Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG refuses to turn on


  • This topic is locked This topic is locked
13 replies to this topic

#1 Hibiya

Hibiya

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 26 October 2012 - 05:21 AM

A few websites say that my computer is infected. You know the "fill out this captcha log thing before being able to access the website", so I scanned my laptop using AVG 2012 (free edition), but nothing comes up. And then I downloaded malwarebytes. Did a full scan and a large number of instances of PUP.blabbers came up. I chose to remove all of them, and then restarted my computer. After logging on though the screen just becomes completely black with the cursor right in the center. I can still move the cursor and access the ctrl+alt+delete menu, but beyond that I can't really do anything. Thankfully, safe mode still works and I did a system restore. Everything's back to the way it was. Well, except my computer is overheating and using up battery like crazy but after restarting a few times it goes back to normal.

To my surprise anything related to malwarebytes is removed. Including the installer and the core program itself. Downloaded it again and scanned and found all of those instances of PUP.blabbers again. Decided not to touch any of it for the sake of not having to go through the system restore thing all over again. Thought the problem ended there but then I noticed that AVG will no longer turn on. Or, at least that's what windows reports me. Trying to turn it on myself does nothing. The icon is still in the system tray and I can open the user interface after double clicking but I can't scan or do anything other than do a network speedtest and install mobile.

So far I haven't really encountered any problems beyond this. No errors or any noticeable slow downs. Laptop runs fine except for the overheating and battery problem, though that's sort of a hit or miss. Sometimes when I turn the laptop on it starts overheating, sometimes it doesn't and runs like normal. Haven't experienced the overheating in a while, though.

Using Windows 7 64-bit on a Sony VAIO S series laptop.





DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Xandria at 19:48:43 on 2012-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4012.1195 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\TrueSuite\TrueSuite.Service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGUP.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Users\Xandria\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\Xandria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uDefault_Page_URL = hxxp://sony.msn.com
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{63F91E15-27B3-4105-B553-8D09E85A368E}
mWinlogon: Userinit = userinit.exe
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Yahoo!ツールバーフィッシング警告: {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_14\Modules\ypho.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yahoo!ツールバーヘルパー: {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_14\Modules\YahooToolBar.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: Yahoo!ツールバー: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_14\Modules\YahooToolBar.dll
TB: Yahoo!ツールバー: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_14\Modules\YahooToolBar.dll
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Xandria\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EPSON L200 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGUP.EXE /FU "C:\Windows\TEMP\E_SC7A2.tmp" /EF "HKCU"
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Xandria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Xandria\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Xandria\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\24C616277686 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\35D4F564275656F575966496 : DHCPNameServer = 202.57.32.1 202.57.32.2
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\4656661657C647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\D41627275627F6027596D26696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7AD7A221-5232-4F60-A1ED-BD928D0CAAE5}\D697C474E45647 : DHCPNameServer = 124.106.4.2 124.106.7.2
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
x64-Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
x64-Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-5 52856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-16 270912]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-14 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-24 2429544]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [2012-7-26 703616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-2-25 257936]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-11 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-13 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-11 67952]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-1-10 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-1-10 528760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-25 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-2-25 584080]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-28 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 549168]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-2-25 923024]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-14 8283136]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-14 295424]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-25 19968]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-12-11 894240]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2011-12-31 4608]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-14 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-14 12252192]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-5 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-11-9 8500736]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-2 180736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-25 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-28 303872]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-1-10 13312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-25 13336]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-25 104960]
S2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 21096]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-25 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-25 39464]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-11 281088]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2012-7-10 113792]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-3 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-24 340072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-24 03:59:41 -------- d-----w- C:\Users\Xandria\AppData\Local\{160D90F5-E1C7-454A-B285-6DDCAA6F4C1B}
2012-10-23 15:59:28 -------- d-----w- C:\Users\Xandria\AppData\Local\{8DC8892C-FE00-4FFF-AD21-D72829A6D778}
2012-10-23 15:20:22 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{2F849848-41FC-4776-B5A3-7C2D09884BB4}
2012-10-23 15:20:09 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{C7A058C6-76FC-49F4-B9A7-D81A72F7EB40}
2012-10-23 15:20:02 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4EAB669D-C76E-4E93-88BC-618CCC976D19}
2012-10-23 14:34:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B6B283-DDC8-4F6C-8F68-0693897D673D}\offreg.dll
2012-10-23 13:17:32 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CF0A30A2-4A6F-473E-A711-644C4139E5D1}
2012-10-23 13:07:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D078B716-1EEA-47A5-BF98-97FE51E6253B}
2012-10-23 13:07:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{62A71ACA-F2F9-41ED-8A97-0AC28DF6D4C1}
2012-10-23 13:07:51 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F00FEC6E-812A-4618-98CE-364F7F5EF9AB}
2012-10-23 12:44:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B6B283-DDC8-4F6C-8F68-0693897D673D}\mpengine.dll
2012-10-22 14:26:03 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{01F47487-3F1F-4218-BC4A-616D502086D4}
2012-10-22 05:49:02 -------- d-----w- C:\Users\Xandria\AppData\Local\{35B203D1-8D5D-491A-B5BB-8CDE104E6AE5}
2012-10-21 13:17:32 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CEB0AF27-A57C-4E8A-BCF9-99ADF7068311}
2012-10-20 13:17:38 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{84CDAD96-DBE9-4AE4-A38D-F6B88BE0BE9D}
2012-10-19 13:17:39 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6E78E079-FA74-4B4B-B989-64D4C5E42279}
2012-10-18 15:25:11 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A36E4500-E53A-43E6-9283-7CC4A0FD8E34}
2012-10-18 08:25:56 -------- d-----w- C:\Users\Xandria\AppData\Local\{797F5A9B-3956-40A9-BFC7-9BEACF82CFFC}
2012-10-17 18:05:17 -------- d-----w- C:\Users\Xandria\AppData\Local\{B69CEEBE-F329-4AE7-BB74-1A2E1C9AB923}
2012-10-17 17:02:22 -------- d-----w- C:\Users\Xandria\AppData\Local\fontconfig
2012-10-17 17:02:18 -------- d-----w- C:\Users\Xandria\.gimp-2.8
2012-10-17 17:02:15 -------- d-----w- C:\Users\Xandria\AppData\Local\gegl-0.2
2012-10-17 16:59:53 -------- d-----w- C:\Program Files\GIMP 2
2012-10-17 13:17:39 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{70EC3873-6C1A-4845-B06B-6D997FFA1710}
2012-10-17 04:34:22 -------- d-----w- C:\Users\Xandria\AppData\Local\{85E7E10F-ED29-4CE7-B87B-AB3DD1B1F97E}
2012-10-16 13:17:35 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CABC84F9-2B71-40C1-A21C-2400D3C02C7C}
2012-10-16 10:18:10 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9CFFD8B4-94A1-4141-8270-63670FEFB069}
2012-10-16 10:18:00 -------- d-----w- C:\Users\Xandria\AppData\Local\{914F9972-0FD1-4C8E-9399-F9A56B419C48}
2012-10-16 05:42:19 -------- d-----w- C:\Users\Xandria\AppData\Local\{0E0FB649-AA98-4974-B200-CACD25AC5B93}
2012-10-14 13:17:46 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0FBC04BF-438D-4FEB-8CF7-1B467A52195E}
2012-10-14 08:19:41 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{4115F02C-2B83-438A-91EF-1A485F10F5CB}
2012-10-14 08:09:28 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{C830432B-E5B9-4539-9EEB-5E6A0D212B2B}
2012-10-14 08:09:26 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{0C1E1E85-16E7-4CB2-B62C-FE628C5C09F6}
2012-10-14 08:09:20 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F2E92716-72AC-4254-B0E2-05631ED53312}
2012-10-14 08:09:19 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6C555B18-4DA1-467B-A0F1-327CD3DA6952}
2012-10-14 08:09:17 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0A07A98B-6E59-41C4-ACD0-BFF2F4855DDD}
2012-10-14 08:09:15 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5AC1ED8D-791B-4371-B22C-C8FC25F517A0}
2012-10-14 02:05:41 -------- d-----w- C:\Users\Xandria\AppData\Local\{C128467C-FFC6-4786-BA4A-621F3F437FF2}
2012-10-13 13:17:44 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{711358FA-2E02-45A5-9365-A23E543B6B50}
2012-10-12 16:15:36 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F3A660B2-0009-433A-AC6D-A92602E25177}
2012-10-12 16:15:35 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{23AB8CC8-A8E5-4359-BD14-DF0B553A7C57}
2012-10-12 16:15:33 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{811FC5FF-7D21-41ED-9985-F20CB217892C}
2012-10-12 15:45:37 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{17362E56-C37B-4DFC-9399-37C38C6A5215}
2012-10-11 15:00:52 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1787E268-A87F-421D-8397-BF41B50FECB2}
2012-10-10 13:17:45 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{958B3EF8-95D4-4FCE-AC3C-A1C20FE9F503}
2012-10-10 11:40:24 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 11:40:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 11:40:24 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 11:40:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 11:40:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 11:40:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 11:39:23 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 11:39:23 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 11:34:19 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 11:23:32 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 11:23:30 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 11:23:30 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 11:14:08 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 11:14:08 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 11:14:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 11:14:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-09 13:17:47 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E686BC8E-6423-4FB4-BE8D-206F673AB3CE}
2012-10-09 09:37:25 -------- d-----w- C:\Users\Xandria\AppData\Local\{67627D51-A302-48BE-B1A3-8A9AB3247FD0}
2012-10-08 13:17:40 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{94A1A8E1-0E2D-4E8A-B736-3D368BB42211}
2012-10-07 13:17:42 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D8A7E58E-2324-48EB-8001-2B622F1CA53F}
2012-10-07 12:09:31 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D4767EC7-AD6C-463A-AB58-1F8CE36D1500}
2012-10-07 12:09:30 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3199A673-8B14-4C86-9389-3D5EE84CE054}
2012-10-07 12:09:28 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C8AE636F-9758-4750-A5F7-61F73E1CBC84}
2012-10-07 08:34:09 -------- d-----w- C:\Users\Xandria\AppData\Local\{51D62E4B-491A-4BF3-9EF9-7BE4B32927F0}
2012-10-06 14:20:37 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C66B01DE-872C-45F4-BD43-0495AE140C3A}
2012-10-05 12:17:44 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{29295D22-82BB-4492-9F8B-F6D7CA97DF41}
2012-10-05 12:17:44 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{227BDCF9-9E61-413F-B95C-7C331F424C6F}
2012-10-05 12:17:43 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{69063076-DD80-4707-99F2-83E715A55AD0}
2012-10-05 11:32:36 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C80A5FA7-833A-4C27-A0A1-8A0DF712B8B2}
2012-10-04 11:32:40 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B4D2D4FD-18D4-42B8-9095-2A179A5E44BB}
2012-10-03 12:56:40 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{39DA15DD-E3BE-4DDE-8119-96902EE99764}
2012-10-02 14:24:09 -------- d-----w- C:\Users\Xandria\AppData\Local\{05EEA5BF-81C7-4490-AA73-971D64FBB647}
2012-10-02 11:32:48 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{66C0F9A4-26D1-45B0-94F5-33540B9DDED7}
2012-10-02 03:44:01 -------- d-----w- C:\Users\Xandria\AppData\Local\{DA33C3DF-DA4C-42B1-A722-C3D02B853E28}
2012-10-01 11:32:38 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1ECF0E00-03FA-489F-A750-63F7C7DB135D}
2012-10-01 10:04:47 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{66EC1BE4-35C6-4F87-92F1-236A21FFFA88}
2012-10-01 10:04:47 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D0909487-E3B5-428E-B8B5-C3CDA804E767}
2012-10-01 10:04:46 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4D696564-8141-4B13-BC3B-A5148DE19811}
2012-09-30 11:32:36 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{251FC0E4-1668-4A6F-A34C-A441886B2B44}
2012-09-29 11:32:38 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{585D2E86-3AE2-4A22-A4EE-BB658BC427B7}
2012-09-29 08:57:49 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A3199C0B-B39B-4DC8-BA15-637F15D888AC}
2012-09-29 08:57:48 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AC875824-7153-4B3C-AC4E-B01E1F84C945}
2012-09-29 08:57:47 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5674CC84-BA87-45EC-ADE4-3DC11A5D8F51}
2012-09-29 03:57:15 -------- d-----w- C:\Users\Xandria\AppData\Local\{19E8A689-010D-4A12-85E5-B9A548D589A7}
2012-09-28 15:28:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9F1246A5-CA49-425B-8893-DE90A3DC643A}
2012-09-28 12:13:55 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5403ED59-E4B4-44BB-9A14-68DE91441C27}
2012-09-27 11:52:45 -------- d-----w- C:\Users\Xandria\AppData\Local\{8D572BE5-3CAE-4A9C-9015-9B0E1B32B74F}
2012-09-27 11:32:51 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E8B89946-CD8D-4792-AF3D-2EC0489BEEB6}
2012-09-26 23:52:31 -------- d-----w- C:\Users\Xandria\AppData\Local\{98CC0BB9-3D3B-453D-B26F-72FEAB475F10}
2012-09-26 14:42:24 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 11:52:16 -------- d-----w- C:\Users\Xandria\AppData\Local\{0DA7CD35-F109-4504-ADD8-99FEBE6F9EA3}
2012-09-26 11:32:47 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{37A1BB94-9F12-4C3D-98B7-2B5FBB80A6E7}
2012-09-25 23:51:47 -------- d-----w- C:\Users\Xandria\AppData\Local\{2878349C-2894-41D7-ADA3-278E4939C397}
2012-09-25 11:51:21 -------- d-----w- C:\Users\Xandria\AppData\Local\{CF743598-C355-4EBD-9A83-CA863F3F8FBE}
2012-09-25 11:32:38 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9E112C6C-7587-4926-A3A9-B9753F234E9C}
2012-09-24 23:50:46 -------- d-----w- C:\Users\Xandria\AppData\Local\{2826F91E-3C3E-4001-9877-59BA9CFE9C23}
2012-09-24 13:57:19 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CE60C334-5AC1-498F-8D6B-6FCC3AA48F83}
.
==================== Find3M ====================
.
2012-09-17 03:13:19 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 03:13:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-17 03:13:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-02 21:17:49 291828 ----a-w- C:\Windows\To the Moon Uninstaller.exe
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 07:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 19:50:42.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 27 October 2012 - 08:24 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 28 October 2012 - 03:14 AM

