Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Win64/Necurs.A


  • This topic is locked This topic is locked
9 replies to this topic

#1 IamXIII

IamXIII

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 14 September 2012 - 03:06 AM

hello, my DELL XPS L502x windows 7 sp1 got infected by Win64/Necurs.A, defender tried to removed it but it resulted in redundant repairs and I cant seem to get past it, i already did the FRST64 scan :), I need help badly, I got so much work to do and a broken laptop wont help me finish stuff.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 14-09-2012 19:57:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [NtrigApplet] C:\Program Files\N-trig\DuoSense Control Apps\NtrigApplet.exe [2563072 2012-01-16] (N-trig LLC)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2034752 2011-08-08] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj" [6433439 2011-03-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\MyXPS\...\Run: [AdobeBridge] [x]
HKU\MyXPS\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-25] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services ====================

2 ASTSRV; C:\Windows\SysWow64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.)
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-22] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]

==================== Drivers =================================

0 32728375d87fef9; C:\Windows\System32\Drivers\32728375d87fef9.sys [86472 2012-09-14] () ATTENTION =====> Rootkit?
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-15] (DT Soft Ltd)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\Drivers\NtrigDigitizerUSBLowerFilter.sys [13776 2010-08-16] (Windows ® Codename Longhorn DDK provider)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-05-15] (NVIDIA Corporation)
3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [121960 2010-12-12] ()
1 rnohckjk; C:\Windows\System32\Drivers\rnohckjk.sys [49872 2012-09-14] (Microsoft Corporation)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [x]
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [x]
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
3 WinRing0_1_2_0; \??\C:\Users\MyXPS\AppData\Local\Temp\tmp3F9E.tmp [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-14 19:57 - 2012-09-14 19:57 - 00000000 ____D C:\FRST
2012-09-14 00:08 - 2012-09-14 00:08 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rnohckjk.sys
2012-09-13 22:59 - 2012-09-13 22:59 - 00607260 ____A (Swearware) C:\Users\MyXPS\Downloads\dds.com
2012-09-13 22:59 - 2012-09-13 22:59 - 00302592 ____A C:\Users\MyXPS\Downloads\9xjsyb28.exe
2012-09-13 22:57 - 2012-09-13 22:58 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\MyXPS\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-13 22:52 - 2012-09-13 22:52 - 03178400 ____A (McAfee, Inc.) C:\Users\MyXPS\Downloads\MCPR.exe
2012-09-13 21:18 - 2012-09-13 22:08 - 00000000 ____D C:\Users\MyXPS\Desktop\DAT
2012-09-13 20:41 - 2012-09-13 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\MyXPS\Downloads\WindowsActivationUpdate.exe
2012-09-13 13:53 - 2012-09-13 13:53 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2012-09-13 13:52 - 2012-09-13 13:54 - 00001614 ____A C:\Windows\VPNInstall.MIF
2012-09-13 13:52 - 2012-09-13 13:54 - 00000000 ____D C:\Windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP
2012-09-12 23:46 - 2012-09-13 09:08 - 183437670 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.avi
2012-09-12 23:09 - 2012-09-12 23:48 - 183457460 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.avi
2012-09-12 22:13 - 2012-09-12 23:07 - 183733274 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.avi
2012-09-12 22:01 - 2012-09-13 09:03 - 00000338 ____A C:\bt.log
2012-09-12 00:08 - 2012-09-12 22:10 - 183331382 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.avi
2012-09-11 23:15 - 2012-09-12 00:06 - 183341056 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.avi
2012-09-11 22:40 - 2012-09-11 22:40 - 00000000 ____D C:\Users\MyXPS\Download
2012-09-10 23:40 - 2012-09-11 00:30 - 183201792 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.avi
2012-09-10 23:00 - 2012-09-10 23:36 - 183392744 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.avi
2012-09-10 20:17 - 2012-09-10 22:41 - 183257088 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.avi
2012-09-10 12:19 - 2012-09-10 20:17 - 183389754 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.avi
2012-09-10 10:59 - 2012-09-10 12:18 - 183341056 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.avi
2012-09-10 05:47 - 2012-09-10 11:25 - 183350492 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E04.HDTV.XviD-LOL.avi
2012-09-09 23:35 - 2012-09-10 00:19 - 183232512 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E03.HDTV.XviD-LOL.avi
2012-09-09 22:57 - 2012-09-09 23:26 - 183322984 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.avi
2012-09-09 22:17 - 2012-09-09 22:56 - 183246848 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.avi
2012-09-09 02:08 - 2012-09-09 02:09 - 06066648 ____A (IObit ) C:\Users\MyXPS\Downloads\defragsetup.exe
2012-09-08 21:22 - 2012-09-08 21:22 - 00000000 ____A C:\Users\MyXPS\Desktop\New Text Document.txt
2012-09-08 12:28 - 2012-09-08 12:28 - 00000000 ____D C:\Users\MyXPS\Downloads\Dark_Souls_Prepare_To_Die_Edition-FLT
2012-09-07 09:56 - 2012-09-13 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-07 05:46 - 2012-09-13 23:53 - 00007162 ____A C:\Windows\PFRO.log
2012-09-07 05:05 - 2012-09-09 06:05 - 00000000 ____D C:\Users\MyXPS\Local Settings\Microsoft Games
2012-09-07 05:05 - 2012-09-09 06:05 - 00000000 ____D C:\Users\MyXPS\Local Settings\Application Data\Microsoft Games
2012-09-07 05:05 - 2012-09-09 06:05 - 00000000 ____D C:\Users\MyXPS\AppData\Local\Microsoft Games
2012-09-05 06:21 - 2012-09-13 23:54 - 00002866 ____A C:\Windows\setupact.log
2012-09-05 06:21 - 2012-09-05 06:21 - 00000000 ____A C:\Windows\setuperr.log
2012-09-05 05:39 - 2012-09-05 05:39 - 94588928 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 21590016 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00536576 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00135168 ____A C:\Windows\System32\config\SAM.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
2012-09-02 20:09 - 2012-09-02 20:10 - 00000000 ____D C:\Users\MyXPS\My Documents\New folder
2012-09-02 20:09 - 2012-09-02 20:10 - 00000000 ____D C:\Users\MyXPS\Documents\New folder
2012-09-02 10:27 - 2012-09-14 00:08 - 00086472 ____A C:\Windows\System32\Drivers\32728375d87fef9.sys
2012-09-02 09:39 - 2012-09-02 09:39 - 00001187 ____A C:\Users\MyXPS\Desktop\Champions Online.lnk
2012-09-02 09:35 - 2012-09-02 09:35 - 00000000 ____D C:\Users\Public\Games
2012-09-01 06:19 - 2012-09-01 06:20 - 00000000 ____D C:\Users\MyXPS\Application Data\.minecraft
2012-09-01 06:19 - 2012-09-01 06:20 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\.minecraft
2012-09-01 06:19 - 2012-09-01 06:19 - 00000916 ____A C:\Users\MyXPS\Desktop\Start Minecraft Cracked.lnk
2012-09-01 06:18 - 2012-09-01 06:18 - 00000000 ____D C:\Users\MyXPS\Downloads\Minecraft_Cracked_v1.3.1
2012-09-01 06:10 - 2012-09-01 06:18 - 47912700 ____A C:\Users\MyXPS\Downloads\Minecraft_Cracked_v1.3.1.zip
2012-09-01 06:07 - 2012-09-01 06:07 - 00000000 ____D C:\Users\MyXPS\Application Data\SystemRequirementsLab
2012-09-01 06:07 - 2012-09-01 06:07 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\SystemRequirementsLab
2012-09-01 06:07 - 2012-09-01 06:07 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-09-01 05:36 - 2012-09-01 19:25 - 00000000 ____D C:\Users\MyXPS\Downloads\ChampionsOnlineFC.26.20120410a.5
2012-08-31 21:07 - 2012-08-31 21:08 - 05838498 ____A C:\Users\MyXPS\Downloads\OET v1.0.5 apkmania.com.apk
2012-08-31 10:17 - 2012-08-31 10:17 - 00055483 ____A C:\Users\MyXPS\My Documents\3danim head.jpeg
2012-08-31 10:17 - 2012-08-31 10:17 - 00055483 ____A C:\Users\MyXPS\Documents\3danim head.jpeg
2012-08-30 23:55 - 2012-08-30 23:55 - 00045666 ____A C:\Users\MyXPS\My Documents\Head and Character 3DANIM1.rar
2012-08-30 23:55 - 2012-08-30 23:55 - 00045666 ____A C:\Users\MyXPS\Documents\Head and Character 3DANIM1.rar
2012-08-30 23:51 - 2012-08-30 23:51 - 00210322 ____A C:\Users\MyXPS\My Documents\3DANIM1FINALS.ma
2012-08-30 23:51 - 2012-08-30 23:51 - 00210322 ____A C:\Users\MyXPS\Documents\3DANIM1FINALS.ma
2012-08-30 23:50 - 2012-08-31 10:17 - 00000000 ____D C:\Users\MyXPS\My Documents\.mayaSwatches
