Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Zeroaccess & Virus.Win64.ZAccess.a


  • This topic is locked This topic is locked
6 replies to this topic

#1 StrandedPirate

StrandedPirate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 18 October 2012 - 04:28 PM

My computer just got infected even though we have Symantec Endpoint Protection running and up to date. Can someone help me remove the virus on this system?

The main file infected looks like services.exe but there a whole lot of others too.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 18-10-2012 16:03:23
Running from I:\
Windows 7 Ultimate N (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SiHBAWakeupUtility] [x]
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [316840 2012-08-09] (Razer USA Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\Joey.Alien\...\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [2918576 2011-05-17] (SpeedBit Ltd.)
HKU\Joey.Alien\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Joey.Alien\...\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SC14C.tmp" /EF "HKCU" [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\Joey.Alien\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Joey.Alien\...\Run: [Google Update] "C:\Users\someuser\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-22] (Google Inc.)
HKU\Joey.Alien\...\Run: [AdobeBridge] [x]
HKU\Joey.Alien\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [x]
HKU\Joey.Alien\...\Run: [BuildNotification] C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\BuildNotification.exe [479072 2011-02-21] (Microsoft Corporation)
HKU\someuser\...\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SC14C.tmp" /EF "HKCU" [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\someuser\...\Run: [AdobeBridge] [x]
HKU\Mcx1-ALIEN\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{FECC26B6-C76C-4521-8EEE-61EED28B31F6}: [NameServer]192.168.1.15,192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{A9D0CC6D-A00D-486E-ABF3-D9A30B5143E5}\IcoUltraMon.ico ()
Startup: C:\Users\someuser\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Services (Whitelisted) ===================