Hello, m0le! :)

Thanks for responding! The help is very much appreciated.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 28 October 2012 - 06:53 PM

Certainly this smacks of rootkit. Gmer doesn't back this up but you can't enter normal mode so that's possibly why.

Can you run FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#5 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 29 October 2012 - 05:04 AM

Here you go! Oh, and by the way... AVG suddenly decided to start working again for some strange reason after restarting? I'm not sure what I did or if I did anything at all but yeah it's turned on again.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 29-10-2012 17:49:48
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2010-12-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2010-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [x]
HKLM\...\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2010-12-13] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2010-12-13] (AuthenTec, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673168 2010-11-17] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [734608 2010-12-08] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-09-10] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-06] (Yuna Software)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne [187696 2011-12-15] (Blabbers Communications LTD)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKU\Xandria\...\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay [83344 2010-11-30] (Sony Corporation)
HKU\Xandria\...\Run: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay [186768 2010-11-30] (Sony Corporation)
HKU\Xandria\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Xandria\...\Run: [Google Update] "C:\Users\Xandria\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2011-04-03] (Google Inc.)
HKU\Xandria\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Xandria\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-12] (Skype Technologies S.A.)
HKU\Xandria\...\Run: [EPSON L200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGUP.EXE /FU "C:\Windows\TEMP\E_SC7A2.tmp" /EF "HKCU" [224768 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\Xandria\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Xandria\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Xandria\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 FPLService; "C:\Program Files\TrueSuite\TrueSuite.Service.exe" [290632 2010-12-13] (AuthenTec, Inc)
2 MyEpson Portal Service; "C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe" [703616 2012-07-26] (SEIKO EPSON CORPORATION)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [257936 2010-08-12] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-12] (The Within Network, LLC)