2012-08-30 23:50 - 2012-08-31 10:17 - 00000000 ____D C:\Users\MyXPS\Documents\.mayaSwatches
2012-08-30 22:01 - 2012-08-30 22:01 - 00104541 ____A C:\Users\MyXPS\My Documents\3DANIM_FINALS.jpeg
2012-08-30 22:01 - 2012-08-30 22:01 - 00104541 ____A C:\Users\MyXPS\Documents\3DANIM_FINALS.jpeg
2012-08-30 21:33 - 2012-08-31 10:17 - 00149135 ____A C:\Users\MyXPS\My Documents\3DANIM1HEADFINALS.ma
2012-08-30 21:33 - 2012-08-31 10:17 - 00149135 ____A C:\Users\MyXPS\Documents\3DANIM1HEADFINALS.ma
2012-08-30 21:33 - 2012-08-30 21:33 - 00175564 ____A C:\Users\MyXPS\My Documents\chimcharMB.mb
2012-08-30 21:33 - 2012-08-30 21:33 - 00175564 ____A C:\Users\MyXPS\Documents\chimcharMB.mb
2012-08-29 06:41 - 2012-07-06 15:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-27 08:29 - 2012-08-27 08:29 - 00011889 ____A C:\Users\MyXPS\Downloads\Gradesheet.xlsx
2012-08-27 08:23 - 2012-08-27 08:23 - 00024392 ____A C:\Users\MyXPS\Downloads\docp5.xlsx
2012-08-27 07:35 - 2012-08-27 07:35 - 00001774 ____A C:\Users\MyXPS\Desktop\AVSVideoConverter - Shortcut.lnk
2012-08-27 07:15 - 2012-08-27 07:15 - 00000000 ____D C:\Users\MyXPS\Application Data\AVS4YOU
2012-08-27 07:15 - 2012-08-27 07:15 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\AVS4YOU
2012-08-27 07:14 - 2012-08-27 07:35 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-08-27 07:14 - 2012-08-27 07:15 - 00000000 ____D C:\Users\All Users\AVS4YOU
2012-08-27 07:14 - 2012-08-27 07:15 - 00000000 ____D C:\Users\All Users\Application Data\AVS4YOU
2012-08-27 07:14 - 2011-09-16 03:05 - 11137024 ____A (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll
2012-08-27 07:14 - 2011-08-22 03:33 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2012-08-27 07:14 - 2011-08-22 03:32 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2012-08-27 06:58 - 2012-08-27 07:10 - 00000000 ____D C:\Users\MyXPS\Downloads\AVS.Video.Converter.v8.1.1.509.Cracked-F4CG
2012-08-27 06:09 - 2012-06-28 23:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-27 06:09 - 2012-06-28 23:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-27 06:09 - 2012-06-28 22:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-27 06:09 - 2012-06-28 22:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-27 06:09 - 2012-06-28 22:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-27 06:09 - 2012-06-28 22:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-27 06:09 - 2012-06-28 22:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-27 06:09 - 2012-06-28 22:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-27 06:09 - 2012-06-28 22:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-27 06:09 - 2012-06-28 22:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-27 06:09 - 2012-06-28 22:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-27 06:09 - 2012-06-28 22:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-27 06:09 - 2012-06-28 22:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-27 06:09 - 2012-06-28 22:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-27 06:09 - 2012-06-28 19:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-27 06:09 - 2012-06-28 19:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-27 06:09 - 2012-06-28 19:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-27 06:09 - 2012-06-28 19:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-27 06:09 - 2012-06-28 19:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-27 06:09 - 2012-06-28 19:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-27 06:09 - 2012-06-28 19:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-27 06:09 - 2012-06-28 19:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-27 06:09 - 2012-06-28 19:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-27 06:09 - 2012-06-28 19:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-27 06:09 - 2012-06-28 19:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-27 06:09 - 2012-06-28 19:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-27 06:09 - 2012-06-28 19:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-27 06:09 - 2012-06-28 18:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-27 05:11 - 2012-08-27 05:11 - 180560170 ____A C:\Users\MyXPS\My Documents\CADVISFINALS.psd
2012-08-27 05:11 - 2012-08-27 05:11 - 180560170 ____A C:\Users\MyXPS\Documents\CADVISFINALS.psd
2012-08-27 04:57 - 2012-08-28 05:19 - 00000000 ____D C:\Users\MyXPS\My Documents\BACKUP
2012-08-27 04:57 - 2012-08-28 05:19 - 00000000 ____D C:\Users\MyXPS\Documents\BACKUP
2012-08-27 04:52 - 2012-08-27 04:52 - 77615592 ____A C:\Users\MyXPS\My Documents\CNCTPHOFINALS.psd
2012-08-27 04:52 - 2012-08-27 04:52 - 77615592 ____A C:\Users\MyXPS\Documents\CNCTPHOFINALS.psd
2012-08-26 21:39 - 2012-08-02 15:27 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-26 21:34 - 2012-07-18 13:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-26 21:34 - 2012-07-04 17:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-26 21:34 - 2012-07-04 17:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-26 21:34 - 2012-07-04 17:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-26 21:34 - 2012-07-04 16:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-26 21:34 - 2012-07-04 16:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-26 21:34 - 2012-05-14 00:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-26 21:34 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-26 21:34 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-26 21:34 - 2012-02-11 01:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-26 21:34 - 2012-02-11 01:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-26 21:34 - 2012-02-11 01:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-26 21:34 - 2012-02-11 00:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-26 06:33 - 2012-08-26 06:33 - 00000000 ____D C:\Users\MyXPS\My Documents\My Received Files
2012-08-26 06:33 - 2012-08-26 06:33 - 00000000 ____D C:\Users\MyXPS\Documents\My Received Files
2012-08-26 03:55 - 2012-08-26 06:42 - 00000000 ____D C:\Users\MyXPS\Downloads\CNCTPHO-Finals
2012-08-26 03:52 - 2012-08-26 03:55 - 11743112 ____A C:\Users\MyXPS\Downloads\CNCTPHO-Finals.zip
2012-08-26 01:04 - 2012-08-26 01:04 - 00002405 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002405 ____A C:\Users\All Users\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002401 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002401 ____A C:\Users\All Users\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-08-26 01:00 - 2012-08-26 01:04 - 00000000 ____D C:\Users\MyXPS\My Documents\Autodesk
2012-08-26 01:00 - 2012-08-26 01:04 - 00000000 ____D C:\Users\MyXPS\Documents\Autodesk
2012-08-25 21:52 - 2012-09-13 23:56 - 00000000 ____D C:\Program Files (x86)\Steam
2012-08-25 21:52 - 2012-08-25 21:52 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-08-25 21:52 - 2012-08-25 21:52 - 00000919 ____A C:\Users\All Users\Desktop\Steam.lnk
2012-08-25 07:29 - 2012-08-26 00:46 - 00000000 ____D C:\Users\MyXPS\Downloads\AUTODESK.AUTOCAD.ARCHITECTURE.V2012.WIN64-ISO
2012-08-25 00:18 - 2012-08-25 17:52 - 00000000 ____D C:\Users\MyXPS\Downloads\Shaman King Complete Series (Eng.-Dub)
2012-08-24 23:15 - 2012-06-19 01:46 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-08-24 07:28 - 2012-08-25 14:54 - 231747847 ____A C:\Users\MyXPS\Downloads\Orcs_Must_Die_2_Missing_Levels.7z
2012-08-24 07:24 - 2012-08-24 07:26 - 01606656 ____A C:\Users\MyXPS\Downloads\SteamInstall.msi
2012-08-24 07:24 - 2012-08-24 07:25 - 00643659 ____A C:\Users\MyXPS\Downloads\GreenLuma-2.4.3-Steam006.rar
2012-08-23 12:00 - 2012-08-23 12:00 - 07502190 ____A C:\Users\MyXPS\My Documents\badaassssss.psd
2012-08-23 12:00 - 2012-08-23 12:00 - 07502190 ____A C:\Users\MyXPS\Documents\badaassssss.psd
2012-08-23 11:04 - 2012-08-23 11:04 - 00000053 ____A C:\Users\MyXPS\Downloads\google66e62386b22110b7.html
2012-08-23 03:12 - 2012-08-23 11:34 - 00151676 ____A C:\Users\MyXPS\My Documents\chimcharascii.ma
2012-08-23 03:12 - 2012-08-23 11:34 - 00151676 ____A C:\Users\MyXPS\Documents\chimcharascii.ma
2012-08-23 02:37 - 2012-08-23 03:09 - 00127728 ____A C:\Users\MyXPS\My Documents\CHIMCHAR3D.mb
2012-08-23 02:37 - 2012-08-23 03:09 - 00127728 ____A C:\Users\MyXPS\Documents\CHIMCHAR3D.mb
2012-08-23 02:37 - 2012-08-17 04:40 - 00083256 ____A C:\Users\MyXPS\My Documents\chimcharfire.mb
2012-08-23 02:37 - 2012-08-17 04:40 - 00083256 ____A C:\Users\MyXPS\Documents\chimcharfire.mb
2012-08-21 21:48 - 2012-08-21 21:48 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2012-08-21 21:47 - 2012-08-21 21:47 - 01061344 ____A (techPowerUp (www.techpowerup.com)) C:\Users\MyXPS\Downloads\GPU-Z.0.6.4.exe