2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
3 mi-raysat_3dsmax2011_32; "C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" [86016 2010-03-09] ()
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-06-17] (Microsoft Corporation)
4 MSMQ; C:\Windows\System32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
4 MSMQTriggers; C:\Windows\System32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [62111072 2011-06-17] (Microsoft Corporation)
4 OracleDBConsolealien; C:\app\someuser\product\11.2.0\dbhome_1\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation)
4 OracleJobSchedulerALIEN; C:\app\someuser\product\11.2.0\dbhome_1\Bin\extjob.exe ALIEN [45568 2010-03-30] ()
4 OracleMTSRecoveryService; C:\app\someuser\product\11.2.0\dbhome_1\bin\omtsreco.exe "OracleMTSRecoveryService" [81408 2010-03-12] (Oracle Corporation)
4 OracleOraDb11g_home1ClrAgent; C:\app\someuser\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\someuser\product\11.2.0\dbhome_1\bin\oraclr11.dll" [161792 2010-03-12] (Oracle Corporation)
4 OracleServiceALIEN; C:\app\someuser\product\11.2.0\dbhome_1\bin\ORACLE.EXE ALIEN [134018048 2010-03-30] (Oracle Corporation)
4 OracleVssWriterALIEN; C:\app\someuser\product\11.2.0\dbhome_1\bin\OraVSSW.exe ALIEN [192000 2010-03-30] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-05] ()
2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [1000896 2011-06-17] (Cyber Power Systems, Inc.)
2 RadeonPro Support Service; "C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe" [12800 2011-02-09] (Mr. John aka japamd)
3 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2180960 2011-06-17] (Microsoft Corporation)
2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()
2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll" /prefetch:1 [167344 2012-04-18] (Symantec Corporation)
2 SiHbaWakeupService; C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [62464 2009-07-27] ()
3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe" /prefetch:1 [2601544 2012-04-18] (Symantec Corporation)
3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-18] (Symantec Corporation)
2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [431456 2011-06-17] (Microsoft Corporation)
3 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [5279528 2012-08-10] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
3 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe [20480 2010-11-01] (X10)
4 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [x]
3 Echo2.2; "C:\Program Files (x86)\Dell\Echo\EchoService.exe" [x]
3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]
2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config" [x]
4 Synergy Server; C:\Program Files\Synergy\synergys.exe [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20120928.011\BHDrvx64.sys [1385120 2012-09-04] (Symantec Corporation)
3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 MQAC; C:\Windows\System32\Drivers\MQAC.sys [189440 2009-07-13] (Microsoft Corporation)
2 MySQL55; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 [9509 2012-10-15] ()
3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20121017.019\ENG64.SYS [126112 2012-09-13] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20121017.019\EX64.SYS [2084000 2012-09-13] (Symantec Corporation)
3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
3 rzdaendpt; C:\Windows\System32\Drivers\rzdaendpt.sys [25600 2012-08-16] (Razer USA Ltd)
3 rzvkeyboard; C:\Windows\System32\Drivers\rzvkeyboard.sys [22528 2012-08-16] (Razer USA Ltd)
2 Sentinel; C:\Windows\SysWow64\Drivers\Sentinel.sys [73728 2001-06-21] (Rainbow Technologies, Inc.)
0 SI3132; C:\Windows\System32\Drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
0 SiRemFil; C:\Windows\System32\Drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
3 Sntnlusb; C:\Windows\SysWow64\Drivers\Sntnlusb.sys [20032 2001-06-21] (Rainbow Technologies Inc.)
1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-04-18] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-04-18] (Symantec Corporation)
0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2012-04-18] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-04-18] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-02] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2012-04-18] (Symantec Corporation)
1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-04-18] (Symantec Corporation)
1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2012-04-18] (Symantec Corporation)
3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
2 DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [x]
4 OracleOraDb11g_home1TNSListener; C:\app\someuser\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]
3 SPBBCDrv; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-18 16:02 - 2012-10-18 16:02 - 00000000 ____D C:\FRST
2012-10-18 12:56 - 2012-10-18 12:56 - 01458573 ____A (Farbar) C:\Users\someuser\Downloads\FRST64.exe
2012-10-18 12:42 - 2012-10-18 12:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-18 12:41 - 2012-10-18 12:41 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\someuser\Downloads\tdsskiller.exe
2012-10-18 12:24 - 2012-10-18 12:24 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-10-18 12:23 - 2012-10-18 12:23 - 01805736 ____A (Symantec Corporation) C:\Users\someuser\Downloads\FixZeroAccess.exe
2012-10-17 16:49 - 2012-10-17 16:49 - 13080395 ____A C:\Users\someuser\Downloads\SysinternalsSuite(1).zip
2012-10-17 14:58 - 2012-10-17 14:58 - 00000020 ___SH C:\Users\estatewebpages80\ntuser.ini
2012-10-17 14:58 - 2012-10-17 14:58 - 00000000 ____D C:\users\estatewebpages80
2012-10-17 14:58 - 2011-06-27 00:06 - 00000000 ____D C:\Users\estatewebpages80\Documents\SQL Server Management Studio
2012-10-17 14:58 - 2011-04-14 00:30 - 00000000 ____D C:\Users\estatewebpages80\Documents\Visual Studio 2010
2012-10-17 14:58 - 2011-02-20 01:01 - 00000000 ____D C:\Users\estatewebpages80\Documents\Visual Studio 2008
2012-10-17 14:58 - 2010-12-03 17:30 - 00000000 ____D C:\Users\estatewebpages80\AppData\Roaming\Macromedia
2012-10-17 14:58 - 2010-11-06 00:02 - 00000000 ____D C:\Users\estatewebpages80\Documents\Visual Studio 2005
2012-10-17 14:58 - 2010-11-06 00:01 - 00000000 ____D C:\Users\estatewebpages80\AppData\Local\Microsoft Help
2012-10-17 12:19 - 2012-10-17 12:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-10-17 12:19 - 2012-10-17 12:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-10-17 11:52 - 2012-10-17 11:55 - 310267704 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\SharePointDesigner.exe
2012-10-17 11:31 - 2012-10-17 11:31 - 00912178 ____A C:\Users\someuser\Downloads\Corporate.zip
2012-10-17 09:16 - 2012-10-17 09:16 - 01606064 ____A C:\Users\someuser\Downloads\googletalk-setup.exe
2012-10-17 09:13 - 2012-10-17 09:14 - 00000000 ____D C:\Users\someuser\AppData\Local\{E61C72CF-3BE6-4A94-85D8-369E16F6C4C2}
2012-10-17 09:01 - 2012-10-17 09:01 - 00000000 ____D C:\Users\someuser\AppData\Roaming\Yahoo!
2012-10-17 08:55 - 2012-10-17 09:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-10-17 08:55 - 2012-10-17 08:55 - 00439704 ____A (Yahoo! Inc.) C:\Users\someuser\Downloads\msgr11us.exe
2012-10-17 08:08 - 2012-10-18 12:31 - 00000000 ____D C:\Users\someuser\AppData\Local\Digsby
2012-10-17 08:08 - 2012-10-17 09:23 - 00000000 ____D C:\Users\someuser\AppData\Roaming\Digsby
2012-10-17 08:08 - 2012-10-17 09:23 - 00000000 ____D C:\Users\All Users\Digsby
2012-10-17 08:07 - 2012-10-17 08:08 - 00000000 ____D C:\Program Files (x86)\Digsby
2012-10-17 08:07 - 2012-10-17 08:07 - 19146400 ____A C:\Users\someuser\Downloads\digsby_setup.exe
2012-10-16 19:48 - 2012-10-16 19:48 - 07921688 ____A (VS Revo Group ) C:\Users\someuser\Downloads\RevoUninProSetup.exe
2012-10-16 18:58 - 2012-10-16 18:58 - 00001989 ____A C:\ip.txt
2012-10-16 17:00 - 2012-10-16 17:07 - 286322776 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\officeserver2007sp2-kb953334-x64-fullfile-en-us.exe
2012-10-16 15:42 - 2012-10-16 15:55 - 528942736 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\OfficeServer MOSS 2007.exe
2012-10-15 14:17 - 2012-10-17 18:00 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-10-15 13:01 - 2012-10-15 13:01 - 00000106 ____A C:\Users\someuser\Downloads\hayden.rdp
2012-10-15 08:14 - 2012-10-15 08:14 - 00000000 ____D C:\Users\someuser\AppData\Roaming\Oracle
2012-10-15 04:20 - 2012-10-15 04:20 - 00000238 ____A C:\Windows\ODBCINST.INI
2012-10-15 04:19 - 2012-10-15 04:20 - 00000000 ____D C:\Program Files\MySQL
2012-10-15 04:16 - 2012-10-15 04:20 - 00000000 ____D C:\Program Files (x86)\MySQL
2012-10-15 04:16 - 2012-10-15 04:19 - 00000000 ____D C:\Users\All Users\MySQL
2012-10-15 03:55 - 2012-10-15 03:57 - 217061888 ____A C:\Users\someuser\Downloads\mysql-installer-community-5.5.28.2.msi
2012-10-14 07:26 - 2012-10-14 07:26 - 00001560 ____A C:\Users\someuser\Downloads\jquery.localscroll-1.2.7-min.js.txt
2012-10-14 07:21 - 2012-10-14 07:21 - 00002434 ____A C:\Users\someuser\Downloads\jquery.scrollTo-1.4.3.1-min.js
