Sun
2012-08-02 13:17 - 2012-08-02 13:17 - 00000000 ____D C:\Users\Eagle\AppData\Local\{82B6C151-9168-48EC-80A1-695BA2626B84}
2012-08-02 13:17 - 2012-08-02 13:17 - 00000000 ____D C:\Users\Eagle\AppData\Local\{03F816F2-EBE2-4FF7-A9D3-1C4400322796}
2012-08-02 03:09 - 2012-08-02 03:09 - 00000000 ____D C:\Users\Eagle\AppData\Local\{F30B2908-9C84-4E45-892E-E64BC5F2D5CE}
2012-08-01 13:39 - 2012-08-01 13:39 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D0BFF68D-D109-4064-8545-D42BD5CD4A81}
2012-08-01 13:39 - 2012-08-01 13:39 - 00000000 ____D C:\Users\Eagle\AppData\Local\{B5DBB4C7-FBA8-4AAE-AE3D-EF9B0C501CAB}
2012-07-31 19:10 - 2012-07-31 19:10 - 00000000 ____D C:\Users\Eagle\AppData\Local\{FE96804B-17B3-438C-8804-13A8F84800C1}
2012-07-31 19:10 - 2012-07-31 19:10 - 00000000 ____D C:\Users\Eagle\AppData\Local\{E1D9E90A-5BE0-4C12-9228-522064FBC2E6}
2012-07-31 03:21 - 2012-07-31 03:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{46607742-B61C-4C1A-B350-85CA01B534D6}
2012-07-31 03:20 - 2012-07-31 03:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{042222DC-7412-4199-893E-D82ED5E6D995}
2012-07-30 13:58 - 2012-07-30 13:58 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D573183D-4A4E-4CAE-B54F-02CE0CC25F3D}
2012-07-30 13:58 - 2012-07-30 13:58 - 00000000 ____D C:\Users\Eagle\AppData\Local\{5210DD4C-06C6-456C-82A7-F164B8C7F47B}
2012-07-30 03:44 - 2012-07-30 03:46 - 00002182 ____A C:\Users\Eagle\Desktop\terminal - Shortcut.lnk
2012-07-30 03:30 - 2012-07-30 03:30 - 00065545 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120727.txt
2012-07-30 03:30 - 2012-07-30 03:30 - 00064258 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120730.txt
2012-07-29 22:14 - 2012-07-29 22:14 - 00122132 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-07-29 20:12 - 2012-07-29 20:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{5662F8EC-61FF-4066-B648-D3D20AB036CF}
2012-07-29 20:11 - 2012-07-29 20:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{19733302-FDA0-4748-B7E4-E6BBFEC7C49B}
2012-07-29 15:59 - 2012-07-29 15:59 - 00002048 ____A C:\Users\Public\Desktop\EasySetPackage.lnk
2012-07-29 15:59 - 2012-07-29 15:59 - 00000000 ____D C:\Users\All Users\InstallShield
2012-07-29 15:59 - 2012-07-29 15:59 - 00000000 ____D C:\Program Files (x86)\LG Soft India
2012-07-29 15:59 - 2009-12-21 18:30 - 00167936 ____A (LG Soft India) C:\Windows\SysWOW64\LGDeviceManager.dll
2012-07-29 15:59 - 2009-12-21 18:30 - 00090112 ____A (LG Soft India) C:\Windows\SysWOW64\LGMonitorDDCCISDK.dll
2012-07-29 15:59 - 2009-12-21 18:30 - 00077824 ____A (LG Soft India) C:\Windows\SysWOW64\LGProtocolEngine.dll
2012-07-29 15:59 - 2009-12-21 18:30 - 00065536 ____A () C:\Windows\SysWOW64\LGErrorHandler.dll
2012-07-29 15:59 - 2009-12-21 18:30 - 00019456 ____A (LG Soft India) C:\Windows\SysWOW64\LGPII2CDriver.sys
2012-07-29 15:59 - 2009-12-21 18:30 - 00016384 ____A (LG Soft India) C:\Windows\SysWOW64\LGI2CDriver.sys
2012-07-29 15:59 - 2009-10-15 21:57 - 00065792 ____A (LG Soft India) C:\Windows\SysWOW64\LGDispDrv.dll
2012-07-29 15:59 - 2009-10-12 01:15 - 00003456 ___RA (LG Soft India) C:\Windows\SysWOW64\LgExport.dll
2012-07-29 15:59 - 2004-04-15 17:24 - 00061440 ____A (InstallShield Software Corporation) C:\Windows\SysWOW64\ISUSPM.cpl
2012-07-29 05:18 - 2012-07-29 05:18 - 00000000 ____D C:\Users\Eagle\AppData\Local\{CBE020D6-0018-4589-A805-BF791900D173}
2012-07-29 05:17 - 2012-07-29 05:18 - 00000000 ____D C:\Users\Eagle\AppData\Local\{502B679B-D0D3-4804-9081-8F5783041391}
2012-07-28 14:20 - 2012-07-28 14:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{23766978-C4FF-41B8-9D17-3F0EE7793625}
2012-07-28 14:19 - 2012-07-28 14:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{3249F743-FF91-4E97-94B2-62B579835FA2}
2012-07-27 21:12 - 2012-07-27 21:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{DB46954C-E183-4E99-BC22-BF383C3046B7}
2012-07-27 21:12 - 2012-07-27 21:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{92276F54-F450-4262-9D67-8E13C6FF6414}
2012-07-27 19:41 - 2012-07-27 19:41 - 00000000 ____D C:\Users\Eagle\AppData\Local\{AF306724-F81E-4912-8627-A7ED5D2E10BC}
2012-07-27 19:40 - 2012-07-27 19:41 - 00000000 ____D C:\Users\Eagle\AppData\Local\{A23016AA-3065-4BC1-AB60-D125BA8D6EBD}
2012-07-27 02:19 - 2012-07-27 02:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{4825C790-9D11-47D9-868A-00498CA0F408}
2012-07-27 02:19 - 2012-07-27 02:19 - 00000000 ____D C:\Users\Eagle\AppData\Local\{347F145E-60DF-450F-85F5-0CD6D789C6AE}
2012-07-26 23:29 - 2012-07-26 23:29 - 00001547 ____A C:\Users\Eagle\Desktop\wordpad - Shortcut.lnk
2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 __HDC C:\Users\All Users\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\Eagle\AppData\Roaming\Stardock
2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\Eagle\AppData\Local\PackageAware
2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-07-26 15:19 - 2012-07-26 15:19 - 00000000 ____D C:\Users\Eagle\AppData\Local\{54D76DA9-D778-11E1-8270-B8AC6F996F26}
2012-07-26 13:31 - 2012-07-26 13:31 - 00000000 ____D C:\Users\Eagle\AppData\Local\{03D28E7F-D272-4C77-BEA8-4BBEA779DBD8}
2012-07-26 13:30 - 2012-07-26 13:31 - 00000000 ____D C:\Users\Eagle\AppData\Local\{082C24B5-4B21-477A-B628-65B846B25326}