==================== Drivers (Whitelisted) =====================

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-22] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-23] (AVG Technologies CZ, s.r.o.)
3 bbcap; C:\Windows\System32\Drivers\bbcap.sys [4608 2011-12-31] (Windows ® Codename Longhorn DDK provider)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-08-16] (DT Soft Ltd)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
2 uxpatch; C:\Windows\SysWow64\Drivers\uxpatch.sys [25448 2009-07-12] ()
3 dump_wmimmc; \??\C:\Program Files (x86)\Level Up Games\FlyFF\GameGuard\dump_wmimmc.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-29 17:49 - 2012-10-29 17:49 - 00000000 ____D C:\FRST
2012-10-28 14:23 - 2012-10-28 14:24 - 00019033 ____A C:\Users\Xandria\Downloads\[gg]_Magi_-_04_[5870AC0C].mkv.torrent
2012-10-28 07:44 - 2012-10-28 14:49 - 08388013 ____A C:\Users\Xandria\Desktop\yeah.psd
2012-10-28 05:17 - 2012-10-28 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F1AD4C10-970E-4045-BC66-AFBBAA8236DB}
2012-10-28 02:17 - 2012-10-28 02:17 - 00000000 ____D C:\Users\Xandria\Downloads\[Uminonaka+foolishignis] Star Light
2012-10-28 00:42 - 2012-10-28 01:02 - 35760657 ____A C:\Users\Xandria\Downloads\[Uminonaka+foolishignis] Star Light.zip
2012-10-27 14:34 - 2012-10-27 14:34 - 00011991 ____A C:\Users\Xandria\Downloads\[HorribleSubs] Sword Art Online - 17 [480p].mkv.torrent
2012-10-27 05:17 - 2012-10-27 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{45A8F723-4F16-4A83-A3C4-82E4B8F788CB}
2012-10-26 14:12 - 2012-10-26 14:12 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F442F8F2-D41D-4B10-9864-68BA305273EC}
2012-10-26 14:12 - 2012-10-26 14:12 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E3294E14-7505-48D9-9099-A49C571B5A4F}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AD7BB653-A60B-4804-94DC-88529E75902B}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{68AFEB3C-9915-42AB-A50B-138F7F52521A}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{60DB4D33-040F-4ADE-A9DC-0822DB520C88}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A5D8F013-342C-4919-AD8D-353633A20B43}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{59CDE021-7F90-492E-B454-148FE4463D2B}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{304F0E7C-6096-4A32-93A9-94AC956C658D}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C30D7D0D-CF7B-42B3-A21D-C982C86A7CCD}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9BFF4CAC-8174-4470-A373-CD339082FF41}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{94439F2B-2103-4B9A-BF72-8C94E2E71536}
2012-10-26 14:11 - 2012-10-26 14:11 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3B2D7B9F-4567-4E56-99F5-3039FE3D2ADF}
2012-10-26 14:00 - 2012-10-26 14:00 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A345E98F-1B20-4B6D-9AA1-0F8A70FB2EFF}
2012-10-26 14:00 - 2012-10-26 14:00 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{84003147-9CA1-4662-9C07-5CE8748914E7}
2012-10-26 14:00 - 2012-10-26 14:00 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{61F5F5B5-F8E4-4432-9361-571D7F1E0C12}
2012-10-26 14:00 - 2012-10-26 14:00 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{54929FB6-17A0-4042-9968-85CF30932832}
2012-10-26 14:00 - 2012-10-26 14:00 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8CB39FCE-7D37-4064-928F-E1617706320F}
2012-10-26 12:40 - 2012-10-26 12:40 - 00034162 ____A C:\Users\Xandria\Desktop\awwwww.txt
2012-10-26 10:10 - 2012-10-26 10:10 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FDEC604C-0BC2-4FDB-9936-F73B8B5DFD36}
2012-10-26 10:10 - 2012-10-26 10:10 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0F66D1D2-0E8E-4DC2-9338-2C6DBFEFF650}
2012-10-26 10:10 - 2012-10-26 10:10 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5A4D2717-72D5-425B-8E92-A27EABCE8AD8}
2012-10-26 10:10 - 2012-10-26 10:10 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{22908E35-5B3C-46ED-82D1-DB74231B179D}
2012-10-26 06:13 - 2012-10-26 06:13 - 00018636 ____A C:\Users\Xandria\Downloads\[WhyNot] Robotics;Notes - 03 [4D7ACD13].mkv.torrent
2012-10-26 05:17 - 2012-10-26 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A089C81D-D794-4647-8412-FF0EF91F3F81}
2012-10-25 23:21 - 2012-10-25 23:21 - 00022116 ____A C:\Users\Xandria\Downloads\[HorribleSubs] K - 04 [720p].mkv.torrent
2012-10-25 14:04 - 2012-10-25 14:04 - 00044526 ____A C:\Users\Xandria\Downloads\[HorribleSubs] PSYCHO-PASS - 03 [720p].mkv.torrent
2012-10-25 14:04 - 2012-10-25 14:04 - 00019446 ____A C:\Users\Xandria\Downloads\[HorribleSubs] PSYCHO-PASS - 03 [480p].mkv.torrent
2012-10-25 13:55 - 2012-10-25 13:58 - 10185946 ____A C:\Users\Xandria\Downloads\The_Mirror_Lied-v2.zip
2012-10-25 07:21 - 2012-10-25 07:21 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5E2D4C4A-5AE4-4B04-BF30-BF10057FA029}
2012-10-25 01:45 - 2012-10-25 01:46 - 00000000 ____D C:\Users\Xandria\AppData\Local\{6093872F-2351-4B44-9259-326D50F3B566}
2012-10-25 00:51 - 2012-10-25 00:52 - 00000000 ____D C:\Users\Xandria\AppData\Local\{4A8F4A51-DBA9-4E70-A3E9-C849F31314F4}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9CA4BAF5-6F7A-441E-BA24-573CAB5C5A95}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{956BB835-6507-4D60-BCF0-4B78923CDDAD}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{47940947-93AC-4D36-AD82-A99762AD0251}
2012-10-24 05:41 - 2012-10-24 05:41 - 00002707 ____A C:\Users\Xandria\Desktop\ark.txt
2012-10-24 05:17 - 2012-10-24 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{08AD7C20-9EC4-4B1C-97C2-2A24C3C0B7A7}
2012-10-24 03:55 - 2012-10-24 03:55 - 00302592 ____A C:\Users\Xandria\Downloads\uwv81fbr.exe
2012-10-24 03:51 - 2012-10-24 03:53 - 00042891 ____A C:\Users\Xandria\Desktop\dds.txt