2012-10-13 12:55 - 2012-10-17 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-12 08:37 - 2012-10-12 08:37 - 13725696 ____A C:\Users\someuser\Downloads\tfpt(1).msi
2012-10-12 07:02 - 2012-10-12 07:02 - 00000000 ____D C:\Users\someuser\AppData\Roaming\Cobisi
2012-10-12 07:01 - 2012-10-12 07:01 - 01548465 ____A C:\Users\someuser\Downloads\Routing-Assistant-v1.4.0.0.vsix
2012-10-12 06:54 - 2012-10-12 06:54 - 00146449 ____A C:\Users\someuser\Downloads\FavoriteDocuments_15.vsix
2012-10-11 14:13 - 2012-10-11 14:13 - 00000020 __ASH C:\Users\www.3331.com\ntuser.ini
2012-10-11 14:13 - 2012-10-11 14:13 - 00000000 ____D C:\users\www.3331.com
2012-10-11 14:13 - 2011-06-27 00:06 - 00000000 ____D C:\Users\www.3331.com\Documents\SQL Server Management Studio
2012-10-11 14:13 - 2011-04-14 00:30 - 00000000 ____D C:\Users\www.3331.com\Documents\Visual Studio 2010
2012-10-11 14:13 - 2011-02-20 01:01 - 00000000 ____D C:\Users\www.3331.com\Documents\Visual Studio 2008
2012-10-11 14:13 - 2010-12-03 17:30 - 00000000 ____D C:\Users\www.3331.com\AppData\Roaming\Macromedia
2012-10-11 14:13 - 2010-11-06 00:02 - 00000000 ____D C:\Users\www.3331.com\Documents\Visual Studio 2005
2012-10-11 14:13 - 2010-11-06 00:01 - 00000000 ____D C:\Users\www.3331.com\AppData\Local\Microsoft Help
2012-10-11 10:04 - 2012-10-11 10:04 - 00000000 ____D C:\Program Files (x86)\GitExtensions
2012-10-11 10:02 - 2012-10-11 10:03 - 34667599 ____A C:\Users\someuser\Downloads\GitExtensions241SetupComplete.msi
2012-10-10 05:12 - 2012-10-10 05:12 - 00000000 ____D C:\Users\someuser\.ssh
2012-10-10 05:11 - 2012-10-10 05:12 - 00000000 ____D C:\Users\someuser\AppData\Local\GitHub
2012-10-10 05:11 - 2012-10-10 05:11 - 00000000 ____D C:\Users\someuser\AppData\Roaming\GitHub
2012-10-10 05:10 - 2012-10-10 05:10 - 00715392 ____A () C:\Users\someuser\Downloads\GitHubSetup.exe
2012-10-10 05:09 - 2012-10-10 05:09 - 00001850 ____A C:\Users\Public\Desktop\Git Bash.lnk
2012-10-10 04:57 - 2012-10-10 04:58 - 15383103 ____A ( ) C:\Users\someuser\Downloads\Git-1.7.11-preview20120710.exe
2012-10-10 02:59 - 2012-10-10 02:59 - 01091128 ____A C:\Users\someuser\Downloads\Unlocker1.9.1.exe
2012-10-10 02:53 - 2012-10-10 02:53 - 01106961 ____A C:\Users\someuser\Downloads\Unlocker1.9.1-x64.exe
2012-10-10 02:49 - 2012-10-10 02:49 - 00000000 ____D C:\Users\someuser\Downloads\eclipse-java-juno-SR1-win32-x86_64 (1)
2012-10-10 02:46 - 2012-10-10 02:49 - 157324840 ____A C:\Users\someuser\Downloads\eclipse-java-juno-SR1-win32-x86_64 (1).zip
2012-10-10 02:43 - 2012-10-10 02:45 - 02390484 ____A C:\Users\someuser\Downloads\eclipse-java-juno-SR1-win32-x86_64.zip
2012-10-10 02:23 - 2012-10-10 02:50 - 00000000 ____D C:\Program Files (x86)\eclipse
2012-10-10 01:57 - 2012-10-10 02:15 - 83191350 ____A C:\Users\someuser\Downloads\eclipse-java-europa-winter-win32.zip
2012-10-10 01:53 - 2012-10-10 01:53 - 02000350 ____A C:\Users\someuser\Downloads\yuicompressor-2.4.7(1).zip
2012-10-10 01:53 - 2012-10-10 01:53 - 00000000 ____D C:\Users\someuser\Downloads\yuicompressor-2.4.7(1)
2012-10-09 06:36 - 2012-10-09 06:36 - 00007994 ____A C:\Users\someuser\Downloads\VSNewFile v1.0.0.0.zip
2012-10-09 06:36 - 2012-10-09 06:36 - 00000000 ____D C:\Users\someuser\Downloads\VSNewFile v1.0.0.0
2012-10-07 04:19 - 2012-10-07 04:19 - 03782704 ____A C:\Users\someuser\Downloads\battlelog-web-plugins-1.138.0-retail-prod.exe
2012-10-07 04:17 - 2012-10-07 04:18 - 00000000 ____D C:\Users\someuser\AppData\Local\Origin
2012-10-07 04:16 - 2012-10-07 04:17 - 00000000 ____D C:\Program Files (x86)\Origin
2012-10-07 04:15 - 2012-10-07 04:16 - 65060392 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginSetup.exe
2012-10-07 04:12 - 2012-10-07 04:12 - 16910176 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginThinSetup(1).exe
2012-10-07 02:53 - 2012-10-07 02:53 - 00010934 ____A C:\Users\someuser\Downloads\selectivizr-1.0.2(1).zip
2012-10-07 02:43 - 2012-10-07 02:43 - 00008278 ____A C:\Users\someuser\Downloads\imsky-cssFx-v0.9.6-5-g06c76cc.zip
2012-10-05 23:44 - 2012-10-05 23:44 - 05222012 ____A C:\Users\someuser\Downloads\DPStudio.VSCommands(1).vsix
2012-10-05 05:45 - 2012-10-05 05:45 - 16910176 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginThinSetup.exe
2012-10-04 06:45 - 2012-10-04 06:45 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2012-10-04 06:41 - 2012-10-04 06:42 - 49840240 ____A C:\Users\someuser\Downloads\TVersityProSetup_2_3.exe
2012-10-03 00:13 - 2012-10-03 00:13 - 00000000 ____D C:\Users\someuser\AppData\Roaming\Nop_Solutions,_Ltd
2012-10-03 00:13 - 2012-10-03 00:13 - 00000000 ____D C:\Users\someuser\AppData\Local\Nop_Solutions,_Ltd
2012-10-01 06:52 - 2012-10-01 06:52 - 00043098 ____A C:\Windows\SysWOW64\unins000.dat
2012-10-01 06:52 - 2012-10-01 06:52 - 00000000 ____D C:\Windows\SysWOW64\languages
2012-10-01 06:52 - 2012-10-01 06:50 - 01183481 ____A C:\Windows\SysWOW64\unins000.exe
2012-10-01 06:52 - 2012-08-22 18:00 - 00099840 ____A C:\Windows\SysWOW64\ffvdub.vdf
2012-10-01 06:52 - 2012-08-22 17:59 - 00056832 ____A C:\Windows\SysWOW64\FLT_ffdshow.dll
2012-10-01 06:52 - 2012-08-22 17:58 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-10-01 06:52 - 2012-08-22 17:57 - 00049664 ____A C:\Windows\SysWOW64\ffavisynth.dll
2012-10-01 06:52 - 2011-12-17 11:59 - 00001695 ____A C:\Windows\SysWOW64\openIE.js
2012-10-01 06:52 - 2010-12-11 23:16 - 00017903 ____A C:\Windows\SysWOW64\gnu_license.txt
2012-10-01 06:52 - 2010-12-11 23:16 - 00001563 ____A C:\Windows\SysWOW64\Boost_Software_License_1.0.txt
2012-10-01 06:52 - 2010-09-08 14:43 - 00000073 ____A C:\Windows\SysWOW64\ffavisynth.avsi
2012-10-01 06:50 - 2012-10-01 06:50 - 04726102 ____A (ffdshow ) C:\Users\someuser\Downloads\ffdshow_rev4486_20120825_clsid.exe
2012-10-01 06:46 - 2012-10-01 06:47 - 02030080 ____A C:\Users\someuser\Downloads\ffdshow-20041012.exe
2012-10-01 05:25 - 2012-10-01 05:25 - 00133911 ____A C:\Users\someuser\Downloads\[warez.ag]Dexter.S06.torrent
2012-10-01 05:15 - 2012-10-01 05:15 - 00048197 ____A C:\Users\someuser\Downloads\[warez.ag]Entourage Season 8 Complete 720p.torrent
2012-10-01 03:55 - 2012-10-01 03:55 - 02640241 ____A C:\Users\someuser\Downloads\NuGet.Tools.vsix
2012-09-30 02:51 - 2012-09-30 02:51 - 00101375 ____A C:\Users\someuser\Downloads\excanvas_r3.zip
2012-09-29 20:06 - 2012-09-29 20:06 - 00031687 ____A C:\Users\someuser\Downloads\Html5MVCWebControls.zip
2012-09-29 20:06 - 2012-09-29 20:06 - 00000000 ____D C:\Users\someuser\Downloads\Html5MVCWebControls
2012-09-29 16:03 - 2012-09-29 16:03 - 00487424 ____A C:\Users\someuser\Downloads\MetroElementsBeta.msi
2012-09-25 23:59 - 2012-09-25 23:59 - 01314811 ____A C:\Users\someuser\Downloads\putty-src.zip
2012-09-25 23:59 - 2012-09-25 23:59 - 00000000 ____D C:\Users\someuser\Downloads\putty-src
2012-09-25 21:31 - 2012-09-25 21:31 - 00645729 ____A (WDS Team) C:\Users\someuser\Downloads\windirstat1_1_2_setup(1).exe
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\ToolinsiderUser\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\Mcx1-ALIEN\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\someuser\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\Joey.Alien\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2012-09-25 15:26 - 2012-09-25 15:27 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2012-09-25 15:25 - 2012-09-25 15:26 - 07377952 ____A (AutoIt Team) C:\Users\someuser\Downloads\autoit-v3-setup.exe
2012-09-25 15:25 - 2012-09-25 15:25 - 04679306 ____A C:\Users\someuser\Downloads\SciTE4AutoIt3.exe
2012-09-25 13:40 - 2012-09-25 13:40 - 00303104 ____A (Simon Tatham) C:\Users\someuser\Downloads\plink.exe
2012-09-25 13:04 - 2012-09-25 13:04 - 00483328 ____A (Simon Tatham) C:\Users\someuser\Downloads\putty.exe
2012-09-25 13:00 - 2012-09-25 13:00 - 00195720 ____A C:\Users\someuser\Downloads\TST10.zip
2012-09-25 12:40 - 2012-09-25 12:40 - 00005714 ____A C:\Users\someuser\Downloads\powerdown-1.02-noarch-unRAID.tgz
2012-09-25 12:15 - 2012-09-25 12:15 - 19583540 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration-20120925.10.vsix
2012-09-24 00:40 - 2012-09-25 02:10 - 00000000 ____D C:\Users\someuser\Downloads\Searcharoo_7_its
2012-09-24 00:40 - 2012-09-24 00:40 - 01463650 ____A C:\Users\someuser\Downloads\Searcharoo_7_its.zip
2012-09-24 00:25 - 2012-09-24 00:25 - 02700890 ____A C:\Users\someuser\Downloads\Apache-Lucene.Net-2.9.4-incubating.src.zip
2012-09-24 00:25 - 2012-09-24 00:25 - 00000000 ____D C:\Users\someuser\Downloads\Apache-Lucene.Net-2.9.4-incubating.src
2012-09-23 21:08 - 2012-09-23 21:08 - 00000000 ____D C:\Users\someuser\Downloads\mikhail-tsennykh-Lucene.Net-search-MVC-sample-site-0f4e63a
2012-09-23 21:07 - 2012-09-23 21:07 - 03901049 ____A C:\Users\someuser\Downloads\mikhail-tsennykh-Lucene.Net-search-MVC-sample-site-0f4e63a.zip
2012-09-23 13:47 - 2012-09-23 13:49 - 00000000 ____D C:\Users\someuser\Downloads\bluescreenview
2012-09-23 13:46 - 2012-09-23 13:46 - 00061685 ____A C:\Users\someuser\Downloads\bluescreenview.zip
2012-09-23 12:40 - 2012-09-23 12:40 - 01741760 ____A (Hewlett-Packard Development Company, L.P. ) C:\Users\someuser\Downloads\sp46426.exe