2012-08-21 10:29 - 2012-08-21 10:34 - 06708748 ____A C:\Users\MyXPS\Downloads\Kairobotica-andropalace.net.apk
2012-08-21 02:55 - 2012-08-21 02:55 - 00000000 ____D C:\Users\MyXPS\My Documents\Adobe
2012-08-21 02:55 - 2012-08-21 02:55 - 00000000 ____D C:\Users\MyXPS\Documents\Adobe
2012-08-20 23:16 - 2012-08-20 23:16 - 00254976 ____A C:\Users\MyXPS\Downloads\scriptw_screenplay_format.ppt
2012-08-20 23:16 - 2012-08-20 23:16 - 00125952 ____A C:\Users\MyXPS\Downloads\episode_6.ppt
2012-08-20 21:34 - 2012-08-20 21:43 - 00000000 ____D C:\Users\MyXPS\My Documents\ry
2012-08-20 21:34 - 2012-08-20 21:43 - 00000000 ____D C:\Users\MyXPS\Documents\ry
2012-08-20 07:50 - 2012-08-20 07:52 - 00000000 ____D C:\Users\MyXPS\My Documents\Untitled Export
2012-08-20 07:50 - 2012-08-20 07:52 - 00000000 ____D C:\Users\MyXPS\Documents\Untitled Export
2012-08-20 05:51 - 2012-08-20 05:51 - 00806484 ____A C:\Users\MyXPS\Downloads\~BitTorrentPartFile_2D2C957A.dat
2012-08-20 05:51 - 2012-08-20 05:51 - 00147840 ____A C:\Users\MyXPS\Downloads\Install Lightroom 4.exe
2012-08-20 05:51 - 2012-08-20 05:51 - 00003047 ____A C:\Users\MyXPS\Downloads\ChingLiu.Notes.nfo
2012-08-20 05:51 - 2012-08-20 05:51 - 00000211 ____A C:\Users\MyXPS\Downloads\How To Open Nfo Files.txt
2012-08-20 04:00 - 2012-08-20 04:00 - 00000000 ____D C:\Users\MyXPS\Downloads\metromanila_bongon
2012-08-20 03:59 - 2012-08-20 04:00 - 03593919 ____A C:\Users\MyXPS\Downloads\metromanila_bongon.rar
2012-08-20 00:34 - 2012-08-20 00:34 - 00000000 ____D C:\Users\All Users\PWD
2012-08-20 00:34 - 2012-08-20 00:34 - 00000000 ____D C:\Users\All Users\Application Data\PWD
2012-08-20 00:34 - 2012-08-20 00:34 - 00000000 ____D C:\PWRD
2012-08-20 00:30 - 2012-08-20 00:30 - 00001077 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-08-20 00:25 - 2012-08-31 21:25 - 00000000 ____D C:\Program Files\Cubizone Philippines
2012-08-20 00:22 - 2005-05-09 13:54 - 00258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-08-20 00:17 - 2012-08-20 00:21 - 00000000 ____D C:\Users\MyXPS\Downloads\fwph_installer_full_02022012
2012-08-19 22:22 - 2012-05-29 17:46 - 00000000 ____D C:\Users\MyXPS\Downloads\updharmadown_bongon
2012-08-19 22:16 - 2012-08-19 22:17 - 02519159 ____A C:\Users\MyXPS\Downloads\updharmadown_bongon.rar
2012-08-19 21:26 - 2012-08-19 21:28 - 06706450 ____A C:\Users\MyXPS\Downloads\Kairobotica_1.0.4.apk
2012-08-19 09:23 - 2012-08-19 09:24 - 00000000 ____D C:\Users\MyXPS\My Documents\Shiner
2012-08-19 09:23 - 2012-08-19 09:24 - 00000000 ____D C:\Users\MyXPS\Documents\Shiner
2012-08-19 09:23 - 2012-08-19 09:23 - 00000000 ____D C:\Users\MyXPS\Local Settings\FLT
2012-08-19 09:23 - 2012-08-19 09:23 - 00000000 ____D C:\Users\MyXPS\Local Settings\Application Data\FLT
2012-08-19 09:23 - 2012-08-19 09:23 - 00000000 ____D C:\Users\MyXPS\AppData\Local\FLT
2012-08-19 08:00 - 2012-08-19 08:00 - 00002194 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2012-08-19 08:00 - 2012-08-19 08:00 - 00002194 ____A C:\Users\All Users\Desktop\Orcs Must Die! 2.lnk
2012-08-19 07:55 - 2012-08-19 08:00 - 00000000 ____D C:\Program Files (x86)\Orcs Must Die 2
2012-08-18 09:07 - 2012-08-18 09:07 - 00000000 ____D C:\Users\MyXPS\Downloads\D2D5DEM1
2012-08-18 09:00 - 2012-08-18 09:07 - 33582083 ____A C:\Users\MyXPS\Downloads\D2D5DEM1.zip
2012-08-18 08:57 - 2012-08-27 05:26 - 00001456 ____A C:\Users\MyXPS\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2012-08-18 08:57 - 2012-08-27 05:26 - 00001456 ____A C:\Users\MyXPS\Local Settings\Adobe Save for Web 13.0 Prefs
2012-08-18 08:57 - 2012-08-27 05:26 - 00001456 ____A C:\Users\MyXPS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-18 08:56 - 2012-08-27 03:47 - 00001069 ____A C:\Users\MyXPS\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2012-08-18 08:01 - 2012-04-28 06:24 - 00000000 ____D C:\Users\MyXPS\Downloads\Adobe Photoshop CS6 Extended
2012-08-18 07:52 - 2012-08-20 00:16 - 4063477174 ____A C:\Users\MyXPS\Downloads\fwph_installer_full_02022012.rar
2012-08-18 07:02 - 2012-08-18 11:12 - 00000000 ____D C:\Users\MyXPS\Downloads\Orcs_Must_Die_2-FLT
2012-08-18 04:33 - 2012-08-26 02:19 - 00000000 ____D C:\Users\MyXPS\Local Settings\cache
2012-08-18 04:33 - 2012-08-26 02:19 - 00000000 ____D C:\Users\MyXPS\Local Settings\Application Data\cache
2012-08-18 04:33 - 2012-08-26 02:19 - 00000000 ____D C:\Users\MyXPS\AppData\Local\cache
2012-08-18 04:29 - 2012-08-18 04:29 - 00002031 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2012-08-18 04:29 - 2012-08-18 04:29 - 00002031 ____A C:\Users\All Users\Desktop\Inventor Fusion 2012.lnk
2012-08-18 04:27 - 2012-08-18 04:27 - 00000000 ____D C:\Users\MyXPS\My Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2012-08-18 04:27 - 2012-08-18 04:27 - 00000000 ____D C:\Users\MyXPS\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English
2012-08-18 04:26 - 2012-08-18 04:26 - 00000153 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-08-18 04:26 - 2012-08-18 04:26 - 00000153 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2012-08-18 04:25 - 2012-08-18 04:25 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-08-18 04:22 - 2012-08-26 00:59 - 00000000 ____D C:\Users\MyXPS\Local Settings\Autodesk
2012-08-18 04:22 - 2012-08-26 00:59 - 00000000 ____D C:\Users\MyXPS\Local Settings\Application Data\Autodesk
2012-08-18 04:22 - 2012-08-26 00:59 - 00000000 ____D C:\Users\MyXPS\AppData\Local\Autodesk
2012-08-18 04:22 - 2012-08-26 00:59 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-08-18 04:22 - 2012-08-26 00:56 - 00000000 ____D C:\Program Files\Autodesk
2012-08-17 11:55 - 2012-08-18 04:33 - 00000000 ____D C:\Users\MyXPS\Downloads\autocad2012 x64
2012-08-17 11:10 - 2011-06-01 14:51 - 00000000 ____D C:\Users\MyXPS\Downloads\LV2GO++ 1.0.0
2012-08-17 11:05 - 2012-08-24 23:16 - 00000000 ____D C:\Windows\Minidump
2012-08-17 10:15 - 2012-08-17 10:15 - 00427256 ____A (Roadkil.Net ) C:\Users\MyXPS\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe
2012-08-17 09:11 - 2012-08-17 10:07 - 00000000 ____D C:\Program Files (x86)\UltraISO
2012-08-17 08:17 - 2012-08-17 08:17 - 00000000 ____D C:\Users\MyXPS\My Documents\The dictator
2012-08-17 08:17 - 2012-08-17 08:17 - 00000000 ____D C:\Users\MyXPS\Documents\The dictator
2012-08-17 07:54 - 2012-08-17 07:57 - 03935978 ____A (EZB Systems, Inc. ) C:\Users\MyXPS\Downloads\uiso9_pe.exe
2012-08-16 10:35 - 2012-08-16 10:35 - 00000000 ____D C:\Program Files (x86)\beanfun!
2012-08-16 10:26 - 2012-08-16 10:27 - 00000000 ____D C:\Users\MyXPS\My Documents\divina_us_1.11.0300
2012-08-16 10:26 - 2012-08-16 10:27 - 00000000 ____D C:\Users\MyXPS\Documents\divina_us_1.11.0300
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\Local Settings\Resmon.ResmonCfg
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\Local Settings\Application Data\Resmon.ResmonCfg
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\AppData\Local\Resmon.ResmonCfg
2012-08-16 02:37 - 2012-09-13 20:47 - 00000000 ____D C:\Users\MyXPS\Application Data\IObit
2012-08-16 02:37 - 2012-09-13 20:47 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\IObit
2012-08-16 02:37 - 2012-09-13 20:46 - 00000000 ____D C:\Program Files (x86)\IObit
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\iobit
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\Application Data\iobit
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\Application Data\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\{D76294E6-03B8-4971-AF2E-3F846161A690}
2012-08-16 02:37 - 2012-08-16 02:37 - 00000000 ____D C:\Users\All Users\{6F2F3866-38AD-4f48-852C-2FF5DE7A7588}
2012-08-16 02:35 - 2012-08-16 02:35 - 00000000 ____D C:\Users\MyXPS\Downloads\use_your_illusion
2012-08-16 02:34 - 2012-08-16 02:35 - 00005374 ____A C:\Users\MyXPS\Downloads\use_your_illusion.zip
2012-08-16 02:24 - 2012-08-16 02:34 - 00000000 ____D C:\Users\MyXPS\Downloads\IObit Advanced System Care with Antivirus 2013 Latest Version with key [h33t][iahq76]
2012-08-16 00:39 - 2012-08-31 21:25 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-08-16 00:39 - 2012-08-31 21:25 - 00000000 ____D C:\Users\All Users\Application Data\boost_interprocess
2012-08-16 00:39 - 2012-08-18 08:56 - 00000000 ____D C:\Users\MyXPS\Application Data\NVIDIA
2012-08-16 00:39 - 2012-08-18 08:56 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\NVIDIA
2012-08-16 00:36 - 2012-08-16 00:38 - 00000000 ____D C:\Users\MyXPS\My Documents\maya
2012-08-16 00:36 - 2012-08-16 00:38 - 00000000 ____D C:\Users\MyXPS\Documents\maya