2012-07-26 05:42 - 2012-07-26 05:42 - 00063553 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120710.txt
2012-07-26 05:42 - 2012-07-26 05:42 - 00061158 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120711.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00063069 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120712.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00062725 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120717.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00061873 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120713.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00065881 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120723.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00064485 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120719.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00064123 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120720.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00062759 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120718.txt
2012-07-26 05:39 - 2012-07-26 05:39 - 00066889 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120724.txt
2012-07-26 05:39 - 2012-07-26 05:39 - 00063288 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120725.txt
2012-07-26 05:38 - 2012-07-26 05:38 - 00061526 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120726.txt
2012-07-25 18:40 - 2012-07-25 18:41 - 00000000 ____D C:\Users\Eagle\AppData\Local\{FF4A384B-1C30-4192-8950-6815C48CAF16}
2012-07-25 18:40 - 2012-07-25 18:40 - 00000000 ____D C:\Users\Eagle\AppData\Local\{989A5A92-B2A1-40CF-A893-FFDD172F6503}
2012-07-25 04:47 - 2012-07-25 04:47 - 00000000 ____D C:\Users\Eagle\AppData\Local\{CA128F55-884B-4137-A56C-B3FD18945B2F}
2012-07-25 04:47 - 2012-07-25 04:47 - 00000000 ____D C:\Users\Eagle\AppData\Local\{22C30168-5DAE-496F-A124-E9FF6AE08CC3}
2012-07-24 15:24 - 2012-07-24 15:24 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-07-24 15:24 - 2012-07-24 15:24 - 00000000 ____D C:\Users\Public\Documents\sun
2012-07-24 13:48 - 2012-07-24 13:48 - 00000000 ____D C:\Users\Eagle\AppData\Local\{8AF0FFA9-9068-4BD7-89D1-622ED97EFA30}
2012-07-24 13:48 - 2012-07-24 13:48 - 00000000 ____D C:\Users\Eagle\AppData\Local\{669653C4-6011-40A4-8B00-E2A930912E2A}
2012-07-24 03:54 - 2012-07-25 05:09 - 00138176 ____A C:\Users\Eagle\Documents\ALD2012.TAX
2012-07-24 03:54 - 2012-07-25 05:08 - 00136688 ____A C:\Users\Eagle\Documents\ALD2012.BAK
2012-07-23 19:48 - 2012-07-23 19:49 - 00000000 ____D C:\Users\Eagle\AppData\Local\{4D1012D5-7CCD-475F-908E-4D4C156738FA}
2012-07-23 19:48 - 2012-07-23 19:48 - 00000000 ____D C:\Users\Eagle\AppData\Local\{F2B7F1E9-C8F1-4349-9E6A-FF3278FDE4CC}
2012-07-23 04:57 - 2012-07-23 04:58 - 00000000 ____D C:\Users\Eagle\AppData\Local\{4C7D20C8-CBCE-4ADA-AE2F-A3C0758F06BE}
2012-07-23 04:57 - 2012-07-23 04:57 - 00000000 ____D C:\Users\Eagle\AppData\Local\{2E62EC98-0E1E-422E-88F7-CE52E00DE964}
2012-07-22 14:14 - 2012-07-22 14:14 - 00000000 ____D C:\Users\Eagle\AppData\Local\{2EE7781B-B1B4-416E-82A0-908C3F6EAC82}
2012-07-22 14:13 - 2012-07-22 14:14 - 00000000 ____D C:\Users\Eagle\AppData\Local\{86762D79-9558-4A9E-85B7-7AEFE57EF4B0}
2012-07-21 20:59 - 2012-07-21 20:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{35681F0C-4174-4C74-A3F3-FE077A702684}
2012-07-21 20:58 - 2012-07-21 20:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{A201901A-7476-4E32-AAC2-A28567190F07}
2012-07-21 19:41 - 2012-07-21 19:41 - 00000000 ____D C:\Users\Eagle\AppData\Local\{C7AF5B76-E662-45B7-95B2-88A3DB81CE50}
2012-07-21 19:11 - 2012-07-21 19:11 - 00000000 ____D C:\Users\Eagle\AppData\Local\{B8C5C356-98FE-47DD-A498-4FD886C2D52C}
2012-07-21 19:11 - 2012-07-21 19:11 - 00000000 ____D C:\Users\Eagle\AppData\Local\{24A2B18B-E648-4450-BA72-6EE3C1243B09}
2012-07-21 05:23 - 2012-07-21 05:23 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D13054EF-A44F-44A2-BD2C-7DD52249387A}
2012-07-21 05:22 - 2012-07-21 05:23 - 00000000 ____D C:\Users\Eagle\AppData\Local\{02F88888-235F-44FF-B934-E687BB82B26F}
2012-07-20 18:35 - 2012-07-25 05:14 - 00191264 ____A C:\Users\Eagle\Documents\DOUG12.TAX
2012-07-20 18:35 - 2012-07-25 05:12 - 00190224 ____A C:\Users\Eagle\Documents\DOUG12.BAK
2012-07-20 18:34 - 2012-07-20 18:34 - 00001923 ____A C:\Users\Eagle\Desktop\e-tax 2012.lnk
2012-07-20 18:34 - 2012-07-20 18:34 - 00000000 ____D C:\Users\Eagle\AppData\Local\etax2012
2012-07-20 18:34 - 2012-07-20 18:34 - 00000000 ____D C:\Program Files (x86)\etax2012
2012-07-20 13:31 - 2012-07-20 13:31 - 00000000 ____D C:\Users\Eagle\AppData\Local\{FCA22A90-96D6-43F1-AE1F-BA1D760A186D}
2012-07-20 13:31 - 2012-07-20 13:31 - 00000000 ____D C:\Users\Eagle\AppData\Local\{8AC2208B-BC2D-43C6-BF8C-8A98155E0930}
2012-07-19 23:38 - 2012-07-19 23:39 - 00000000 ____D C:\Users\Eagle\AppData\Local\{95BB1DAC-4122-49F8-9D1A-240116AD7EB9}
2012-07-19 23:38 - 2012-07-19 23:38 - 00000000 ____D C:\Users\Eagle\AppData\Local\{18CBFF78-DE40-40BA-8C51-965DCF4EC025}
2012-07-19 15:59 - 2012-07-19 15:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{EDB12EA7-45AD-43B7-A891-CCB2A548870D}
2012-07-19 15:59 - 2012-07-19 15:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{A69DD379-59C2-41B1-8E76-5CA5ED8D615D}
2012-07-19 02:41 - 2012-07-02 09:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00000000 ____D C:\Users\Eagle\AppData\Local\{4F83B4A9-CBD9-443E-BE8D-A8A62728A468}