==================== 3 Months Modified Files ==================

2012-10-18 12:58 - 2010-09-21 14:33 - 01577785 ____A C:\Windows\WindowsUpdate.log
2012-10-18 12:58 - 2009-07-13 21:12 - 01170772 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-18 12:56 - 2012-10-18 12:56 - 01458573 ____A (Farbar) C:\Users\someuser\Downloads\FRST64.exe
2012-10-18 12:41 - 2012-10-18 12:41 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\someuser\Downloads\tdsskiller.exe
2012-10-18 12:41 - 2009-07-13 20:50 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-18 12:41 - 2009-07-13 20:50 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-18 12:30 - 2012-04-13 10:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-18 12:28 - 2010-09-21 23:28 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl
2012-10-18 12:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-18 12:27 - 2009-07-13 20:56 - 00057939 ____A C:\Windows\setupact.log
2012-10-18 12:24 - 2012-10-18 12:24 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-10-18 12:23 - 2012-10-18 12:23 - 01805736 ____A (Symantec Corporation) C:\Users\someuser\Downloads\FixZeroAccess.exe
2012-10-18 11:12 - 2009-07-13 20:50 - 05275480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-18 10:58 - 2012-10-18 10:58 - 00166257 ____A C:\Users\someuser\Downloads\Microsoft_SharePoint_Server_keygen_by_ZWTiSO.zip
2012-10-17 18:00 - 2012-10-15 14:17 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-10-17 18:00 - 2012-04-04 22:42 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-10-17 18:00 - 2012-04-04 20:51 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-10-17 16:49 - 2012-10-17 16:49 - 13080395 ____A C:\Users\someuser\Downloads\SysinternalsSuite(1).zip
2012-10-17 14:58 - 2012-10-17 14:58 - 00000020 ___SH C:\Users\estatewebpages80\ntuser.ini
2012-10-17 13:55 - 2010-12-03 20:52 - 00001456 ____A C:\Users\someuser\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-10-17 12:33 - 2010-09-21 23:53 - 00134672 ____A C:\Users\someuser\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-17 11:55 - 2012-10-17 11:52 - 310267704 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\SharePointDesigner.exe
2012-10-17 11:31 - 2012-10-17 11:31 - 00912178 ____A C:\Users\someuser\Downloads\Corporate.zip
2012-10-17 09:16 - 2012-10-17 09:16 - 01606064 ____A C:\Users\someuser\Downloads\googletalk-setup.exe
2012-10-17 08:55 - 2012-10-17 08:55 - 00439704 ____A (Yahoo! Inc.) C:\Users\someuser\Downloads\msgr11us.exe
2012-10-17 08:07 - 2012-10-17 08:07 - 19146400 ____A C:\Users\someuser\Downloads\digsby_setup.exe
2012-10-16 19:48 - 2012-10-16 19:48 - 07921688 ____A (VS Revo Group ) C:\Users\someuser\Downloads\RevoUninProSetup.exe
2012-10-16 18:58 - 2012-10-16 18:58 - 00001989 ____A C:\ip.txt
2012-10-16 17:07 - 2012-10-16 17:00 - 286322776 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\officeserver2007sp2-kb953334-x64-fullfile-en-us.exe
2012-10-16 15:55 - 2012-10-16 15:42 - 528942736 ____A (Microsoft Corporation) C:\Users\someuser\Downloads\OfficeServer MOSS 2007.exe
2012-10-15 13:01 - 2012-10-15 13:01 - 00000106 ____A C:\Users\someuser\Downloads\hayden.rdp
2012-10-15 04:20 - 2012-10-15 04:20 - 00000238 ____A C:\Windows\ODBCINST.INI
2012-10-15 04:20 - 2010-09-22 22:28 - 01189474 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-15 03:57 - 2012-10-15 03:55 - 217061888 ____A C:\Users\someuser\Downloads\mysql-installer-community-5.5.28.2.msi
2012-10-14 07:26 - 2012-10-14 07:26 - 00001560 ____A C:\Users\someuser\Downloads\jquery.localscroll-1.2.7-min.js.txt
2012-10-14 07:21 - 2012-10-14 07:21 - 00002434 ____A C:\Users\someuser\Downloads\jquery.scrollTo-1.4.3.1-min.js
2012-10-12 08:37 - 2012-10-12 08:37 - 13725696 ____A C:\Users\someuser\Downloads\tfpt(1).msi
2012-10-12 07:01 - 2012-10-12 07:01 - 01548465 ____A C:\Users\someuser\Downloads\Routing-Assistant-v1.4.0.0.vsix
2012-10-12 06:54 - 2012-10-12 06:54 - 00146449 ____A C:\Users\someuser\Downloads\FavoriteDocuments_15.vsix
2012-10-11 14:13 - 2012-10-11 14:13 - 00000020 __ASH C:\Users\www.3331.com\ntuser.ini
2012-10-11 10:03 - 2012-10-11 10:02 - 34667599 ____A C:\Users\someuser\Downloads\GitExtensions241SetupComplete.msi
2012-10-10 05:10 - 2012-10-10 05:10 - 00715392 ____A () C:\Users\someuser\Downloads\GitHubSetup.exe
2012-10-10 05:09 - 2012-10-10 05:09 - 00001850 ____A C:\Users\Public\Desktop\Git Bash.lnk
2012-10-10 04:58 - 2012-10-10 04:57 - 15383103 ____A ( ) C:\Users\someuser\Downloads\Git-1.7.11-preview20120710.exe
2012-10-10 02:59 - 2012-10-10 02:59 - 01091128 ____A C:\Users\someuser\Downloads\Unlocker1.9.1.exe
2012-10-10 02:53 - 2012-10-10 02:53 - 01106961 ____A C:\Users\someuser\Downloads\Unlocker1.9.1-x64.exe
2012-10-10 02:49 - 2012-10-10 02:46 - 157324840 ____A C:\Users\someuser\Downloads\eclipse-java-juno-SR1-win32-x86_64 (1).zip
2012-10-10 02:45 - 2012-10-10 02:43 - 02390484 ____A C:\Users\someuser\Downloads\eclipse-java-juno-SR1-win32-x86_64.zip
2012-10-10 02:33 - 2010-09-21 23:10 - 01217492 ____A C:\Windows\PFRO.log
2012-10-10 02:15 - 2012-10-10 01:57 - 83191350 ____A C:\Users\someuser\Downloads\eclipse-java-europa-winter-win32.zip
2012-10-10 01:53 - 2012-10-10 01:53 - 02000350 ____A C:\Users\someuser\Downloads\yuicompressor-2.4.7(1).zip
2012-10-09 06:36 - 2012-10-09 06:36 - 00007994 ____A C:\Users\someuser\Downloads\VSNewFile v1.0.0.0.zip
2012-10-07 04:19 - 2012-10-07 04:19 - 03782704 ____A C:\Users\someuser\Downloads\battlelog-web-plugins-1.138.0-retail-prod.exe
2012-10-07 04:17 - 2012-04-04 17:19 - 00002603 ____A C:\Windows\KB893803v2.log
2012-10-07 04:16 - 2012-10-07 04:15 - 65060392 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginSetup.exe
2012-10-07 04:12 - 2012-10-07 04:12 - 16910176 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginThinSetup(1).exe
2012-10-07 02:53 - 2012-10-07 02:53 - 00010934 ____A C:\Users\someuser\Downloads\selectivizr-1.0.2(1).zip
2012-10-07 02:43 - 2012-10-07 02:43 - 00008278 ____A C:\Users\someuser\Downloads\imsky-cssFx-v0.9.6-5-g06c76cc.zip
2012-10-05 23:44 - 2012-10-05 23:44 - 05222012 ____A C:\Users\someuser\Downloads\DPStudio.VSCommands(1).vsix