2012-10-24 03:51 - 2012-10-24 03:53 - 00013459 ____A C:\Users\Xandria\Desktop\attach.txt
2012-10-24 03:47 - 2012-10-24 03:48 - 00687724 ____R (Swearware) C:\Users\Xandria\Downloads\dds.com
2012-10-24 03:47 - 2012-10-24 03:47 - 00000476 ____A C:\Users\Xandria\Downloads\defogger_disable.log
2012-10-24 03:47 - 2012-10-24 03:47 - 00000000 ____A C:\Users\Xandria\defogger_reenable
2012-10-24 03:45 - 2012-10-24 03:45 - 00050477 ____A C:\Users\Xandria\Downloads\Defogger.exe
2012-10-23 19:59 - 2012-10-23 19:59 - 00000000 ____D C:\Users\Xandria\AppData\Local\{160D90F5-E1C7-454A-B285-6DDCAA6F4C1B}
2012-10-23 07:59 - 2012-10-23 07:59 - 00000000 ____D C:\Users\Xandria\AppData\Local\{8DC8892C-FE00-4FFF-AD21-D72829A6D778}
2012-10-23 07:20 - 2012-10-23 07:20 - 00000000 ____D C:\Windows\SysWOW64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{C7A058C6-76FC-49F4-B9A7-D81A72F7EB40}
2012-10-23 07:20 - 2012-10-23 07:20 - 00000000 ____D C:\Windows\SysWOW64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{2F849848-41FC-4776-B5A3-7C2D09884BB4}
2012-10-23 07:20 - 2012-10-23 07:20 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4EAB669D-C76E-4E93-88BC-618CCC976D19}
2012-10-23 05:17 - 2012-10-23 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CF0A30A2-4A6F-473E-A711-644C4139E5D1}
2012-10-23 05:07 - 2012-10-23 05:07 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D078B716-1EEA-47A5-BF98-97FE51E6253B}
2012-10-23 05:07 - 2012-10-23 05:07 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{62A71ACA-F2F9-41ED-8A97-0AC28DF6D4C1}
2012-10-23 05:07 - 2012-10-23 05:07 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F00FEC6E-812A-4618-98CE-364F7F5EF9AB}
2012-10-23 03:43 - 2012-10-23 08:09 - 05681477 ____A C:\Users\Xandria\Desktop\New Canvas.psd
2012-10-23 02:59 - 2012-10-23 03:42 - 11485184 ____A C:\Users\Xandria\Desktop\New Canvas.sai
2012-10-22 06:26 - 2012-10-22 06:26 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{01F47487-3F1F-4218-BC4A-616D502086D4}
2012-10-21 21:49 - 2012-10-21 21:49 - 00000000 ____D C:\Users\Xandria\AppData\Local\{35B203D1-8D5D-491A-B5BB-8CDE104E6AE5}
2012-10-21 05:17 - 2012-10-21 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CEB0AF27-A57C-4E8A-BCF9-99ADF7068311}
2012-10-20 05:17 - 2012-10-20 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{84CDAD96-DBE9-4AE4-A38D-F6B88BE0BE9D}
2012-10-19 05:17 - 2012-10-19 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6E78E079-FA74-4B4B-B989-64D4C5E42279}
2012-10-18 07:25 - 2012-10-18 07:25 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A36E4500-E53A-43E6-9283-7CC4A0FD8E34}
2012-10-18 00:25 - 2012-10-18 00:26 - 00000000 ____D C:\Users\Xandria\AppData\Local\{797F5A9B-3956-40A9-BFC7-9BEACF82CFFC}
2012-10-17 10:05 - 2012-10-17 10:05 - 00000000 ____D C:\Users\Xandria\AppData\Local\{B69CEEBE-F329-4AE7-BB74-1A2E1C9AB923}
2012-10-17 09:07 - 2012-10-17 09:07 - 00000739 ____A C:\Users\Xandria\AppData\Local\recently-used.xbel
2012-10-17 09:02 - 2012-10-17 09:08 - 00000132 ____A C:\Users\Xandria\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-10-17 09:02 - 2012-10-17 09:05 - 00000000 ____D C:\Users\Xandria\.gimp-2.8
2012-10-17 09:02 - 2012-10-17 09:02 - 00000000 ____D C:\Users\Xandria\AppData\Local\gegl-0.2
2012-10-17 08:59 - 2012-10-17 09:01 - 00000000 ____D C:\Program Files\GIMP 2
2012-10-17 07:14 - 2012-10-17 07:42 - 76880312 ____A (The GIMP Team ) C:\Users\Xandria\Downloads\gimp-2.8.2-setup-1.exe
2012-10-17 05:17 - 2012-10-17 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{70EC3873-6C1A-4845-B06B-6D997FFA1710}
2012-10-16 20:34 - 2012-10-16 20:34 - 00000000 ____D C:\Users\Xandria\AppData\Local\{85E7E10F-ED29-4CE7-B87B-AB3DD1B1F97E}
2012-10-16 05:17 - 2012-10-16 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CABC84F9-2B71-40C1-A21C-2400D3C02C7C}
2012-10-16 02:18 - 2012-10-16 02:18 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9CFFD8B4-94A1-4141-8270-63670FEFB069}
2012-10-16 02:18 - 2012-10-16 02:18 - 00000000 ____D C:\Users\Xandria\AppData\Local\{914F9972-0FD1-4C8E-9399-F9A56B419C48}
2012-10-15 21:42 - 2012-10-15 21:42 - 00000000 ____D C:\Users\Xandria\AppData\Local\{0E0FB649-AA98-4974-B200-CACD25AC5B93}
2012-10-14 05:17 - 2012-10-14 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0FBC04BF-438D-4FEB-8CF7-1B467A52195E}
2012-10-14 00:19 - 2012-10-14 00:19 - 00000000 ____D C:\Windows\SysWOW64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{4115F02C-2B83-438A-91EF-1A485F10F5CB}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F2E92716-72AC-4254-B0E2-05631ED53312}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6C555B18-4DA1-467B-A0F1-327CD3DA6952}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{C830432B-E5B9-4539-9EEB-5E6A0D212B2B}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{0C1E1E85-16E7-4CB2-B62C-FE628C5C09F6}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5AC1ED8D-791B-4371-B22C-C8FC25F517A0}
2012-10-14 00:09 - 2012-10-14 00:09 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0A07A98B-6E59-41C4-ACD0-BFF2F4855DDD}
2012-10-13 18:05 - 2012-10-13 18:05 - 00000000 ____D C:\Users\Xandria\AppData\Local\{C128467C-FFC6-4786-BA4A-621F3F437FF2}
2012-10-13 05:17 - 2012-10-13 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{711358FA-2E02-45A5-9365-A23E543B6B50}
2012-10-12 08:15 - 2012-10-12 08:15 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F3A660B2-0009-433A-AC6D-A92602E25177}
2012-10-12 08:15 - 2012-10-12 08:15 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{23AB8CC8-A8E5-4359-BD14-DF0B553A7C57}
2012-10-12 08:15 - 2012-10-12 08:15 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{811FC5FF-7D21-41ED-9985-F20CB217892C}
2012-10-12 07:45 - 2012-10-12 07:45 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{17362E56-C37B-4DFC-9399-37C38C6A5215}