2012-08-16 00:36 - 2012-08-16 00:36 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-08-16 00:36 - 2012-08-16 00:36 - 00000000 ____D C:\Users\All Users\Application Data\FLEXnet
2012-08-16 00:18 - 2012-08-16 00:18 - 00000000 ____D C:\Users\MyXPS\My Documents\Inventor
2012-08-16 00:18 - 2012-08-16 00:18 - 00000000 ____D C:\Users\MyXPS\Documents\Inventor
2012-08-16 00:16 - 2012-08-16 00:16 - 00001136 ____A C:\Users\Public\Desktop\Autodesk Maya 2012.lnk
2012-08-16 00:16 - 2012-08-16 00:16 - 00001136 ____A C:\Users\All Users\Desktop\Autodesk Maya 2012.lnk
2012-08-16 00:14 - 2012-08-18 04:22 - 00000000 ____D C:\Program Files (x86)\Autodesk
2012-08-16 00:13 - 2010-06-01 15:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-08-16 00:13 - 2010-06-01 15:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-08-16 00:13 - 2010-06-01 15:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-08-16 00:13 - 2010-06-01 15:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-08-16 00:13 - 2010-06-01 15:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-08-16 00:13 - 2010-06-01 15:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-08-16 00:13 - 2010-05-25 22:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-08-16 00:13 - 2010-02-03 21:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-08-16 00:13 - 2009-09-04 04:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-08-16 00:13 - 2009-09-04 04:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-08-16 00:13 - 2009-09-04 04:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-08-16 00:13 - 2009-09-04 04:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-08-16 00:13 - 2009-09-04 04:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-08-16 00:13 - 2009-03-16 01:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-08-16 00:13 - 2009-03-16 01:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-08-16 00:13 - 2009-03-16 01:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-08-16 00:13 - 2009-03-16 01:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-08-16 00:13 - 2009-03-16 01:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-08-16 00:13 - 2009-03-09 02:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-08-16 00:13 - 2009-03-09 02:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-08-16 00:13 - 2009-03-09 02:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-08-16 00:13 - 2008-10-26 21:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-08-16 00:13 - 2008-10-14 17:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-08-16 00:13 - 2008-10-14 17:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-08-16 00:13 - 2008-10-14 17:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-08-16 00:13 - 2008-10-14 17:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-08-16 00:13 - 2008-10-14 17:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-08-16 00:13 - 2008-07-30 21:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-08-16 00:13 - 2008-07-30 21:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-08-16 00:13 - 2008-07-30 21:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-08-16 00:13 - 2008-07-30 21:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-08-16 00:13 - 2008-07-30 21:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-08-16 00:13 - 2008-07-30 21:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-08-16 00:13 - 2008-07-09 22:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-08-16 00:13 - 2008-07-09 22:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-08-16 00:13 - 2008-07-09 22:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-08-16 00:13 - 2008-07-09 22:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-08-16 00:13 - 2008-07-09 22:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-08-16 00:13 - 2008-07-09 22:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-08-16 00:13 - 2008-05-30 01:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-08-16 00:13 - 2008-05-30 01:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-08-16 00:13 - 2008-05-30 01:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-08-16 00:13 - 2008-05-30 01:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-08-16 00:13 - 2008-05-30 01:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-08-16 00:13 - 2008-05-30 01:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-08-16 00:13 - 2008-03-05 03:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-08-16 00:13 - 2008-03-05 03:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-08-16 00:13 - 2008-03-05 03:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-08-16 00:13 - 2008-03-05 03:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-08-16 00:13 - 2008-03-05 03:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-08-16 00:13 - 2008-03-05 03:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-08-16 00:13 - 2008-03-05 02:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-08-16 00:13 - 2008-03-05 02:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-08-16 00:13 - 2008-03-05 02:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-08-16 00:13 - 2008-03-05 02:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-08-16 00:13 - 2008-02-05 10:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-08-16 00:13 - 2008-02-05 10:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-15 22:15 - 2012-05-15 05:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-08-15 22:15 - 2012-05-15 05:48 - 00249152 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys
2012-08-15 22:15 - 2012-05-15 05:48 - 00028992 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2012-08-15 22:15 - 2012-04-18 12:08 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-08-15 22:15 - 2012-04-18 12:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-08-15 22:15 - 2012-04-18 12:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-08-15 22:14 - 2012-08-15 22:14 - 00000000 ____D C:\NVIDIA
2012-08-15 22:10 - 2012-08-15 22:11 - 04104397 ____A (Igor Pavlov) C:\Users\MyXPS\Downloads\LV2GO++ 1.0.0.exe
2012-08-15 21:38 - 2012-08-15 22:13 - 214613632 ____A (NVIDIA Corporation) C:\Users\MyXPS\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-08-15 21:17 - 2012-08-15 21:17 - 00000000 ____D C:\Users\MyXPS\Local Settings\HonLauncher
2012-08-15 21:17 - 2012-08-15 21:17 - 00000000 ____D C:\Users\MyXPS\Local Settings\Application Data\HonLauncher
2012-08-15 21:17 - 2012-08-15 21:17 - 00000000 ____D C:\Users\MyXPS\AppData\Local\HonLauncher
2012-08-15 21:09 - 2012-08-26 00:59 - 00000000 ____D C:\Users\All Users\Autodesk
2012-08-15 21:09 - 2012-08-26 00:59 - 00000000 ____D C:\Users\All Users\Application Data\Autodesk
2012-08-15 21:09 - 2012-08-26 00:56 - 00000000 ____D C:\Users\MyXPS\Application Data\Autodesk
2012-08-15 21:09 - 2012-08-26 00:56 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\Autodesk
2012-08-15 21:08 - 2012-08-15 21:08 - 00001956 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-08-15 21:08 - 2012-08-15 21:08 - 00001956 ____A C:\Users\All Users\Desktop\DAEMON Tools Lite.lnk
2012-08-15 21:07 - 2012-09-05 05:42 - 00000000 ____D C:\Users\MyXPS\Application Data\DAEMON Tools Lite
2012-08-15 21:07 - 2012-09-05 05:42 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\DAEMON Tools Lite
2012-08-15 21:07 - 2012-08-15 21:07 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-08-15 21:07 - 2012-08-15 21:07 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-08-15 21:03 - 2012-08-15 21:08 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-08-15 21:03 - 2012-08-15 21:08 - 00000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
2012-08-15 20:59 - 2012-08-15 21:03 - 14229744 ____A (DT Soft Ltd) C:\Users\MyXPS\Downloads\DTLite4454-0315.exe
2012-08-15 20:37 - 2012-08-15 20:37 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2012-08-15 20:37 - 2012-08-15 20:37 - 00000000 ____D C:\Users\All Users\Documents\DAEMON Tools Images
2012-08-15 20:28 - 2012-08-15 20:56 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-08-15 20:25 - 2012-08-15 20:43 - 00000000 ____D C:\Users\MyXPS\Application Data\DAEMON Tools Pro
2012-08-15 20:25 - 2012-08-15 20:43 - 00000000 ____D C:\Users\MyXPS\AppData\Roaming\DAEMON Tools Pro
2012-08-15 20:25 - 2012-08-15 20:26 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-08-15 20:25 - 2012-08-15 20:26 - 00000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Pro
2012-08-15 20:25 - 2012-08-15 20:25 - 00000000 ____D C:\Users\MyXPS\Downloads\DAEMON Tools Pro Advanced 5.0.0316.0317