2012-10-05 05:45 - 2012-10-05 05:45 - 16910176 ____A (Electronic Arts, Inc.) C:\Users\someuser\Downloads\OriginThinSetup.exe
2012-10-04 06:47 - 2012-06-18 16:52 - 00123141 ____A C:\Windows\SysWOW64\TVersityMediaServer.log
2012-10-04 06:46 - 2012-06-18 16:52 - 00000000 ____A C:\Windows\SysWOW64\chrome.log
2012-10-04 06:42 - 2012-10-04 06:41 - 49840240 ____A C:\Users\someuser\Downloads\TVersityProSetup_2_3.exe
2012-10-01 06:52 - 2012-10-01 06:52 - 00043098 ____A C:\Windows\SysWOW64\unins000.dat
2012-10-01 06:50 - 2012-10-01 06:52 - 01183481 ____A C:\Windows\SysWOW64\unins000.exe
2012-10-01 06:50 - 2012-10-01 06:50 - 04726102 ____A (ffdshow ) C:\Users\someuser\Downloads\ffdshow_rev4486_20120825_clsid.exe
2012-10-01 06:47 - 2012-10-01 06:46 - 02030080 ____A C:\Users\someuser\Downloads\ffdshow-20041012.exe
2012-10-01 05:25 - 2012-10-01 05:25 - 00133911 ____A C:\Users\someuser\Downloads\[warez.ag]Dexter.S06.torrent
2012-10-01 05:15 - 2012-10-01 05:15 - 00048197 ____A C:\Users\someuser\Downloads\[warez.ag]Entourage Season 8 Complete 720p.torrent
2012-10-01 03:55 - 2012-10-01 03:55 - 02640241 ____A C:\Users\someuser\Downloads\NuGet.Tools.vsix
2012-09-30 02:51 - 2012-09-30 02:51 - 00101375 ____A C:\Users\someuser\Downloads\excanvas_r3.zip
2012-09-29 20:06 - 2012-09-29 20:06 - 00031687 ____A C:\Users\someuser\Downloads\Html5MVCWebControls.zip
2012-09-29 16:03 - 2012-09-29 16:03 - 00487424 ____A C:\Users\someuser\Downloads\MetroElementsBeta.msi
2012-09-25 23:59 - 2012-09-25 23:59 - 01314811 ____A C:\Users\someuser\Downloads\putty-src.zip
2012-09-25 21:31 - 2012-09-25 21:31 - 00645729 ____A (WDS Team) C:\Users\someuser\Downloads\windirstat1_1_2_setup(1).exe
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\ToolinsiderUser\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\Mcx1-ALIEN\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\someuser\Desktop\WinDirStat.lnk
2012-09-25 21:31 - 2012-09-25 21:31 - 00000991 ____A C:\Users\Joey.Alien\Desktop\WinDirStat.lnk
2012-09-25 21:17 - 2011-01-16 10:57 - 00000281 ____A C:\Users\someuser\SciTE.session
2012-09-25 15:26 - 2012-09-25 15:25 - 07377952 ____A (AutoIt Team) C:\Users\someuser\Downloads\autoit-v3-setup.exe
2012-09-25 15:25 - 2012-09-25 15:25 - 04679306 ____A C:\Users\someuser\Downloads\SciTE4AutoIt3.exe
2012-09-25 15:10 - 2010-10-06 06:42 - 00000600 ____A C:\Users\someuser\AppData\Local\PUTTY.RND
2012-09-25 13:40 - 2012-09-25 13:40 - 00303104 ____A (Simon Tatham) C:\Users\someuser\Downloads\plink.exe
2012-09-25 13:04 - 2012-09-25 13:04 - 00483328 ____A (Simon Tatham) C:\Users\someuser\Downloads\putty.exe
2012-09-25 13:00 - 2012-09-25 13:00 - 00195720 ____A C:\Users\someuser\Downloads\TST10.zip
2012-09-25 12:40 - 2012-09-25 12:40 - 00005714 ____A C:\Users\someuser\Downloads\powerdown-1.02-noarch-unRAID.tgz
2012-09-25 12:15 - 2012-09-25 12:15 - 19583540 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration-20120925.10.vsix
2012-09-24 00:40 - 2012-09-24 00:40 - 01463650 ____A C:\Users\someuser\Downloads\Searcharoo_7_its.zip
2012-09-24 00:25 - 2012-09-24 00:25 - 02700890 ____A C:\Users\someuser\Downloads\Apache-Lucene.Net-2.9.4-incubating.src.zip
2012-09-23 21:07 - 2012-09-23 21:07 - 03901049 ____A C:\Users\someuser\Downloads\mikhail-tsennykh-Lucene.Net-search-MVC-sample-site-0f4e63a.zip
2012-09-23 13:46 - 2012-09-23 13:46 - 00061685 ____A C:\Users\someuser\Downloads\bluescreenview.zip
2012-09-23 12:40 - 2012-09-23 12:40 - 01741760 ____A (Hewlett-Packard Development Company, L.P. ) C:\Users\someuser\Downloads\sp46426.exe
2012-09-17 17:30 - 2010-09-22 23:33 - 00194938 ____A C:\Windows\DPINST.LOG
2012-09-17 17:18 - 2010-10-22 23:33 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-17 17:18 - 2010-10-22 23:33 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 15:59 - 2012-09-14 15:59 - 00097587 ____A C:\Users\someuser\Downloads\442749490002-6706549.zip
2012-09-14 09:23 - 2012-09-14 09:23 - 00536912 ____A (Eric Lawrence) C:\Users\someuser\Downloads\FiddlerSyntaxSetup.exe
2012-09-12 14:03 - 2010-09-21 23:03 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-12 12:40 - 2012-09-12 12:40 - 00464740 ____A C:\Users\someuser\Downloads\jquery-ui-1.8.23.custom(1).zip
2012-09-11 05:37 - 2012-09-11 05:37 - 00746696 ____A (Eric Lawrence) C:\Users\someuser\Downloads\Fiddler2Setup(1).exe
2012-09-09 15:15 - 2012-09-09 15:15 - 02364868 ____A C:\Users\someuser\Downloads\businesscard-3.5inx2in-h-front.jpg.zip
2012-09-09 14:39 - 2012-09-09 14:39 - 00229099 ____A C:\Users\someuser\Downloads\patternhead-pattern57.zip
2012-09-09 14:33 - 2012-09-09 14:33 - 00005370 ____A C:\Users\someuser\Downloads\pattern8-pattern-22a.zip
2012-09-09 14:23 - 2012-09-09 14:22 - 00004990 ____A C:\Users\someuser\Downloads\pattern8-pattern-76a.zip
2012-09-09 14:00 - 2012-09-09 14:00 - 02353694 ____A C:\Users\someuser\Downloads\businesscard-3.5inx2in-round.jpg.zip
2012-09-09 13:16 - 2012-09-09 13:16 - 00441975 ____A C:\Users\someuser\Downloads\_Business_Cards.zip
2012-09-09 12:29 - 2012-09-09 12:29 - 01579808 ____A C:\Users\someuser\Downloads\ornate_patterns_01_vector_151038.zip
2012-09-09 12:29 - 2012-09-09 12:29 - 01257580 ____A C:\Users\someuser\Downloads\european_pattern_patterns_02_vector_151074.zip
2012-09-09 11:55 - 2012-09-09 11:55 - 01101923 ____A C:\Users\someuser\Downloads\european_pattern_of_patterns_01_vector_151387.zip
2012-09-09 11:50 - 2012-09-09 11:50 - 01183196 ____A C:\Users\someuser\Downloads\european_pattern_patterns_03_vector_151398.zip
2012-09-09 11:23 - 2012-09-09 11:23 - 01365492 ____A C:\Users\someuser\Downloads\businesscard_template_us.ai
2012-09-09 10:00 - 2012-09-09 10:00 - 00761594 ____A C:\Users\someuser\Downloads\card_horizontal.psd
2012-09-09 09:31 - 2012-09-09 09:31 - 01010057 ____A C:\Users\someuser\Downloads\retro_design_elements_148621.zip
2012-09-09 09:26 - 2012-09-09 09:26 - 00577941 ____A C:\Users\someuser\Downloads\classical_decorative_patterns_free_vector_graphics_147299.zip
2012-09-09 09:09 - 2012-09-09 09:09 - 00029975 ____A C:\Users\someuser\Downloads\george-williams_parisian.zip