2012-07-19 02:37 - 2012-07-19 02:38 - 00000000 ____D C:\Users\Eagle\AppData\Local\{67CE4ED8-2DA5-46DA-8EB9-7036E62D825B}
2012-07-18 14:23 - 2012-07-18 14:23 - 00000000 ____D C:\Users\Eagle\AppData\Local\{291D64A8-6AEB-4FD2-9BF1-FB9270D229E4}
2012-07-18 14:22 - 2012-07-18 14:23 - 00000000 ____D C:\Users\Eagle\AppData\Local\{6457DBA8-E32C-4728-873A-2F3BC992E5EC}
2012-07-17 22:36 - 2012-07-17 22:37 - 00000000 ____D C:\Users\Eagle\AppData\Local\{77E9D541-30E0-48C5-A67C-2D9E92CFDDE9}
2012-07-17 22:36 - 2012-07-17 22:36 - 00000000 ____D C:\Users\Eagle\AppData\Local\{9A7948E0-62BD-42BF-88C9-5BF1D84E2C2B}
2012-07-17 03:36 - 2012-07-17 03:36 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D7EF4C73-4F63-4977-A484-81385B681D6F}
2012-07-17 03:36 - 2012-07-17 03:36 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D4D1944C-3166-4144-B2F8-4A6913955AB1}
2012-07-16 14:13 - 2012-07-16 14:13 - 00000000 ____D C:\Users\Eagle\AppData\Local\{6F9BD502-0D9D-4C1F-B438-C7EDA26D3647}
2012-07-16 14:12 - 2012-07-16 14:13 - 00000000 ____D C:\Users\Eagle\AppData\Local\{AB3629E5-11FB-4F9D-A339-C41FDCD5C81D}
2012-07-15 22:32 - 2012-07-15 22:32 - 00000000 ____D C:\Users\Eagle\AppData\Local\{B2BD1B92-1BB2-4D7B-BBEB-74A6C4F06775}
2012-07-15 22:32 - 2012-07-15 22:32 - 00000000 ____D C:\Users\Eagle\AppData\Local\{0B0737DF-BE5F-4689-AF12-C8519FD29CE6}
2012-07-15 04:12 - 2012-07-15 04:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{F2BC5C9F-DF94-415A-8DED-DD0B1375FAD6}
2012-07-15 04:12 - 2012-07-15 04:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{29387746-2B50-451A-A621-EB12862C327E}
2012-07-14 13:47 - 2012-07-14 13:47 - 00000000 ____D C:\Users\Eagle\AppData\Local\{736E9475-E16D-49D0-8D8C-CEAA9C34D84A}
2012-07-14 13:46 - 2012-07-14 13:47 - 00000000 ____D C:\Users\Eagle\AppData\Local\{9EA65188-716B-4C86-BFDE-E5A3E05C22F4}
2012-07-13 16:02 - 2012-07-13 16:02 - 00000000 ____D C:\Users\Eagle\New folder
2012-07-13 14:20 - 2012-07-13 14:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{84C8CA2E-2CB8-48BE-9F4B-EE3BBF0E8C26}
2012-07-13 14:20 - 2012-07-13 14:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{14320323-1F25-4E00-A606-00F88A9F8D8A}
2012-07-13 03:55 - 2012-07-13 04:06 - 00000000 ____D C:\Users\Eagle\AppData\Roaming\Notepad++
2012-07-13 03:55 - 2012-07-13 04:06 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-07-13 03:55 - 2012-07-13 03:55 - 00001057 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2012-07-13 03:55 - 2012-07-13 03:55 - 00001057 ____A C:\Users\Eagle\Desktop\Notepad++.lnk
2012-07-12 23:50 - 2012-07-12 23:51 - 00000000 ____D C:\Users\Eagle\AppData\Local\{401C1B12-6C34-4936-A99D-5AA6A181CA76}
2012-07-12 23:50 - 2012-07-12 23:50 - 00000000 ____D C:\Users\Eagle\AppData\Local\{0690349B-08C9-4250-A36B-EA685BDD30E1}
2012-07-12 04:00 - 2012-07-12 04:00 - 00000000 ____D C:\Users\Eagle\AppData\Local\{B7738BD6-A9EC-4C29-8BC1-87235EE43A77}
2012-07-12 03:59 - 2012-07-12 04:00 - 00000000 ____D C:\Users\Eagle\AppData\Local\{BB22B36C-182A-4876-AD3C-AF1AE0787423}
2012-07-11 17:09 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 17:08 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 17:08 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 17:08 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 17:08 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 17:08 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 17:08 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 17:08 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 17:08 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 17:08 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 17:08 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 17:08 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 17:08 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 17:08 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 17:08 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 17:08 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 17:08 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 17:08 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 17:08 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 17:08 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 17:08 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 17:08 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 17:08 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 17:08 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 17:08 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 17:08 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 17:08 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 17:08 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 17:08 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 16:08 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 16:08 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 16:08 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 16:08 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 16:08 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 16:08 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 16:08 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 16:08 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 16:08 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 16:08 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 16:08 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 16:08 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 16:08 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 16:08 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 16:08 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 16:08 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 16:08 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 16:08 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 16:08 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 15:59 - 2012-07-11 15:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{40F50112-234F-4D33-95D0-7F32EBA9879A}