==================== 3 Months Modified Files ================================

2012-09-14 02:00 - 2012-05-25 05:27 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-09-14 00:08 - 2012-09-14 00:08 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rnohckjk.sys
2012-09-14 00:08 - 2012-09-02 10:27 - 00086472 ____A C:\Windows\System32\Drivers\32728375d87fef9.sys
2012-09-13 23:54 - 2012-09-05 06:21 - 00002866 ____A C:\Windows\setupact.log
2012-09-13 23:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-13 23:53 - 2012-09-07 05:46 - 00007162 ____A C:\Windows\PFRO.log
2012-09-13 22:59 - 2012-09-13 22:59 - 00607260 ____A (Swearware) C:\Users\MyXPS\Downloads\dds.com
2012-09-13 22:59 - 2012-09-13 22:59 - 00302592 ____A C:\Users\MyXPS\Downloads\9xjsyb28.exe
2012-09-13 22:58 - 2012-09-13 22:57 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\MyXPS\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-13 22:52 - 2012-09-13 22:52 - 03178400 ____A (McAfee, Inc.) C:\Users\MyXPS\Downloads\MCPR.exe
2012-09-13 22:52 - 2012-01-16 05:48 - 01105286 ____A C:\Windows\WindowsUpdate.log
2012-09-13 22:31 - 2009-07-14 00:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-13 21:48 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-13 21:48 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-13 20:41 - 2012-09-13 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\MyXPS\Downloads\WindowsActivationUpdate.exe
2012-09-13 13:54 - 2012-09-13 13:52 - 00001614 ____A C:\Windows\VPNInstall.MIF
2012-09-13 13:53 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-13 09:08 - 2012-09-12 23:46 - 183437670 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S02E02.HDTV.XviD-LOL.avi
2012-09-13 09:03 - 2012-09-12 22:01 - 00000338 ____A C:\bt.log
2012-09-12 23:48 - 2012-09-12 23:09 - 183457460 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S02E01.HDTV.XviD-LOL.avi
2012-09-12 23:07 - 2012-09-12 22:13 - 183733274 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E13.Why.Cant.You.Read.Me.HDTV.XviD-FQM.avi
2012-09-12 22:10 - 2012-09-12 00:08 - 183331382 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E12.HDTV.XviD-LOL.avi
2012-09-12 00:06 - 2012-09-11 23:15 - 183341056 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E11.HDTV.XviD-LOL.avi
2012-09-11 00:30 - 2012-09-10 23:40 - 183201792 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E09.HDTV.XviD-LOL.avi
2012-09-10 23:36 - 2012-09-10 23:00 - 183392744 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E08.HDTV.XviD-LOL.avi
2012-09-10 22:41 - 2012-09-10 20:17 - 183257088 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E07.HDTV.XviD-LOL.avi
2012-09-10 20:17 - 2012-09-10 12:19 - 183389754 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E06.HDTV.XviD-LOL.avi
2012-09-10 12:18 - 2012-09-10 10:59 - 183341056 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E05.HDTV.XviD-LOL.avi
2012-09-10 11:25 - 2012-09-10 05:47 - 183350492 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E04.HDTV.XviD-LOL.avi
2012-09-10 00:19 - 2012-09-09 23:35 - 183232512 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E03.HDTV.XviD-LOL.avi
2012-09-09 23:26 - 2012-09-09 22:57 - 183322984 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E02.HDTV.XviD-LOL.avi
2012-09-09 22:56 - 2012-09-09 22:17 - 183246848 ____A C:\Users\MyXPS\Downloads\Happy.Endings.S01E01.HDTV.XviD-LOL.avi
2012-09-09 02:09 - 2012-09-09 02:08 - 06066648 ____A (IObit ) C:\Users\MyXPS\Downloads\defragsetup.exe
2012-09-08 21:22 - 2012-09-08 21:22 - 00000000 ____A C:\Users\MyXPS\Desktop\New Text Document.txt
2012-09-06 09:46 - 2012-08-12 03:31 - 00000353 ____A C:\Users\MyXPS\Application Data\Network Meter_Settings.ini
2012-09-06 09:46 - 2012-08-12 03:31 - 00000353 ____A C:\Users\MyXPS\AppData\Roaming\Network Meter_Settings.ini
2012-09-05 06:21 - 2012-09-05 06:21 - 00000000 ____A C:\Windows\setuperr.log
2012-09-05 05:40 - 2012-08-12 03:42 - 00000530 ____A C:\Users\MyXPS\Application Data\All CPU MeterV2_Settings.ini
2012-09-05 05:40 - 2012-08-12 03:42 - 00000530 ____A C:\Users\MyXPS\AppData\Roaming\All CPU MeterV2_Settings.ini
2012-09-05 05:39 - 2012-09-05 05:39 - 94588928 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 21590016 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00536576 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00135168 ____A C:\Windows\System32\config\SAM.iobit
2012-09-05 05:39 - 2012-09-05 05:39 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
2012-09-05 01:15 - 2012-08-11 21:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-05 01:15 - 2012-01-16 03:57 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-02 09:39 - 2012-09-02 09:39 - 00001187 ____A C:\Users\MyXPS\Desktop\Champions Online.lnk
2012-09-01 06:19 - 2012-09-01 06:19 - 00000916 ____A C:\Users\MyXPS\Desktop\Start Minecraft Cracked.lnk
2012-09-01 06:18 - 2012-09-01 06:10 - 47912700 ____A C:\Users\MyXPS\Downloads\Minecraft_Cracked_v1.3.1.zip
2012-08-31 21:08 - 2012-08-31 21:07 - 05838498 ____A C:\Users\MyXPS\Downloads\OET v1.0.5 apkmania.com.apk
2012-08-31 10:17 - 2012-08-31 10:17 - 00055483 ____A C:\Users\MyXPS\My Documents\3danim head.jpeg
2012-08-31 10:17 - 2012-08-31 10:17 - 00055483 ____A C:\Users\MyXPS\Documents\3danim head.jpeg
2012-08-31 10:17 - 2012-08-30 21:33 - 00149135 ____A C:\Users\MyXPS\My Documents\3DANIM1HEADFINALS.ma
2012-08-31 10:17 - 2012-08-30 21:33 - 00149135 ____A C:\Users\MyXPS\Documents\3DANIM1HEADFINALS.ma
2012-08-30 23:55 - 2012-08-30 23:55 - 00045666 ____A C:\Users\MyXPS\My Documents\Head and Character 3DANIM1.rar
2012-08-30 23:55 - 2012-08-30 23:55 - 00045666 ____A C:\Users\MyXPS\Documents\Head and Character 3DANIM1.rar
2012-08-30 23:51 - 2012-08-30 23:51 - 00210322 ____A C:\Users\MyXPS\My Documents\3DANIM1FINALS.ma
2012-08-30 23:51 - 2012-08-30 23:51 - 00210322 ____A C:\Users\MyXPS\Documents\3DANIM1FINALS.ma
2012-08-30 22:01 - 2012-08-30 22:01 - 00104541 ____A C:\Users\MyXPS\My Documents\3DANIM_FINALS.jpeg
2012-08-30 22:01 - 2012-08-30 22:01 - 00104541 ____A C:\Users\MyXPS\Documents\3DANIM_FINALS.jpeg
2012-08-30 21:33 - 2012-08-30 21:33 - 00175564 ____A C:\Users\MyXPS\My Documents\chimcharMB.mb
2012-08-30 21:33 - 2012-08-30 21:33 - 00175564 ____A C:\Users\MyXPS\Documents\chimcharMB.mb
2012-08-29 06:59 - 2009-07-13 23:45 - 05412880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-27 08:29 - 2012-08-27 08:29 - 00011889 ____A C:\Users\MyXPS\Downloads\Gradesheet.xlsx
2012-08-27 08:23 - 2012-08-27 08:23 - 00024392 ____A C:\Users\MyXPS\Downloads\docp5.xlsx
2012-08-27 07:35 - 2012-08-27 07:35 - 00001774 ____A C:\Users\MyXPS\Desktop\AVSVideoConverter - Shortcut.lnk
2012-08-27 05:26 - 2012-08-18 08:57 - 00001456 ____A C:\Users\MyXPS\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2012-08-27 05:26 - 2012-08-18 08:57 - 00001456 ____A C:\Users\MyXPS\Local Settings\Adobe Save for Web 13.0 Prefs
2012-08-27 05:26 - 2012-08-18 08:57 - 00001456 ____A C:\Users\MyXPS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-27 05:11 - 2012-08-27 05:11 - 180560170 ____A C:\Users\MyXPS\My Documents\CADVISFINALS.psd
2012-08-27 05:11 - 2012-08-27 05:11 - 180560170 ____A C:\Users\MyXPS\Documents\CADVISFINALS.psd
2012-08-27 04:52 - 2012-08-27 04:52 - 77615592 ____A C:\Users\MyXPS\My Documents\CNCTPHOFINALS.psd
2012-08-27 04:52 - 2012-08-27 04:52 - 77615592 ____A C:\Users\MyXPS\Documents\CNCTPHOFINALS.psd