2012-09-07 22:47 - 2012-09-07 22:47 - 13351295 ____A C:\Users\someuser\Downloads\jaymedavis-stripe.net-628e1d0.zip
2012-09-07 03:55 - 2012-09-07 03:55 - 13348073 ____A C:\Users\someuser\Downloads\jaymedavis-stripe.net-9227cc4.zip
2012-09-07 00:08 - 2012-04-13 10:11 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-07 00:08 - 2011-05-18 09:00 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-06 23:26 - 2012-07-07 06:13 - 00001066 ____A C:\Windows\ODBC.INI
2012-09-05 09:44 - 2010-09-21 23:56 - 00564717 ____A C:\Windows\DirectX.log
2012-09-05 09:32 - 2012-09-05 09:32 - 03878360 ____A C:\Users\someuser\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe
2012-09-05 01:51 - 2012-09-05 01:51 - 02517682 ____A C:\Users\someuser\Downloads\Pencil-1.3-4-fx.xpi
2012-09-02 22:42 - 2012-09-02 22:42 - 00466089 ____A C:\Users\someuser\Downloads\jquery-ui-1.8.23.custom.zip
2012-09-02 06:03 - 2012-09-02 06:02 - 01478656 ____A C:\Users\someuser\Downloads\LogParser.msi
2012-08-31 15:24 - 2012-08-31 15:23 - 17789456 ____A (Mozilla) C:\Users\someuser\Downloads\Firefox Setup 15.0.exe
2012-08-31 04:53 - 2012-08-31 04:53 - 13346231 ____A C:\Users\someuser\Downloads\jaymedavis-stripe.net-56d2a03(1).zip
2012-08-30 00:22 - 2012-08-30 00:22 - 00035643 ____A C:\Users\someuser\Downloads\v1.0.1.zip
2012-08-28 19:08 - 2012-08-28 19:08 - 13346231 ____A C:\Users\someuser\Downloads\jaymedavis-stripe.net-56d2a03.zip
2012-08-28 15:57 - 2012-08-28 15:57 - 00532362 ____A C:\Users\someuser\Downloads\39549_57906_Stripe.zip
2012-08-28 13:41 - 2012-08-28 13:41 - 00999840 ____A (Solid State Networks) C:\Users\someuser\Downloads\install_flashplayer11x32_mssd_au_aih.exe
2012-08-28 01:15 - 2012-08-28 01:15 - 00024065 ____A C:\Users\someuser\Downloads\AuthorizeNet_SilentPost_VS2008.zip
2012-08-27 22:15 - 2012-08-27 22:15 - 01117296 ____A C:\Users\someuser\Downloads\ducsetup(1).exe
2012-08-26 13:36 - 2012-08-26 13:36 - 00000000 ____A C:\Users\someuser\Downloads\424_boc.pdflx.shtmlvices.dap
2012-08-26 13:35 - 2012-08-26 13:35 - 00000000 ____A C:\Users\someuser\Downloads\401_boc.doc.dap
2012-08-26 00:58 - 2012-08-26 00:58 - 01224043 ____A C:\Users\someuser\Downloads\37504_42550_Payments.PayPalExpress-plugin.zip
2012-08-25 16:16 - 2011-06-10 02:00 - 03501056 ____A C:\Windows\SysWOW64\ffdshow.ax
2012-08-25 16:14 - 2011-06-10 02:00 - 03915776 ____A C:\Windows\SysWOW64\ffmpeg.dll
2012-08-23 18:05 - 2012-08-23 18:05 - 00143360 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
2012-08-23 18:04 - 2012-08-23 18:04 - 00592384 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
2012-08-23 18:04 - 2012-08-23 18:04 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
2012-08-23 13:55 - 2012-08-23 13:55 - 00000020 __ASH C:\Users\nop265\ntuser.ini
2012-08-23 13:52 - 2012-08-23 13:52 - 29900633 ____A C:\Users\someuser\Downloads\nopCommerce_2.65_Source.rar
2012-08-23 11:57 - 2012-08-23 11:56 - 03388026 ____A C:\Users\someuser\Downloads\nopCommerceTranslator.zip
2012-08-22 18:00 - 2012-10-01 06:52 - 00099840 ____A C:\Windows\SysWOW64\ffvdub.vdf
2012-08-22 17:59 - 2012-10-01 06:52 - 00056832 ____A C:\Windows\SysWOW64\FLT_ffdshow.dll
2012-08-22 17:59 - 2011-06-10 02:00 - 00271360 ____A C:\Windows\SysWOW64\TomsMoComp_ff.dll
2012-08-22 17:58 - 2012-10-01 06:52 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-08-22 17:58 - 2011-06-10 02:00 - 00268288 ____A C:\Windows\SysWOW64\ff_kernelDeint.dll
2012-08-22 17:57 - 2012-10-01 06:52 - 00049664 ____A C:\Windows\SysWOW64\ffavisynth.dll
2012-08-22 17:57 - 2011-06-10 02:00 - 01525760 ____A C:\Windows\SysWOW64\ff_samplerate.dll
2012-08-22 17:57 - 2011-06-10 02:00 - 00157184 ____A C:\Windows\SysWOW64\ff_unrar.dll
2012-08-22 17:57 - 2011-06-10 02:00 - 00147456 ____A C:\Windows\SysWOW64\ff_libmad.dll
2012-08-22 17:57 - 2011-06-10 02:00 - 00099840 ____A C:\Windows\SysWOW64\ff_wmv9.dll
2012-08-22 17:56 - 2011-06-10 02:00 - 00330240 ____A C:\Windows\SysWOW64\ff_libfaad2.dll
2012-08-22 17:56 - 2011-06-10 02:00 - 00211968 ____A C:\Windows\SysWOW64\ff_libdts.dll
2012-08-22 17:56 - 2011-06-10 02:00 - 00114688 ____A C:\Windows\SysWOW64\ff_liba52.dll
2012-08-22 10:12 - 2012-09-12 00:09 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 00:09 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 00:09 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 00:09 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-17 15:32 - 2012-08-17 15:32 - 00004371 ____A C:\Users\someuser\Downloads\retina.zip
2012-08-16 23:01 - 2012-08-16 23:01 - 00110592 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
2012-08-16 23:01 - 2012-08-16 23:01 - 00025600 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzdaendpt.sys
2012-08-16 23:01 - 2012-08-16 23:01 - 00022528 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzvkeyboard.sys
2012-08-16 23:01 - 2012-08-16 23:01 - 00006656 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzkbdhid.sys
2012-08-16 08:31 - 2011-02-14 22:20 - 00219911 ____A C:\Users\someuser\AppData\Local\debuggee.mdmp
2012-08-16 07:49 - 2010-09-22 22:17 - 00000039 ____A C:\Windows\vbaddin.ini
2012-08-15 11:14 - 2012-08-15 11:14 - 19584832 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration-20120814.10.vsix
2012-08-15 10:37 - 2012-08-15 10:36 - 19252599 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration.10(3).vsix
2012-08-14 12:30 - 2012-08-14 11:30 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-12 09:21 - 2012-08-12 09:21 - 00046434 ____A C:\Users\someuser\Downloads\Golden-Grid-System-df652de.zip
2012-08-11 08:09 - 2012-08-11 08:08 - 38494576 ____A (Apple Inc.) C:\Users\someuser\Downloads\SafariSetup.exe
2012-08-10 13:54 - 2012-08-10 13:54 - 00010934 ____A C:\Users\someuser\Downloads\selectivizr-1.0.2.zip
2012-08-10 06:25 - 2012-08-10 06:25 - 00013221 ____A C:\Users\someuser\Downloads\modernizr.custom.45954.js
2012-08-10 05:31 - 2012-08-10 05:31 - 00050742 ____A C:\Users\someuser\Downloads\initializr-verekia-3.0.zip
2012-08-09 13:02 - 2012-08-09 13:02 - 03587055 ____A C:\Users\someuser\Downloads\drupal-7.15.zip