2012-07-11 15:58 - 2012-07-11 15:59 - 00000000 ____D C:\Users\Eagle\AppData\Local\{DFB9E624-00B4-4F9A-99F2-DEF71678ED67}
2012-07-10 18:07 - 2012-07-10 18:07 - 00000000 ____D C:\Users\Eagle\AppData\Local\{EB00379D-1491-48EB-A068-66961897338D}
2012-07-10 18:07 - 2012-07-10 18:07 - 00000000 ____D C:\Users\Eagle\AppData\Local\{AA4188CB-4783-4132-9D62-E1A756DE4D0F}
2012-07-10 04:14 - 2012-07-10 04:15 - 00000000 ____D C:\Users\Eagle\AppData\Local\{5D360227-E4F7-4C12-8A93-415D9423F4B3}
2012-07-10 04:14 - 2012-07-10 04:14 - 00000000 ____D C:\Users\Eagle\AppData\Local\{E431D286-2A84-4C51-BCCE-0C2FA09F0EBE}
2012-07-09 13:48 - 2012-07-09 13:49 - 00000000 ____D C:\Users\Eagle\AppData\Local\{4D91091A-687B-4E2E-B619-7BB813439172}
2012-07-09 13:48 - 2012-07-09 13:48 - 00000000 ____D C:\Users\Eagle\AppData\Local\{616022BE-6199-4CA6-B3D6-1887884F3B1C}
2012-07-09 00:20 - 2012-07-09 00:20 - 00061026 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120709.txt
2012-07-08 22:47 - 2012-07-08 22:48 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D0F7180E-308C-42A6-8EC7-A0311DB8242A}
2012-07-08 22:47 - 2012-07-08 22:47 - 00000000 ____D C:\Users\Eagle\AppData\Local\{1E4109F7-61B6-4C2B-8C78-313895DE7DCD}
2012-07-08 04:43 - 2012-07-08 04:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-07-08 04:22 - 2012-07-08 04:22 - 00000000 ____D C:\Users\Eagle\AppData\Local\{FFCDB072-5E2B-412C-AF31-4815DD17CD29}
2012-07-08 04:22 - 2012-07-08 04:22 - 00000000 ____D C:\Users\Eagle\AppData\Local\{DC7D220B-18D7-4243-9F33-5A08E78C16EE}
2012-07-08 04:07 - 2012-07-08 04:07 - 00000000 ____D C:\Users\Eagle\AppData\Local\{0D6D5F2B-BD72-42AD-A4C7-35107ED24B6F}
2012-07-08 04:06 - 2012-07-08 04:06 - 00000000 ____D C:\Users\Eagle\AppData\Local\{BC4594EA-B012-4049-877F-D1325DEA488F}
2012-07-07 14:53 - 2012-07-07 14:53 - 00060206 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120706.txt
2012-07-07 14:34 - 2012-07-07 14:34 - 00000000 ____D C:\Users\Eagle\AppData\Local\{F8ABC3F6-8487-427D-A8C1-960EDD4886D3}
2012-07-07 14:33 - 2012-07-07 14:33 - 00000000 ____D C:\Users\Eagle\AppData\Local\{1B1AD85B-5EDA-4B04-B82D-8245C79C368C}
2012-07-06 18:33 - 2012-07-06 18:33 - 00000000 ____D C:\Users\Eagle\AppData\Local\{B97FBE20-46D6-4A55-90F4-C343C3E1E07C}
2012-07-06 18:32 - 2012-07-06 18:33 - 00000000 ____D C:\Users\Eagle\AppData\Local\{10E0FF6F-36CC-4CCA-91DC-DB25C8020C63}
2012-07-06 18:12 - 2012-07-06 18:12 - 00000000 ____D C:\Users\Eagle\AppData\Local\{FC9CB67F-73A2-4493-8F43-61C58163D6D8}
2012-07-06 03:35 - 2012-08-03 15:56 - 00734636 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-06 03:35 - 2012-08-03 15:56 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 03:22 - 2012-07-06 03:22 - 00000000 ____D C:\Users\Eagle\AppData\Local\{D8D78EE0-48C3-491D-AD87-7188DBFF3A8E}
2012-07-06 03:21 - 2012-07-06 03:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{8B6342E4-1EB5-4E38-92D7-1F00B56F201F}
2012-07-05 19:12 - 2012-07-30 19:30 - 00000000 ____D C:\Users\Eagle\AppData\Local\WinZip
2012-07-05 19:12 - 2012-07-05 19:13 - 00000000 ____D C:\Users\All Users\WinZip
2012-07-05 19:12 - 2012-07-05 19:12 - 00002281 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-07-05 19:12 - 2012-07-05 19:12 - 00000000 ____D C:\Program Files\WinZip
2012-07-05 18:19 - 2012-07-05 18:19 - 00066227 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120702.txt
2012-07-05 18:19 - 2012-07-05 18:19 - 00059799 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120703.txt
2012-07-05 18:19 - 2012-07-05 18:19 - 00059799 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120703 (1).txt
2012-07-05 18:18 - 2012-07-05 18:18 - 00063475 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120704.txt
2012-07-05 18:17 - 2012-07-05 18:17 - 00060241 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120705.txt
2012-07-05 15:21 - 2012-07-05 15:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{1445B245-A149-404B-BD2A-40AA230D4A3A}
2012-07-05 15:20 - 2012-07-05 15:21 - 00000000 ____D C:\Users\Eagle\AppData\Local\{604ED0D8-DF97-46EF-B3F9-8D97F3517160}
2012-07-05 03:20 - 2012-07-05 03:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{CB3ED035-278A-479F-ABBB-51443654D84F}
2012-07-05 03:20 - 2012-07-05 03:20 - 00000000 ____D C:\Users\Eagle\AppData\Local\{38C97FE5-FDED-4495-B6B9-BA025ACCA135}

============ 3 Months Modified Files ========================

2012-08-03 19:07 - 2012-08-02 23:41 - 00001008 ____A C:\Windows\setupact.log
2012-08-03 19:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 16:19 - 2012-08-03 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E984032E517E05EB