2012-08-27 03:47 - 2012-08-18 08:56 - 00001069 ____A C:\Users\MyXPS\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2012-08-26 03:55 - 2012-08-26 03:52 - 11743112 ____A C:\Users\MyXPS\Downloads\CNCTPHO-Finals.zip
2012-08-26 01:23 - 2012-08-11 22:25 - 00287080 ____A C:\Users\MyXPS\Local Settings\GDIPFONTCACHEV1.DAT
2012-08-26 01:23 - 2012-08-11 22:25 - 00287080 ____A C:\Users\MyXPS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-26 01:23 - 2012-08-11 22:25 - 00287080 ____A C:\Users\MyXPS\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-26 01:04 - 2012-08-26 01:04 - 00002405 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002405 ____A C:\Users\All Users\Desktop\AutoCAD Architecture 2012 (US Imperial).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002401 ____A C:\Users\Public\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-08-26 01:04 - 2012-08-26 01:04 - 00002401 ____A C:\Users\All Users\Desktop\AutoCAD Architecture 2012 (US Metric).lnk
2012-08-25 21:52 - 2012-08-25 21:52 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-08-25 21:52 - 2012-08-25 21:52 - 00000919 ____A C:\Users\All Users\Desktop\Steam.lnk
2012-08-25 14:54 - 2012-08-24 07:28 - 231747847 ____A C:\Users\MyXPS\Downloads\Orcs_Must_Die_2_Missing_Levels.7z
2012-08-24 07:26 - 2012-08-24 07:24 - 01606656 ____A C:\Users\MyXPS\Downloads\SteamInstall.msi
2012-08-24 07:25 - 2012-08-24 07:24 - 00643659 ____A C:\Users\MyXPS\Downloads\GreenLuma-2.4.3-Steam006.rar
2012-08-23 12:00 - 2012-08-23 12:00 - 07502190 ____A C:\Users\MyXPS\My Documents\badaassssss.psd
2012-08-23 12:00 - 2012-08-23 12:00 - 07502190 ____A C:\Users\MyXPS\Documents\badaassssss.psd
2012-08-23 11:34 - 2012-08-23 03:12 - 00151676 ____A C:\Users\MyXPS\My Documents\chimcharascii.ma
2012-08-23 11:34 - 2012-08-23 03:12 - 00151676 ____A C:\Users\MyXPS\Documents\chimcharascii.ma
2012-08-23 11:04 - 2012-08-23 11:04 - 00000053 ____A C:\Users\MyXPS\Downloads\google66e62386b22110b7.html
2012-08-23 10:42 - 2012-08-11 22:35 - 00007680 ____A C:\Users\MyXPS\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-23 10:42 - 2012-08-11 22:35 - 00007680 ____A C:\Users\MyXPS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-23 10:42 - 2012-08-11 22:35 - 00007680 ____A C:\Users\MyXPS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-23 03:09 - 2012-08-23 02:37 - 00127728 ____A C:\Users\MyXPS\My Documents\CHIMCHAR3D.mb
2012-08-23 03:09 - 2012-08-23 02:37 - 00127728 ____A C:\Users\MyXPS\Documents\CHIMCHAR3D.mb
2012-08-21 21:47 - 2012-08-21 21:47 - 01061344 ____A (techPowerUp (www.techpowerup.com)) C:\Users\MyXPS\Downloads\GPU-Z.0.6.4.exe
2012-08-21 10:34 - 2012-08-21 10:29 - 06708748 ____A C:\Users\MyXPS\Downloads\Kairobotica-andropalace.net.apk
2012-08-20 23:16 - 2012-08-20 23:16 - 00254976 ____A C:\Users\MyXPS\Downloads\scriptw_screenplay_format.ppt
2012-08-20 23:16 - 2012-08-20 23:16 - 00125952 ____A C:\Users\MyXPS\Downloads\episode_6.ppt
2012-08-20 05:51 - 2012-08-20 05:51 - 00806484 ____A C:\Users\MyXPS\Downloads\~BitTorrentPartFile_2D2C957A.dat
2012-08-20 05:51 - 2012-08-20 05:51 - 00147840 ____A C:\Users\MyXPS\Downloads\Install Lightroom 4.exe
2012-08-20 05:51 - 2012-08-20 05:51 - 00003047 ____A C:\Users\MyXPS\Downloads\ChingLiu.Notes.nfo
2012-08-20 05:51 - 2012-08-20 05:51 - 00000211 ____A C:\Users\MyXPS\Downloads\How To Open Nfo Files.txt
2012-08-20 04:00 - 2012-08-20 03:59 - 03593919 ____A C:\Users\MyXPS\Downloads\metromanila_bongon.rar
2012-08-20 00:30 - 2012-08-20 00:30 - 00001077 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-08-20 00:16 - 2012-08-18 07:52 - 4063477174 ____A C:\Users\MyXPS\Downloads\fwph_installer_full_02022012.rar
2012-08-19 22:17 - 2012-08-19 22:16 - 02519159 ____A C:\Users\MyXPS\Downloads\updharmadown_bongon.rar
2012-08-19 21:28 - 2012-08-19 21:26 - 06706450 ____A C:\Users\MyXPS\Downloads\Kairobotica_1.0.4.apk
2012-08-19 08:00 - 2012-08-19 08:00 - 00002194 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
2012-08-19 08:00 - 2012-08-19 08:00 - 00002194 ____A C:\Users\All Users\Desktop\Orcs Must Die! 2.lnk
2012-08-18 09:07 - 2012-08-18 09:00 - 33582083 ____A C:\Users\MyXPS\Downloads\D2D5DEM1.zip
2012-08-18 06:44 - 2012-08-13 09:37 - 1396346733 ____A C:\Users\MyXPS\Downloads\Adobe Photoshop CS6 Extended.exe
2012-08-18 05:43 - 2012-08-12 07:29 - 00001456 ____A C:\Users\MyXPS\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-08-18 05:43 - 2012-08-12 07:29 - 00001456 ____A C:\Users\MyXPS\Local Settings\Adobe Save for Web 12.0 Prefs
2012-08-18 05:43 - 2012-08-12 07:29 - 00001456 ____A C:\Users\MyXPS\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-18 04:29 - 2012-08-18 04:29 - 00002031 ____A C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
2012-08-18 04:29 - 2012-08-18 04:29 - 00002031 ____A C:\Users\All Users\Desktop\Inventor Fusion 2012.lnk
2012-08-18 04:26 - 2012-08-18 04:26 - 00000153 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-08-18 04:26 - 2012-08-18 04:26 - 00000153 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2012-08-17 10:15 - 2012-08-17 10:15 - 00427256 ____A (Roadkil.Net ) C:\Users\MyXPS\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe
2012-08-17 07:57 - 2012-08-17 07:54 - 03935978 ____A (EZB Systems, Inc. ) C:\Users\MyXPS\Downloads\uiso9_pe.exe
2012-08-17 04:40 - 2012-08-23 02:37 - 00083256 ____A C:\Users\MyXPS\My Documents\chimcharfire.mb
2012-08-17 04:40 - 2012-08-23 02:37 - 00083256 ____A C:\Users\MyXPS\Documents\chimcharfire.mb
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\Local Settings\Resmon.ResmonCfg
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\Local Settings\Application Data\Resmon.ResmonCfg
2012-08-16 02:52 - 2012-08-16 02:52 - 00007606 ____A C:\Users\MyXPS\AppData\Local\Resmon.ResmonCfg
2012-08-16 02:35 - 2012-08-16 02:34 - 00005374 ____A C:\Users\MyXPS\Downloads\use_your_illusion.zip
2012-08-16 00:16 - 2012-08-16 00:16 - 00001136 ____A C:\Users\Public\Desktop\Autodesk Maya 2012.lnk
2012-08-16 00:16 - 2012-08-16 00:16 - 00001136 ____A C:\Users\All Users\Desktop\Autodesk Maya 2012.lnk
2012-08-15 22:13 - 2012-08-15 21:38 - 214613632 ____A (NVIDIA Corporation) C:\Users\MyXPS\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-08-15 22:11 - 2012-08-15 22:10 - 04104397 ____A (Igor Pavlov) C:\Users\MyXPS\Downloads\LV2GO++ 1.0.0.exe
2012-08-15 21:08 - 2012-08-15 21:08 - 00001956 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-08-15 21:08 - 2012-08-15 21:08 - 00001956 ____A C:\Users\All Users\Desktop\DAEMON Tools Lite.lnk
2012-08-15 21:07 - 2012-08-15 21:07 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-08-15 21:03 - 2012-08-15 20:59 - 14229744 ____A (DT Soft Ltd) C:\Users\MyXPS\Downloads\DTLite4454-0315.exe
2012-08-14 20:58 - 2012-08-14 20:58 - 00000883 ____A C:\Users\Public\Desktop\svBuilder.lnk
2012-08-14 20:58 - 2012-08-14 20:58 - 00000883 ____A C:\Users\All Users\Desktop\svBuilder.lnk
2012-08-14 08:44 - 2012-08-14 08:44 - 00000505 ____A C:\Users\MyXPS\My Documents\copystuff.txt
2012-08-14 08:44 - 2012-08-14 08:44 - 00000505 ____A C:\Users\MyXPS\Documents\copystuff.txt
2012-08-14 06:34 - 2012-08-14 06:32 - 01609630 ____A C:\Users\MyXPS\Downloads\simpleviewer.zip
2012-08-13 22:43 - 2012-08-13 22:43 - 00254079 ____A C:\Users\MyXPS\Downloads\Attachments_2012_08_14(1).zip
2012-08-13 21:44 - 2012-08-13 21:43 - 06392630 ____A C:\Users\MyXPS\Downloads\Attachments_2012_08_14.zip