2012-08-07 08:32 - 2012-08-07 08:32 - 00000737 ____A C:\Users\someuser\.recently-used.xbel
2012-08-07 08:02 - 2012-08-07 08:01 - 35746429 ____A (inkscape.org) C:\Users\someuser\Downloads\Inkscape-0.48.2-1-win32(1).exe
2012-08-07 08:02 - 2012-08-07 08:01 - 12476906 ____A C:\Users\someuser\Downloads\VectorMagic_DeskEdition_Win_32bit_1.08.zip
2012-08-07 08:00 - 2012-08-07 08:00 - 00004248 ____A C:\Users\someuser\Downloads\[warez.ag]VectorMagic_DeskEdition_Win_32bit_1.08.zip.torrent
2012-08-07 07:31 - 2012-08-07 07:31 - 00841770 ____A C:\Users\someuser\Downloads\iphone.svg
2012-08-07 07:31 - 2012-08-07 07:31 - 00105351 ____A C:\Users\someuser\Downloads\iphone.eps
2012-08-07 07:22 - 2012-08-07 07:22 - 00887160 ____A C:\Users\someuser\Downloads\apple_iphone.svg
2012-08-06 15:53 - 2012-08-06 15:53 - 00003575 ____A C:\Users\someuser\Downloads\bootswatch(1).less
2012-08-06 15:49 - 2012-08-06 15:49 - 00006093 ____A C:\Users\someuser\Downloads\variables(1).less
2012-08-06 14:32 - 2012-08-06 14:32 - 00052656 ____A C:\Users\someuser\Downloads\unassoc_1_4.zip
2012-08-06 11:08 - 2012-08-06 11:08 - 06663046 ____A C:\Users\someuser\Downloads\borderlands2_wallpaper1.zip
2012-08-06 11:08 - 2012-08-06 11:08 - 05755500 ____A C:\Users\someuser\Downloads\borderlands2_wallpaper2.zip
2012-08-06 10:48 - 2012-08-06 10:48 - 00009164 ____A C:\Users\someuser\Downloads\bootswatch.less
2012-08-06 10:48 - 2012-08-06 10:48 - 00006183 ____A C:\Users\someuser\Downloads\variables.less
2012-08-06 06:55 - 2012-08-06 06:55 - 01171866 ____A C:\Users\someuser\Downloads\twitter-bootstrap-v2.0.4-1-g857b8fb.zip
2012-08-06 06:22 - 2012-08-06 06:22 - 00000020 ___SH C:\Users\bootstrap\ntuser.ini
2012-08-05 05:47 - 2012-08-05 05:47 - 00072833 ____A C:\Users\someuser\Downloads\bootstrap.zip
2012-08-04 02:15 - 2012-08-04 02:15 - 19251123 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration-20120803.10.vsix
2012-08-02 09:58 - 2012-09-12 00:09 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 00:09 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-02 08:48 - 2012-08-02 08:48 - 00081840 ____A (Symantec Corporation) C:\Windows\System32\FwsVpn.dll
2012-08-02 08:48 - 2012-08-02 08:48 - 00058288 ____A (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2012-08-02 08:48 - 2012-08-02 08:48 - 00058288 ____A (Symantec Corporation) C:\Windows\System32\snacnp.dll
2012-08-02 08:48 - 2012-08-02 08:48 - 00042632 ____A (Symantec Corporation) C:\Windows\System32\Drivers\WGX64.SYS
2012-08-02 08:48 - 2009-11-10 16:09 - 00288176 ____A (Symantec Corporation) C:\Windows\System32\SymVPN.dll
2012-08-02 08:44 - 2010-09-22 21:11 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-02 08:44 - 2010-09-22 21:11 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-01 23:00 - 2012-08-01 23:00 - 00641881 ____A (WDS Team) C:\Users\someuser\Downloads\windirstat1_1_2_setup.exe
2012-08-01 03:06 - 2012-08-01 03:06 - 19251116 ____A C:\Users\someuser\Downloads\Mindscape.WebWorkbench.Integration-20120731.10.vsix
2012-07-31 10:13 - 2012-07-31 10:12 - 04850213 ____A C:\Users\someuser\Downloads\Shelf-Wallpaper.zip
2012-07-31 10:06 - 2012-07-31 10:06 - 03696555 ____A C:\Users\someuser\Downloads\flow.zip
2012-07-31 09:41 - 2012-07-31 09:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-07-31 09:40 - 2012-07-31 09:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2012-07-31 09:35 - 2012-07-31 09:34 - 08574320 ____A (Razer USA Ltd.) C:\Users\someuser\Downloads\Razer_Synapse2_v1.03.07.exe
2012-07-30 19:32 - 2012-07-30 19:32 - 02220032 ____A C:\Users\someuser\Downloads\wcat.amd64.msi
2012-07-30 19:26 - 2012-07-30 19:25 - 02220032 ____A C:\Users\someuser\Downloads\wcat.x86.msi
2012-07-30 01:12 - 2010-12-02 16:27 - 00001426 ____A C:\Windows\LkmdfCoInst.log
2012-07-30 01:11 - 2010-12-02 16:27 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-07-29 11:18 - 2012-07-29 11:17 - 00141271 ____A C:\Users\someuser\Downloads\MoneyType.zip
2012-07-28 16:49 - 2012-07-28 16:49 - 00186812 ____A C:\Users\someuser\Downloads\webfontkit-20120728-204930.zip
2012-07-27 20:09 - 2012-02-14 18:34 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-27 19:47 - 2012-07-27 19:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-27 19:47 - 2012-07-27 19:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-27 19:47 - 2012-07-27 19:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-27 19:47 - 2012-07-27 19:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-27 19:47 - 2012-07-27 19:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-27 19:46 - 2012-07-27 19:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-27 19:46 - 2012-07-27 19:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-27 18:15 - 2012-02-14 19:18 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-27 18:13 - 2011-10-12 12:13 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-27 18:10 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-27 18:06 - 2012-07-27 18:06 - 01102128 ____A C:\Users\someuser\Downloads\ProcessMonitor.zip
2012-07-27 17:51 - 2011-10-12 11:54 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-27 17:41 - 2012-06-11 08:51 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-27 17:32 - 2012-02-14 18:29 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-27 17:25 - 2012-06-11 08:36 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-27 17:15 - 2012-06-11 08:27 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-27 17:13 - 2012-07-27 17:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-27 17:13 - 2012-06-11 08:25 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-27 17:13 - 2010-08-03 22:15 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-27 17:13 - 2010-08-03 22:14 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-26 21:35 - 2012-07-26 21:34 - 00282592 ____A C:\Windows\Minidump\072712-165579-01.dmp
2012-07-26 21:33 - 2010-12-18 09:24 - 1870888966 ____A C:\Windows\MEMORY.DMP
2012-07-24 20:16 - 2012-07-24 20:16 - 24785328 ____A (MediaFire) C:\Users\someuser\Downloads\MediaFireExpress-0.13.3.3927-windows.exe