2012-08-03 16:14 - 2012-08-03 16:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D443BA52A1420552
2012-08-03 16:10 - 2012-08-03 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05092DD7BEC56804
2012-08-03 15:59 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 15:59 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 15:57 - 2012-08-03 15:56 - 00003203 ____A C:\Windows\WindowsUpdate.log
2012-08-03 15:56 - 2012-07-06 03:35 - 00734636 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-03 15:56 - 2012-07-06 03:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-03 15:51 - 2012-06-21 22:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 14:38 - 2012-06-20 17:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 14:38 - 2012-06-20 17:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 14:22 - 2012-08-03 14:22 - 00005010 ____A C:\Windows\PFRO.log
2012-08-03 14:00 - 2012-08-03 14:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-03 14:00 - 2012-08-03 13:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Eagle\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-03 13:52 - 2012-08-03 13:52 - 00001238 ____A C:\Users\Eagle\Desktop\FixExec.txt
2012-08-02 23:42 - 2012-05-30 19:41 - 00030528 ____A C:\Windows\GVTDrv64.sys
2012-08-02 23:42 - 2012-05-30 19:41 - 00025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-02 23:42 - 2012-05-30 19:41 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
2012-08-02 23:41 - 2012-08-02 23:41 - 00000000 ____A C:\Windows\setuperr.log
2012-08-02 23:35 - 2012-08-02 23:35 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\isobEdit.dll
2012-07-30 03:46 - 2012-07-30 03:44 - 00002182 ____A C:\Users\Eagle\Desktop\terminal - Shortcut.lnk
2012-07-30 03:30 - 2012-07-30 03:30 - 00065545 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120727.txt
2012-07-30 03:30 - 2012-07-30 03:30 - 00064258 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120730.txt
2012-07-29 22:14 - 2012-07-29 22:14 - 00122132 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-07-29 15:59 - 2012-07-29 15:59 - 00002048 ____A C:\Users\Public\Desktop\EasySetPackage.lnk
2012-07-26 23:29 - 2012-07-26 23:29 - 00001547 ____A C:\Users\Eagle\Desktop\wordpad - Shortcut.lnk
2012-07-26 05:42 - 2012-07-26 05:42 - 00063553 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120710.txt
2012-07-26 05:42 - 2012-07-26 05:42 - 00061158 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120711.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00063069 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120712.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00062725 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120717.txt
2012-07-26 05:41 - 2012-07-26 05:41 - 00061873 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120713.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00065881 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120723.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00064485 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120719.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00064123 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120720.txt
2012-07-26 05:40 - 2012-07-26 05:40 - 00062759 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120718.txt
2012-07-26 05:39 - 2012-07-26 05:39 - 00066889 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120724.txt
2012-07-26 05:39 - 2012-07-26 05:39 - 00063288 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120725.txt
2012-07-26 05:38 - 2012-07-26 05:38 - 00061526 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120726.txt
2012-07-25 05:14 - 2012-07-20 18:35 - 00191264 ____A C:\Users\Eagle\Documents\DOUG12.TAX
2012-07-25 05:12 - 2012-07-20 18:35 - 00190224 ____A C:\Users\Eagle\Documents\DOUG12.BAK
2012-07-25 05:09 - 2012-07-24 03:54 - 00138176 ____A C:\Users\Eagle\Documents\ALD2012.TAX
2012-07-25 05:08 - 2012-07-24 03:54 - 00136688 ____A C:\Users\Eagle\Documents\ALD2012.BAK
2012-07-24 18:10 - 2009-07-13 20:45 - 00293328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-24 15:25 - 2012-05-30 20:24 - 00063568 ____A C:\Users\Eagle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 15:24 - 2012-07-24 15:24 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-07-20 18:34 - 2012-07-20 18:34 - 00001923 ____A C:\Users\Eagle\Desktop\e-tax 2012.lnk
2012-07-20 03:05 - 2009-07-13 21:08 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 03:55 - 2012-07-13 03:55 - 00001057 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2012-07-13 03:55 - 2012-07-13 03:55 - 00001057 ____A C:\Users\Eagle\Desktop\Notepad++.lnk
2012-07-09 00:20 - 2012-07-09 00:20 - 00061026 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120709.txt
2012-07-07 14:53 - 2012-07-07 14:53 - 00060206 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120706.txt
2012-07-05 19:12 - 2012-07-05 19:12 - 00002281 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-07-05 18:19 - 2012-07-05 18:19 - 00066227 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120702.txt
2012-07-05 18:19 - 2012-07-05 18:19 - 00059799 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120703.txt
2012-07-05 18:19 - 2012-07-05 18:19 - 00059799 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120703 (1).txt