2012-10-11 07:00 - 2012-10-11 07:00 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1787E268-A87F-421D-8397-BF41B50FECB2}
2012-10-10 05:17 - 2012-10-10 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{958B3EF8-95D4-4FCE-AC3C-A1C20FE9F503}
2012-10-10 03:41 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 03:41 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 03:41 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 03:41 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 03:41 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 03:41 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 03:41 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 03:41 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 03:41 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 03:41 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:41 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:40 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 03:40 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 03:40 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 03:40 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 03:40 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 03:40 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-10 03:39 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 03:39 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 03:34 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 03:23 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 03:23 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 03:23 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 03:14 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 03:14 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 03:14 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 03:14 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 05:17 - 2012-10-09 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E686BC8E-6423-4FB4-BE8D-206F673AB3CE}
2012-10-09 01:37 - 2012-10-09 01:37 - 00000000 ____D C:\Users\Xandria\AppData\Local\{67627D51-A302-48BE-B1A3-8A9AB3247FD0}
2012-10-09 01:31 - 2012-10-09 01:31 - 00000000 ____D C:\Users\Xandria\Documents\Bluetooth Exchange Folder
2012-10-09 01:29 - 2012-10-09 01:30 - 00442624 ____A C:\Windows\Minidump\100912-70153-01.dmp
2012-10-08 05:17 - 2012-10-08 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{94A1A8E1-0E2D-4E8A-B736-3D368BB42211}
2012-10-07 05:17 - 2012-10-07 05:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D8A7E58E-2324-48EB-8001-2B622F1CA53F}
2012-10-07 04:09 - 2012-10-07 04:09 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D4767EC7-AD6C-463A-AB58-1F8CE36D1500}
2012-10-07 04:09 - 2012-10-07 04:09 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3199A673-8B14-4C86-9389-3D5EE84CE054}
2012-10-07 04:09 - 2012-10-07 04:09 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C8AE636F-9758-4750-A5F7-61F73E1CBC84}
2012-10-07 00:34 - 2012-10-07 00:34 - 00000000 ____D C:\Users\Xandria\AppData\Local\{51D62E4B-491A-4BF3-9EF9-7BE4B32927F0}
2012-10-06 06:20 - 2012-10-06 06:20 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C66B01DE-872C-45F4-BD43-0495AE140C3A}
2012-10-05 04:17 - 2012-10-05 04:17 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{29295D22-82BB-4492-9F8B-F6D7CA97DF41}
2012-10-05 04:17 - 2012-10-05 04:17 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{227BDCF9-9E61-413F-B95C-7C331F424C6F}
2012-10-05 04:17 - 2012-10-05 04:17 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{69063076-DD80-4707-99F2-83E715A55AD0}
2012-10-05 03:32 - 2012-10-05 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C80A5FA7-833A-4C27-A0A1-8A0DF712B8B2}
2012-10-04 03:32 - 2012-10-04 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B4D2D4FD-18D4-42B8-9095-2A179A5E44BB}
2012-10-03 04:56 - 2012-10-03 04:56 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{39DA15DD-E3BE-4DDE-8119-96902EE99764}
2012-10-02 06:24 - 2012-10-02 06:24 - 00000000 ____D C:\Users\Xandria\AppData\Local\{05EEA5BF-81C7-4490-AA73-971D64FBB647}
2012-10-02 03:32 - 2012-10-02 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{66C0F9A4-26D1-45B0-94F5-33540B9DDED7}
2012-10-01 19:44 - 2012-10-01 19:44 - 00000000 ____D C:\Users\Xandria\AppData\Local\{DA33C3DF-DA4C-42B1-A722-C3D02B853E28}
2012-10-01 03:32 - 2012-10-01 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1ECF0E00-03FA-489F-A750-63F7C7DB135D}
2012-10-01 02:04 - 2012-10-01 02:04 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{66EC1BE4-35C6-4F87-92F1-236A21FFFA88}
2012-10-01 02:04 - 2012-10-01 02:04 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D0909487-E3B5-428E-B8B5-C3CDA804E767}
2012-10-01 02:04 - 2012-10-01 02:04 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4D696564-8141-4B13-BC3B-A5148DE19811}
2012-09-30 03:32 - 2012-09-30 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{251FC0E4-1668-4A6F-A34C-A441886B2B44}
2012-09-29 23:29 - 2012-09-29 23:32 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Xandria\Downloads\SkypeSetup.exe
2012-09-29 03:32 - 2012-09-29 03:32 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{585D2E86-3AE2-4A22-A4EE-BB658BC427B7}
2012-09-29 00:57 - 2012-09-29 00:57 - 00000000 ____D C:\Windows\SysWOW64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A3199C0B-B39B-4DC8-BA15-637F15D888AC}
2012-09-29 00:57 - 2012-09-29 00:57 - 00000000 ____D C:\Windows\SysWOW64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AC875824-7153-4B3C-AC4E-B01E1F84C945}
2012-09-29 00:57 - 2012-09-29 00:57 - 00000000 ____D C:\Windows\SysWOW64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5674CC84-BA87-45EC-ADE4-3DC11A5D8F51}