2012-08-13 06:50 - 2012-08-13 06:50 - 00137885 ____A C:\Users\MyXPS\Downloads\unarc.zip
2012-08-12 07:57 - 2012-07-09 12:00 - 00000020 ____H C:\Users\All Users\PKP_DLbx.DAT
2012-08-12 07:57 - 2012-07-09 12:00 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLbx.DAT
2012-08-12 04:15 - 2012-08-12 04:15 - 00002693 ____A C:\Users\MyXPS\Desktop\Microsoft Office Word 2007.lnk
2012-08-12 04:15 - 2012-08-12 04:15 - 00002655 ____A C:\Users\MyXPS\Desktop\Microsoft Office Excel 2007.lnk
2012-08-12 04:15 - 2012-08-12 04:15 - 00002645 ____A C:\Users\MyXPS\Desktop\Microsoft Office PowerPoint 2007.lnk
2012-08-12 04:08 - 2009-07-13 21:34 - 00000510 ____A C:\Windows\win.ini
2012-08-12 03:52 - 2012-08-12 03:51 - 00000264 ____A C:\Users\MyXPS\Application Data\GPU MeterV2_Settings.ini
2012-08-12 03:52 - 2012-08-12 03:51 - 00000264 ____A C:\Users\MyXPS\AppData\Roaming\GPU MeterV2_Settings.ini
2012-08-12 03:51 - 2012-08-12 03:51 - 00132343 ____A C:\Users\MyXPS\Downloads\PCMeter.zip
2012-08-12 03:49 - 2012-08-12 02:16 - 20240896 ____A () C:\Users\MyXPS\Downloads\Adobe Tool.exe
2012-08-12 03:48 - 2012-08-12 03:48 - 00138473 ____A C:\Users\MyXPS\Downloads\GPU_Meter.zip
2012-08-12 03:41 - 2012-08-12 03:40 - 00190097 ____A C:\Users\MyXPS\Downloads\All_CPU_Meter.zip
2012-08-12 03:28 - 2012-08-12 03:26 - 00108344 ____A C:\Users\MyXPS\Downloads\Network_Meter_V8.1.zip
2012-08-12 03:21 - 2012-08-12 03:21 - 00001237 ____A C:\Users\MyXPS\Desktop\Adobe Dreamweaver CS6.lnk
2012-08-12 02:48 - 2012-08-12 02:48 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-08-12 02:48 - 2012-08-12 02:48 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-08-12 01:31 - 2012-08-12 01:31 - 00000047 ____A C:\Windows\NeroDigital.ini
2012-08-12 01:27 - 2012-08-12 01:27 - 00001979 ____A C:\Users\Public\Desktop\Heroes of Newerth.lnk
2012-08-12 01:27 - 2012-08-12 01:27 - 00001979 ____A C:\Users\All Users\Desktop\Heroes of Newerth.lnk
2012-08-12 01:25 - 2012-08-12 01:25 - 00001069 ____A C:\Users\Public\Desktop\Garena Plus.lnk
2012-08-12 01:25 - 2012-08-12 01:25 - 00001069 ____A C:\Users\All Users\Desktop\Garena Plus.lnk
2012-08-11 23:47 - 2012-08-11 23:47 - 00001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-11 23:47 - 2012-08-11 23:47 - 00001072 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-08-11 23:47 - 2012-08-11 23:43 - 22617148 ____A C:\Users\MyXPS\Downloads\vlc-2.0.3-win32.exe
2012-08-11 23:32 - 2012-01-16 04:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-11 23:32 - 2012-01-16 04:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-11 23:27 - 2012-08-11 23:27 - 00893936 ____A (Oracle Corporation) C:\Users\MyXPS\Downloads\jxpiinstall.exe
2012-08-11 23:08 - 2012-08-11 23:06 - 01656459 ____A C:\Users\MyXPS\Downloads\winrar-x64-420.exe
2012-08-11 22:25 - 2012-08-11 22:25 - 00000020 ___SH C:\Users\MyXPS\ntuser.ini
2012-08-11 22:01 - 2012-08-11 22:01 - 00000969 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-08-11 22:01 - 2012-08-11 22:01 - 00000969 ____A C:\Users\All Users\Desktop\BitTorrent.lnk
2012-08-11 21:07 - 2012-08-11 21:07 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-11 21:07 - 2012-08-11 21:07 - 00001136 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-08-02 15:27 - 2012-08-26 21:39 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-30 01:02 - 2012-08-12 03:49 - 00140093 ____A C:\Users\MyXPS\Downloads\GPU_Meter_V2.0.2.gadget
2012-07-27 15:06 - 2012-07-27 15:06 - 00002029 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk
2012-07-27 15:06 - 2012-07-27 15:06 - 00002029 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk
2012-07-18 13:15 - 2012-08-26 21:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 13:31 - 2011-02-10 11:10 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-09 12:06 - 2012-07-09 12:06 - 00000268 ___RH C:\Users\All Users\Configure Folder Actions
2012-07-09 12:06 - 2012-07-09 12:06 - 00000268 ___RH C:\Users\All Users\Application Data\Configure Folder Actions
2012-07-09 12:04 - 2012-07-09 12:04 - 00001207 ____A C:\Users\Public\Desktop\Capture NX 2.lnk
2012-07-09 12:04 - 2012-07-09 12:04 - 00001207 ____A C:\Users\All Users\Desktop\Capture NX 2.lnk
2012-07-07 02:16 - 2012-07-07 02:16 - 00002042 ____A C:\Users\Public\Desktop\Intel® WiDi.lnk
2012-07-07 02:16 - 2012-07-07 02:16 - 00002042 ____A C:\Users\All Users\Desktop\Intel® WiDi.lnk
2012-07-07 02:16 - 2012-07-07 02:16 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2012-07-07 02:13 - 2012-07-07 02:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-07-06 15:07 - 2012-08-29 06:41 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 09:06 - 2012-08-11 23:33 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 09:06 - 2012-08-11 23:33 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 09:06 - 2012-01-16 04:22 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-04 17:16 - 2012-08-26 21:34 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-26 21:34 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-26 21:34 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-26 21:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-26 21:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 23:55 - 2012-08-27 06:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-27 06:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-27 06:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-27 06:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:49 - 2012-08-27 06:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:48 - 2012-08-27 06:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-27 06:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-27 06:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-27 06:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-27 06:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-27 06:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-27 06:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-27 06:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-27 06:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-27 06:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-27 06:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-27 06:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-27 06:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:09 - 2012-08-27 06:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:08 - 2012-08-27 06:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-27 06:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-27 06:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-27 06:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-27 06:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-27 06:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-27 06:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-27 06:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-27 06:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 03:29 - 2012-08-12 03:41 - 3105152704 ____A C:\Users\MyXPS\My Documents\AutoCAD_2011_EFSB_Win_32bit.rar
2012-06-28 03:29 - 2012-08-12 03:41 - 3105152704 ____A C:\Users\MyXPS\Documents\AutoCAD_2011_EFSB_Win_32bit.rar
2012-06-19 01:46 - 2012-08-24 23:15 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-13 13:52:51
Restore point made on: 2012-09-13 13:54:19
Restore point made on: 2012-09-14 02:22:42