2012-07-05 18:18 - 2012-07-05 18:18 - 00063475 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120704.txt
2012-07-05 18:17 - 2012-07-05 18:17 - 00060241 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120705.txt
2012-07-03 01:02 - 2012-06-30 22:16 - 00000836 ____A C:\Users\Eagle\Desktop\homi1.txt
2012-07-02 19:46 - 2012-08-03 14:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 15:39 - 2012-07-02 15:39 - 00015104 ____A C:\INSTALL.LOG
2012-07-02 15:39 - 2012-07-02 15:39 - 00002085 ____A C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
2012-07-02 09:19 - 2012-07-19 02:41 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-29 02:52 - 2012-06-29 02:52 - 00071767 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120627.txt
2012-06-29 02:51 - 2012-06-29 02:51 - 00079351 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120629.txt
2012-06-29 02:51 - 2012-06-29 02:51 - 00072358 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120628.txt
2012-06-27 15:41 - 2012-06-27 15:41 - 00002530 ____A C:\Users\Eagle\Desktop\homi.txt
2012-06-26 03:54 - 2012-06-26 03:54 - 00075331 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120626.txt
2012-06-26 03:54 - 2012-06-26 03:54 - 00073990 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120625.txt
2012-06-24 03:52 - 2012-06-23 03:34 - 00038912 __ASH C:\Users\Eagle\Thumbs.db
2012-06-23 23:25 - 2012-06-23 23:04 - 00003794 ____A C:\Users\Eagle\Documents\HrGrid.mq4
2012-06-22 14:13 - 2012-06-22 14:13 - 00072245 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120622.txt
2012-06-21 18:57 - 2012-06-21 18:57 - 00000766 ____A C:\Users\Eagle\Documents\HOMI.txt
2012-06-21 03:06 - 2012-06-21 03:03 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-21 03:03 - 2012-06-21 03:03 - 00000000 ____A C:\Windows\nsreg.dat
2012-06-21 00:51 - 2012-06-21 00:51 - 00071068 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120621.txt
2012-06-20 02:50 - 2012-06-20 02:50 - 00068224 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120606.txt
2012-06-20 02:46 - 2012-06-20 02:46 - 00072107 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120620.txt
2012-06-20 02:46 - 2012-06-20 02:46 - 00067916 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120619.txt
2012-06-19 05:42 - 2012-06-03 17:42 - 02359296 ____A C:\Users\Eagle\Documents\My Money.mny
2012-06-19 05:36 - 2012-06-19 05:36 - 00001138 ____A C:\Users\Public\Desktop\Microsoft Money.lnk
2012-06-19 03:16 - 2012-06-19 03:16 - 00069616 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120531.txt
2012-06-19 03:16 - 2012-06-19 03:16 - 00067019 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120601 (1).txt
2012-06-19 03:15 - 2012-06-19 03:15 - 00067655 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120529.txt
2012-06-19 03:15 - 2012-06-19 03:15 - 00066786 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120530.txt
2012-06-19 03:15 - 2012-06-19 03:15 - 00063723 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120528.txt
2012-06-19 03:14 - 2012-06-19 03:14 - 00065318 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120525.txt
2012-06-19 03:14 - 2012-06-19 03:14 - 00065152 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120524.txt
2012-06-19 03:13 - 2012-06-19 03:13 - 00065796 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120523.txt
2012-06-18 17:41 - 2012-06-18 17:38 - 00013389 ____A C:\Users\Eagle\notes.ods
2012-06-18 16:47 - 2012-06-21 21:24 - 03852415 ____A C:\Users\Eagle\TextFiles.zip
2012-06-18 15:01 - 2012-06-18 15:01 - 00070266 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120607.txt
2012-06-18 14:59 - 2012-06-18 14:59 - 00068405 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120612.txt
2012-06-18 14:59 - 2012-06-18 14:59 - 00067638 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120608.txt
2012-06-18 14:58 - 2012-06-18 14:58 - 00069461 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120615.txt
2012-06-18 14:58 - 2012-06-18 14:58 - 00067365 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120613.txt
2012-06-18 14:58 - 2012-06-18 14:58 - 00066149 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120614.txt
2012-06-18 14:57 - 2012-06-18 14:57 - 00073671 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120618.txt
2012-06-18 14:52 - 2012-06-18 14:52 - 00000995 ____A C:\Users\UpdatusUser\Desktop\FCharts.lnk
2012-06-17 23:05 - 2012-06-17 23:04 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-17 22:56 - 2012-06-17 22:45 - 00001833 ____A C:\Users\Public\Desktop\Opera.lnk
2012-06-17 20:09 - 2012-06-17 20:09 - 00125392 ____A C:\Users\Eagle\bookmarks_6_18_12.html
2012-06-17 20:08 - 2012-06-17 20:08 - 00029591 ____A C:\Users\Eagle\operabkmks.html
2012-06-17 20:07 - 2012-06-17 20:07 - 00034825 ____A C:\Users\Eagle\operabkmks.adr
2012-06-17 20:03 - 2012-06-17 20:03 - 00107817 ____A C:\Users\Eagle\Safari Bookmarks.html
2012-06-17 14:32 - 2012-06-17 14:32 - 00001471 ____A C:\Users\Eagle\Desktop\iexplore - Shortcut.lnk
2012-06-16 22:17 - 2012-06-16 22:17 - 02139696 ____A (Conduit) C:\Users\Eagle\Downloads\WiseConvert.exe
2012-06-16 19:22 - 2012-06-16 19:23 - 05384824 ____A (EaseUS ) C:\Users\Eagle\drw_free.exe