==================== 3 Months Modified Files ==================

2012-10-29 01:45 - 2011-04-03 03:08 - 01769006 ____A C:\Windows\WindowsUpdate.log
2012-10-29 01:42 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-29 00:47 - 2011-04-03 15:00 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2230148185-1491562442-893060922-1000UA.job
2012-10-29 00:47 - 2011-04-03 15:00 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2230148185-1491562442-893060922-1000Core.job
2012-10-28 14:49 - 2012-10-28 07:44 - 08388013 ____A C:\Users\Xandria\Desktop\yeah.psd
2012-10-28 14:24 - 2012-10-28 14:23 - 00019033 ____A C:\Users\Xandria\Downloads\[gg]_Magi_-_04_[5870AC0C].mkv.torrent
2012-10-28 11:14 - 2009-07-13 20:51 - 00214669 ____A C:\Windows\setupact.log
2012-10-28 01:02 - 2012-10-28 00:42 - 35760657 ____A C:\Users\Xandria\Downloads\[Uminonaka+foolishignis] Star Light.zip
2012-10-27 14:34 - 2012-10-27 14:34 - 00011991 ____A C:\Users\Xandria\Downloads\[HorribleSubs] Sword Art Online - 17 [480p].mkv.torrent
2012-10-26 12:40 - 2012-10-26 12:40 - 00034162 ____A C:\Users\Xandria\Desktop\awwwww.txt
2012-10-26 06:13 - 2012-10-26 06:13 - 00018636 ____A C:\Users\Xandria\Downloads\[WhyNot] Robotics;Notes - 03 [4D7ACD13].mkv.torrent
2012-10-25 23:21 - 2012-10-25 23:21 - 00022116 ____A C:\Users\Xandria\Downloads\[HorribleSubs] K - 04 [720p].mkv.torrent
2012-10-25 14:04 - 2012-10-25 14:04 - 00044526 ____A C:\Users\Xandria\Downloads\[HorribleSubs] PSYCHO-PASS - 03 [720p].mkv.torrent
2012-10-25 14:04 - 2012-10-25 14:04 - 00019446 ____A C:\Users\Xandria\Downloads\[HorribleSubs] PSYCHO-PASS - 03 [480p].mkv.torrent
2012-10-25 13:58 - 2012-10-25 13:55 - 10185946 ____A C:\Users\Xandria\Downloads\The_Mirror_Lied-v2.zip
2012-10-25 13:06 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-25 13:06 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 05:41 - 2012-10-24 05:41 - 00002707 ____A C:\Users\Xandria\Desktop\ark.txt
2012-10-24 03:55 - 2012-10-24 03:55 - 00302592 ____A C:\Users\Xandria\Downloads\uwv81fbr.exe
2012-10-24 03:53 - 2012-10-24 03:51 - 00042891 ____A C:\Users\Xandria\Desktop\dds.txt
2012-10-24 03:53 - 2012-10-24 03:51 - 00013459 ____A C:\Users\Xandria\Desktop\attach.txt
2012-10-24 03:48 - 2012-10-24 03:47 - 00687724 ____R (Swearware) C:\Users\Xandria\Downloads\dds.com
2012-10-24 03:47 - 2012-10-24 03:47 - 00000476 ____A C:\Users\Xandria\Downloads\defogger_disable.log
2012-10-24 03:47 - 2012-10-24 03:47 - 00000000 ____A C:\Users\Xandria\defogger_reenable
2012-10-24 03:45 - 2012-10-24 03:45 - 00050477 ____A C:\Users\Xandria\Downloads\Defogger.exe
2012-10-23 08:09 - 2012-10-23 03:43 - 05681477 ____A C:\Users\Xandria\Desktop\New Canvas.psd
2012-10-23 06:40 - 2012-06-23 23:58 - 00000132 ____A C:\Users\Xandria\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-10-23 03:42 - 2012-10-23 02:59 - 11485184 ____A C:\Users\Xandria\Desktop\New Canvas.sai
2012-10-21 21:40 - 2011-12-31 06:06 - 00000031 ____A C:\Windows\System32\bbcap.err
2012-10-21 21:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-21 21:40 - 2009-07-13 20:45 - 03709328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-21 09:41 - 2011-04-03 03:10 - 00132872 ____A C:\Users\Xandria\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-20 00:41 - 2012-08-15 09:37 - 00001456 ____A C:\Users\Xandria\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-10-17 09:08 - 2012-10-17 09:02 - 00000132 ____A C:\Users\Xandria\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-10-17 09:07 - 2012-10-17 09:07 - 00000739 ____A C:\Users\Xandria\AppData\Local\recently-used.xbel
2012-10-17 07:42 - 2012-10-17 07:14 - 76880312 ____A (The GIMP Team ) C:\Users\Xandria\Downloads\gimp-2.8.2-setup-1.exe
2012-10-10 09:42 - 2011-04-20 02:16 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 01:30 - 2012-10-09 01:29 - 00442624 ____A C:\Windows\Minidump\100912-70153-01.dmp
2012-10-09 01:29 - 2011-12-31 03:54 - 524616507 ____A C:\Windows\MEMORY.DMP
2012-10-06 06:12 - 2011-05-05 17:57 - 00250759 ____A C:\test.xml
2012-09-29 23:32 - 2012-09-29 23:29 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Xandria\Downloads\SkypeSetup.exe
2012-09-17 18:47 - 2012-09-17 18:47 - 00048736 ____A C:\Windows\System32\s000004.dat
2012-09-17 18:46 - 2011-07-24 17:03 - 00000408 ____A C:\Windows\System32\sstates.sdt
2012-09-17 18:46 - 2011-07-24 17:03 - 00000040 ____A C:\Windows\System32\sstate_prev.sdt
2012-09-16 19:13 - 2012-09-16 19:13 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-16 19:13 - 2012-09-16 19:13 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-16 19:13 - 2012-09-16 19:13 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-16 19:13 - 2012-09-16 19:13 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-16 19:13 - 2012-06-23 05:26 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-16 19:13 - 2011-02-24 18:58 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-15 08:47 - 2012-09-15 08:47 - 00702999 ____A C:\Users\Xandria\Downloads\Adobe Premier CS6-AMTLIB-64-bit.rar
2012-09-14 11:19 - 2012-10-10 03:14 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-10 03:14 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-02 13:17 - 2012-09-02 13:17 - 00291828 ____A C:\Windows\To the Moon Uninstaller.exe
2012-09-02 09:05 - 2012-09-02 07:31 - 77242757 ____A C:\Users\Xandria\Documents\To_the_Moon-1.1_installer.exe
2012-09-01 19:59 - 2012-09-01 19:45 - 20530576 ____A C:\Users\Xandria\Documents\whereami.zip
2012-08-31 10:19 - 2012-10-10 03:34 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 19:21 - 2011-02-24 19:39 - 00191276 ____A C:\Windows\PFRO.log
2012-08-30 10:03 - 2012-10-10 03:23 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-10 03:23 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-10 03:23 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-28 18:08 - 2012-08-28 18:06 - 00262144 ____A C:\Windows\Minidump\082912-30279-01.dmp
2012-08-24 10:05 - 2012-10-10 03:14 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:05 - 2012-09-21 23:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-21 23:50 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-21 23:50 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-21 23:50 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:03 - 2012-09-21 23:50 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:03 - 2012-09-21 23:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:03 - 2012-09-21 23:50 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-21 23:50 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:02 - 2012-09-21 23:50 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:02 - 2012-09-21 23:50 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 08:57 - 2012-10-10 03:14 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:57 - 2012-09-21 23:50 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:56 - 2012-09-21 23:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:56 - 2012-09-21 23:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:56 - 2012-09-21 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 08:56 - 2012-09-21 23:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 07:59 - 2012-09-21 23:50 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:20 - 2012-09-21 23:50 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 23:43 - 2012-08-23 23:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-23 06:05 - 2012-08-23 05:59 - 04990440 ____A C:\Users\Xandria\Downloads\Algebrator 4.2.rar
2012-08-22 10:12 - 2012-09-19 02:17 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-19 02:17 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-19 02:17 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 03:34 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-26 06:42 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-10 03:41 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-10 03:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-10 03:41 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-10 03:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-10 03:41 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-10 03:41 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-10 03:41 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-10 03:41 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-10 03:41 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-10 03:41 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-10 03:41 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-10 03:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-18 10:33 - 2012-08-18 10:17 - 06463660 ____A (Punk Software ) C:\Users\Xandria\Downloads\RocketDock-v1.3.5.exe
2012-08-10 16:56 - 2012-10-10 03:39 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-10 03:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 09:58 - 2012-09-19 02:17 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-19 02:17 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-21 22:06:14
Restore point made on: 2012-10-26 08:18:57