ZeroAccess:
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}\@
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}\L
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}\U
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}\U\00000008.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 10:04:18
Restore point made on: 2012-10-12 09:49:24
Restore point made on: 2012-10-15 04:16:43
Restore point made on: 2012-10-17 12:03:06

==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 24566.93 MB
Available physical RAM: 22871.23 MB
Total Pagefile: 24565.07 MB
Available Pagefile: 22865.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:563.03 GB) NTFS
2 Drive d: (VSTS) (Fixed) (Total:149.01 GB) (Free:56.03 GB) NTFS
3 Drive e: (Dont Touch) (Fixed) (Total:232.82 GB) (Free:160.35 GB) NTFS
4 Drive f: (Dont Touch) (Fixed) (Total:149.05 GB) (Free:117.41 GB) NTFS
6 Drive i: (Transcend) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
13 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 149 GB 0 B
Disk 2 Online 232 GB 7168 KB
Disk 3 Online 149 GB 0 B
Disk 4 Online 3830 MB 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Disk 8 No Media 0 B 0 B
Disk 9 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D VSTS NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Dont Touch NTFS Partition 232 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Dont Touch NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 4096 KB

==================================================================================

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I Transcend FAT32 Removable 3826 MB Healthy

=========================================================

Last Boot: 2012-10-15 21:48

==================== End Of Log =============================



Farbar Recovery Scan Tool (x64) Version: 16-10-2012
Ran by SYSTEM at 2012-10-18 16:05:37
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Edited by StrandedPirate, 18 October 2012 - 04:51 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 18 October 2012 - 06:00 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 StrandedPirate

StrandedPirate
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 18 October 2012 - 06:45 PM

Done, here she is:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012
Ran by SYSTEM at 2012-10-18 17:02:55 Run:1
Running from J:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{18120cc9-2de6-6c07-8cc6-5cdb6712576b} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 18 October 2012 - 06:59 PM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 20 October 2012 - 11:47 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 24 October 2012 - 05:40 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:03 PM

Posted 26 October 2012 - 11:12 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users