2012-06-16 17:56 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-16 17:55 - 2012-06-16 17:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-11 19:08 - 2012-07-11 17:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 16:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 16:08 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 04:22 - 2012-06-07 04:22 - 00001414 ____A C:\Users\Eagle\Desktop\FCharts - Shortcut.lnk
2012-06-05 22:06 - 2012-07-11 16:08 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 16:08 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 16:08 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 16:08 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 16:08 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 16:08 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 04:21 - 2012-06-05 04:21 - 00067019 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120601.txt
2012-06-05 04:18 - 2012-06-05 04:18 - 00073733 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120604.txt
2012-06-05 04:17 - 2012-06-05 04:17 - 00067736 ____A C:\Users\Eagle\Downloads\ASXEQUITIESMetastock-20120605.txt
2012-06-04 19:44 - 2012-06-04 19:44 - 00004200 ____A C:\Users\Eagle\Desktop\x11free - Shortcut.lnk
2012-06-04 18:56 - 2012-06-04 18:56 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-04 06:40 - 2012-06-04 06:40 - 00007115 ____A C:\Users\Eagle\Documents\pcdiy.ods
2012-06-04 04:48 - 2012-06-04 04:48 - 00001539 ____A C:\Users\Eagle\Desktop\AcroRd32 - Shortcut.lnk
2012-06-02 14:19 - 2012-06-21 13:42 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 13:42 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 13:42 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 13:41 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 13:41 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 13:42 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 13:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:49 - 2012-07-11 17:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 17:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 17:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 17:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 17:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 17:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 17:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 17:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 17:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 17:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 17:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 17:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 17:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 17:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 17:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 17:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 17:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 17:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 17:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 17:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 17:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 17:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 17:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 17:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 17:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 17:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 17:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 17:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 16:08 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 16:08 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 16:08 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 16:08 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 16:08 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 21:19 - 2012-06-21 13:41 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:15 - 2012-06-21 13:41 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-06-01 20:45 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-01 20:40 - 2012-07-11 16:08 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 16:08 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 16:08 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 16:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 17:20 - 2012-05-31 00:57 - 00021097 ____A C:\Users\Eagle\Documents\Accounts.ods
2012-06-01 14:25 - 2012-06-01 14:25 - 00001336 ____A C:\Users\Eagle\Desktop\Notepad2 - Shortcut.lnk
2012-06-01 14:10 - 2012-06-01 14:10 - 00001723 ____A C:\Users\Eagle\Desktop\GFT MetaTrader 4.lnk
2012-05-31 15:19 - 2012-05-31 15:19 - 01287528 ____A (Microsoft Corporation) C:\Users\Eagle\Downloads\wlsetup-web.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-31 15:03 - 2012-05-31 15:03 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-31 15:03 - 2012-05-31 15:03 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-31 15:03 - 2012-05-31 15:03 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-31 15:03 - 2012-05-31 15:03 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-31 15:03 - 2012-05-31 15:03 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-31 15:03 - 2012-05-31 15:03 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-31 15:03 - 2012-05-31 15:03 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-31 15:03 - 2012-05-31 15:03 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-31 11:00 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-31 11:00 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-31 03:29 - 2012-05-31 03:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-30 20:23 - 2012-05-30 20:02 - 00002076 ____A C:\Users\Eagle\Desktop\LG Burning Tool.lnk