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4011.86 MB
Available physical RAM: 3230.12 MB
Total Pagefile: 4010.01 MB
Available Pagefile: 3294.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:286.36 GB) (Free:136.01 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:11.63 GB) (Free:1.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (XANDRIA) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 11 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G XANDRIA FAT32 Removable 3819 MB Healthy

=========================================================

Last Boot: 2012-10-25 14:59

==================== End Of Log =============================

Edited by Hibiya, 29 October 2012 - 06:07 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 30 October 2012 - 05:32 PM

It looks like AVG has righted itself. There are no other issues on the machine? FRST shows nothing.
Posted Image
m0le is a proud member of UNITE

#7 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 31 October 2012 - 04:43 AM

Nope. No other problems. Did a quick scan as well and nothing shows up.

Should I try to download malwarebytes again and see if the problem from before happens again?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 31 October 2012 - 06:55 PM

Yes, run an MBAM scan and an online scanner, ESET is good. Post both logs

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 02 November 2012 - 05:48 AM

Sorry this took a while. I decided not to do anything with any of the threats that mbam managed to pick up. Just tell me though and I'll immediately remove all of them.

Both logs should be attached.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 02 November 2012 - 08:26 PM

MBAM flags only a potentially unwanted program (PUP) called Blabbers. If you recognise it then fine, if not then rerun MBAM and delete them. ESET's is much more interesting because it finds normal files which are infected.

How has the machine been running?
Posted Image
m0le is a proud member of UNITE

#11 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 03 November 2012 - 02:32 AM

Chose to run mbam again and delete everything. Restarted computer. Surprisingly, it didn't end up with a black screen again. Everything was considerably slow on start up. After a few minutes though it returns to running like usual. Haven't encountered any other problems beyond than that.

My apologies if this ended up as nothing more than a wild goose chase.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 03 November 2012 - 04:23 PM

No apology necessary. It's always worth checking out unusual running.

If you're happy then we can call it a day

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Hibiya, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 Hibiya

Hibiya
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 04 November 2012 - 09:29 AM

Alright. Thanks a lot, m0le! Your help was very much appreciated.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:38 PM

Posted 07 November 2012 - 08:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users