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3990.17 MB
Available physical RAM: 3328.57 MB
Total Pagefile: 3988.37 MB
Available Pagefile: 3319.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:332.22 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:3.62 GB) (Free:3.62 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 3716 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 446 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 19 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 446 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3712 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3712 MB Healthy

==================================================================================

Last Boot: 2012-09-08 04:51

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 14 September 2012 - 06:59 AM

Hi IamXIII,

Welcome to the forum.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
0 32728375d87fef9; C:\Windows\System32\Drivers\32728375d87fef9.sys [86472 2012-09-14] () ATTENTION =====> Rootkit?
C:\Windows\System32\Drivers\32728375d87fef9.sys
1 rnohckjk; C:\Windows\System32\Drivers\rnohckjk.sys [49872 2012-09-14] (Microsoft Corporation)
C:\Windows\System32\Drivers\rnohckjk.sys
2012-09-13 22:59 - 2012-09-13 22:59 - 00302592 ____A C:\Users\MyXPS\Downloads\9xjsyb28.exe
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#3 IamXIII

IamXIII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 September 2012 - 08:02 AM

Thank you for the reply, I can't try it right away since I had it sent to my local service center, sorry I was really desperate to fix it right away because I had lots of work to do. Anyway the guys who were fixing my laptop told me thad they reformatted it but things became worse... after reformatting it only boots up to the dell xps logo and they couldn't even go to safe mode. I sent them this webpage to see if it can help them in fixing it.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 15 September 2012 - 08:13 AM

I understand you were desperate to get it fix fast. But this is rather unfortunate. Reformatting was not really needed.

The fix doesn't apply any more. Reformatting should have removed those entries.

Please tell me if they are going to fix it themselves or you will get the laptop back and I see if I can assist you with it. In the fomer case this topic will be closed and in the latter case it could help if they describe shortly what they have done and I will give you fresh instructions.

#5 IamXIII

IamXIII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 17 September 2012 - 02:32 AM

I know, I got frustrated when I realized that I could do the fix and not resort to reformatting, but the damage is done, I just hope that they are able to fix my laptop. I will pick it up by tomorrow and I will inform you if i still need help as soon as possible.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 17 September 2012 - 05:34 AM

I'll will wait. Please let me know anyway when you got your laptop back.

#7 IamXIII

IamXIII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 17 September 2012 - 11:00 PM

I got my laptop now, scanned it and found zero necurs.A. This may be off topic but can you suggest a good driver manager/updater program and how do I know if the tech guys installed a genuine Microsoft in my laptop and lastly i need some suggestions on good antivirus i do not want to deal with another trojan at least for the rest of the year haha

Edited by IamXIII, 17 September 2012 - 11:49 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 18 September 2012 - 04:55 AM

Good to know the issue is resolved.

Kaspersky or ESET look at the moment the best among paid antivirus softwares. Among the free antiviruses, Avast and Microsoft Security Essentials are recommended. Please make sure you have only one antivirus program installed and running at a time.

Also see this: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

As far as a driver manager/updater program and finding out if Windows is Genuine please refer to our technical forums for assistance. They are better equipped with to deal with those questions.

#9 IamXIII

IamXIII
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 18 September 2012 - 09:21 AM

Thank you very much! :) from now on I will never turn off real time scanning :/ and I will be very careful of what i download

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 18 September 2012 - 09:25 AM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users