2012-05-30 20:04 - 2012-05-30 20:04 - 00002026 ____A C:\Users\Public\Desktop\CyberLink Media Suite.lnk
2012-05-30 20:04 - 2012-05-30 20:04 - 00001057 ____A C:\Users\Eagle\Desktop\Optical Disc Doctor.lnk
2012-05-30 20:04 - 2012-05-30 20:04 - 00000272 ____A C:\Windows\lgfwup.ini
2012-05-30 20:02 - 2012-05-30 20:02 - 00002094 ____A C:\Users\UpdatusUser\Desktop\LG Burning Tool.lnk
2012-05-30 20:02 - 2012-05-30 20:02 - 00002094 ____A C:\Users\Default\Desktop\LG Burning Tool.lnk
2012-05-30 20:02 - 2012-05-30 20:02 - 00002094 ____A C:\Users\Default User\Desktop\LG Burning Tool.lnk
2012-05-30 19:45 - 2012-05-30 19:45 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-30 19:39 - 2012-05-30 19:33 - 00000156 ____A C:\csb.log
2012-05-30 19:38 - 2012-05-30 19:38 - 00002012 ____A C:\Users\Public\Desktop\ET6.lnk
2012-05-30 19:35 - 2012-05-30 19:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-05-30 19:34 - 2012-05-30 19:34 - 00001206 ____A C:\Users\Public\Desktop\HD VDeck.lnk
2012-05-30 19:32 - 2012-05-30 19:32 - 00001412 ____A C:\Users\Eagle\Desktop\Games.lnk
2012-05-30 19:31 - 2012-05-30 19:31 - 00000010 ____A C:\Windows\GSetup.ini
2012-05-30 19:23 - 2012-05-30 19:23 - 00000020 ___SH C:\Users\Eagle\ntuser.ini
2012-05-15 02:48 - 2012-05-30 23:13 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-30 23:13 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-05-30 23:13 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2012-05-30 19:44 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-05-30 23:13 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2012-05-30 19:45 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-05-30 19:45 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-05-30 19:45 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-05-30 19:45 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-05-30 19:45 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:06 - 2012-06-17 23:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 01:06 - 2012-06-17 23:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-14 08:21 - 2012-05-14 08:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

ZeroAccess:
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\@
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\L
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\U
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\U\00000001.@
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\U\80000000.@
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\U\800000cb.@

ZeroAccess:
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101}
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\@
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\L
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8153.96 MB
Available physical RAM: 7362.92 MB
Total Pagefile: 8152.16 MB
Available Pagefile: 7357.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:862.12 GB) NTFS
3 Drive f: () (Removable) (Total:1.8 GB) (Free:1.26 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1844 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1843 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1843 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 23:01

======================= End Of Log ==========================

The search list follows.

#13 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 03 August 2012 - 10:28 PM

Sorry for the delay. Have not used the Command Prompt for ages. Confusion with drive letters. Anyway the search list is below.
Thanks again for your help.
Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 13:18:47
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 AM

Posted 04 August 2012 - 09:16 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [dsapc] rundll32.exe "C:\Users\Eagle\AppData\Roaming\dsapc.dll",PszSkipWhiteW [x]
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101}
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 04 August 2012 - 06:01 PM

Thank You! Success!! No more annoying Windows encountered critical problem shutdowns.
The fixlog.txt is pasted below.
Ran combofix. It created new Restore point and completed over 50 stage scan for infected files. Many icons on desktop have disappeared. Not sure where the log has been saved. Have shutdown the affected computer, until I get the all clear from you.
Have re enabled RunTime protection on MSe.
Will await further instruction. Thanks again.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
Ran by SYSTEM at 2012-08-05 08:21:22 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dsapc Value deleted successfully.
C:\Windows\Installer\{c8b9831f-81e5-42e0-3e97-4867bab9d101} moved successfully.
C:\Users\Eagle\AppData\Local\{c8b9831f-81e5-42e0-3e97-4867bab9d101} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied

successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Edited by apached, 04 August 2012 - 06:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users